OCPBUGS-76460, OCPBUGS-75921, MON-4513: Synchronize From Upstream Repositories#1237
OCPBUGS-76460, OCPBUGS-75921, MON-4513: Synchronize From Upstream Repositories#1237tmshort wants to merge 13 commits intoopenshift:mainfrom
Conversation
Upstream-repository: operator-lifecycle-manager Upstream-commit: 674bf3f3547e8d8b56c230c5f0df7b5e8be9a3bd
Signed-off-by: grokspawn <jordan@nimblewidget.com> Upstream-repository: operator-lifecycle-manager Upstream-commit: fe30afe2ef3d6b95804c2bdc1cfe0b0006ad1b07
Signed-off-by: Rashmi Gottipati <rgottipa@redhat.com> Upstream-repository: operator-lifecycle-manager Upstream-commit: 0e9d557ec6d9b7ededb96e95cfc11b08ae642cff
Replace hand-written model_name.go with generated zz_generated.model_name.go by adding +k8s:openapi-model-package marker to doc.go and running openapi-gen in update_codegen.sh. Update boilerplate.go.txt to remove Red Hat copyright. Assisted-By: Claude Signed-off-by: Todd Short <todd.short@me.com> Upstream-repository: operator-lifecycle-manager Upstream-commit: 68059b8f2c7bcb60ae54f59d256cb9d61c7d9c8e
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.49.0 to 0.50.0. - [Commits](golang/net@v0.49.0...v0.50.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.50.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Upstream-repository: operator-lifecycle-manager Upstream-commit: 0a96cb289ab11ed8a6cb02e72be3e52974c3a401
Bumps the k8s-dependencies group with 9 updates: | Package | From | To | | --- | --- | --- | | [k8s.io/api](https://github.com/kubernetes/api) | `0.35.0` | `0.35.1` | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.35.0` | `0.35.1` | | [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.35.0` | `0.35.1` | | [k8s.io/apiserver](https://github.com/kubernetes/apiserver) | `0.35.0` | `0.35.1` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.35.0` | `0.35.1` | | [k8s.io/code-generator](https://github.com/kubernetes/code-generator) | `0.35.0` | `0.35.1` | | [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.35.0` | `0.35.1` | | [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) | `0.35.0` | `0.35.1` | | [sigs.k8s.io/controller-tools](https://github.com/kubernetes-sigs/controller-tools) | `0.20.0` | `0.20.1` | Updates `k8s.io/api` from 0.35.0 to 0.35.1 - [Commits](kubernetes/api@v0.35.0...v0.35.1) Updates `k8s.io/apiextensions-apiserver` from 0.35.0 to 0.35.1 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.35.0...v0.35.1) Updates `k8s.io/apimachinery` from 0.35.0 to 0.35.1 - [Commits](kubernetes/apimachinery@v0.35.0...v0.35.1) Updates `k8s.io/apiserver` from 0.35.0 to 0.35.1 - [Commits](kubernetes/apiserver@v0.35.0...v0.35.1) Updates `k8s.io/client-go` from 0.35.0 to 0.35.1 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.35.0...v0.35.1) Updates `k8s.io/code-generator` from 0.35.0 to 0.35.1 - [Commits](kubernetes/code-generator@v0.35.0...v0.35.1) Updates `k8s.io/component-base` from 0.35.0 to 0.35.1 - [Commits](kubernetes/component-base@v0.35.0...v0.35.1) Updates `k8s.io/kube-aggregator` from 0.35.0 to 0.35.1 - [Commits](kubernetes/kube-aggregator@v0.35.0...v0.35.1) Updates `sigs.k8s.io/controller-tools` from 0.20.0 to 0.20.1 - [Release notes](https://github.com/kubernetes-sigs/controller-tools/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-tools/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-tools@v0.20.0...v0.20.1) --- updated-dependencies: - dependency-name: k8s.io/api dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: k8s.io/apiextensions-apiserver dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: k8s.io/apimachinery dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: k8s.io/apiserver dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: k8s.io/client-go dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: k8s.io/code-generator dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: k8s.io/component-base dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: k8s.io/kube-aggregator dependency-version: 0.35.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: sigs.k8s.io/controller-tools dependency-version: 0.20.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Upstream-repository: operator-lifecycle-manager Upstream-commit: 2194d2accd844b1bd53d3ca0dab95ac9bf42d7be
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.78.0 to 1.79.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.78.0...v1.79.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.79.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Upstream-repository: operator-lifecycle-manager Upstream-commit: c2010bbcac3928ee7c1e8cd3ffeceb9bb3ead0db
…al (#3766) * abandon evaluation of any new catalogsource image which pathologically restrts Signed-off-by: grokspawn <jordan@nimblewidget.com> * add CLBO container considerations to detection Signed-off-by: grokspawn <jordan@nimblewidget.com> --------- Signed-off-by: grokspawn <jordan@nimblewidget.com> Upstream-repository: operator-lifecycle-manager Upstream-commit: feecd01c492f7233c8b215d37b91d69193189bf1
* Add permissions on endpointslice to Prometheus Role * Use serviceDiscoveryRole: EndpointSlice in ServiceMonitors Signed-off-by: Todd Short <todd.short@me.com> Upstream-repository: operator-lifecycle-manager Upstream-commit: 12f8f48cc6ec5c3233cb71d1b026399d087109f7
