Closed kaovilai closed 3 months ago
/cherry-pick oadp-1.3
@kaovilai: once the present PR merges, I will cherry-pick it on top of oadp-1.3 in a new PR and assign it to you.
Thanks for jumping on this :)
Tested the PR on OCP 4.15 with cluster capability ImageRegistry
disabled:
shubham@fedora ~/oadp-operator - (master) $ velero get restores
NAME BACKUP STATUS STARTED COMPLETED ERRORS WARNINGS CREATED SELECTOR
testnsbackup-1-20240312132828 testnsbackup-1 Completed 2024-03-12 13:28:29 -0700 PDT 2024-03-12 13:28:30 -0700 PDT 0 5 2024-03