…om API ports (#3770) * Update NetworkPolicy egress to follow API server best practices Signed-off-by: Rashmi Gottipati <rgottipa@redhat.com> * update NetworkPolicy helpers to use wildcare egress for kube-apiserver Signed-off-by: Rashmi Gottipati <rgottipa@redhat.com> * Add DNS egress rules with ports 53 and 5353 to NetworkPolicies Signed-off-by: Rashmi Gottipati <rgottipa@redhat.com> * add catalog GRPC port rules back Signed-off-by: Rashmi Gottipati <rgottipa@redhat.com> --------- Signed-off-by: Rashmi Gottipati <rgottipa@redhat.com> Upstream-repository: operator-lifecycle-manager Upstream-commit: 6124b659be2880faf63cf1db3d78ec7ae0c7ed80
|
@tmshort: GitHub didn't allow me to request PR reviews from the following users: openshift/openshift-team-operator-framework. Note that only openshift members and repo collaborators can review this PR, and authors cannot review their own PRs. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@tmshort: This pull request references Jira Issue OCPBUGS-76460, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: The bug has been updated to refer to the pull request using the external bug tracker. This pull request references Jira Issue OCPBUGS-75921, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: The bug has been updated to refer to the pull request using the external bug tracker. This pull request references MON-4513 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@tmshort: This pull request references Jira Issue OCPBUGS-76460, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: This pull request references Jira Issue OCPBUGS-75921, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: This pull request references MON-4513 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/lgtm |
Assuming |
|
/test e2e-aws-olmv0-ext |
|
/test e2e-upgrade |
|
/test e2e-gcp-console-olm |
|
/hold |
|
@tmshort: This pull request references Jira Issue OCPBUGS-76460, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: This pull request references Jira Issue OCPBUGS-75921, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: This pull request references MON-4513 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@tmshort: This pull request references Jira Issue OCPBUGS-76460, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: This pull request references Jira Issue OCPBUGS-75921, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: This pull request references MON-4513 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/label acknowledge-critical-fixes-only |
|
/unhold |
rashmigottipati
left a comment
There was a problem hiding this comment.
@tmshort I reviewed the NetworkPolicy changes and noticed that the DNS egress don't fully align with the updated guidance.
Current DNS egress in this PR:
- restricts the traffic to only the openshift-dns namespace
- and also specifically should wildcard allow all IPs with ports 53 and 5353, matching the approach in the operator-marketplace networkpolicy PR and the operator-lifecycle-manager networkpolicy PR
The files I looked at are:
- manifests/0000_50_olm_01-networkpolicies.yaml
- manifests/0000_50_olm_06-psm-operator.networkpolicy.yaml
- manifests/0000_50_olm_07-collect-profiles.networkpolicy.yaml
Can you update the PR to remove the namespace selector and use explicit ports 53/5353?
Remove the 6443 egress for "any". Update DNS rules to explicit ports, add port 5353, and remove selector. Signed-off-by: Todd Short <todd.short@me.com>
|
@tmshort: This pull request references Jira Issue OCPBUGS-76460, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: This pull request references Jira Issue OCPBUGS-75921, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: This pull request references MON-4513 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/test unit-olm |
Signed-off-by: Todd Short <todd.short@me.com>
|
/test e2e-aws-olmv0-ext |
|
/retest |
|
/retest-required |
|
Thanks for the quick action! After reviewing it, it looks good. and I am creating cluster to try it again. after it is ok on cluster, I will add verified. |
|
@kuiwang02 sounds good, thank you Kui. |
|
After I create the cluster with operator-framework/operator-marketplace#723 and #1237, I met the case failing. so, I make new case changed code 38458d1, please help move it to this PR. Thanks by the way, I have no more comment on operator-framework/operator-marketplace#723 and #1237, and I would like to let the two PRs into payload at same time to avoid the case failure. so, when job pass, we will add verified label together. |
|
@tmshort: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
@kuiwang02 this PR is now passing all tests. I see you closed your PR, since it was basically the same changes I made in here (the only difference being string vs. int, which doesn't seem to matter as Port can be either). Both just need to be verified, and we should be OK. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rashmigottipati, tmshort The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Fixes test issue in #1230 with two additional commits (a1e313a and 16791e3) to handle NetworkPolicy changes, otherwise, it should be identical to #1230
The staging/ and vendor/ directories have been synchronized from the upstream repositories, pulling in the following commits:
This pull request is expected to merge without any human intervention. If tests are failing here, changes must land upstream to fix any issues so that future downstreaming efforts succeed.
/cc @openshift/openshift-team-operator-framework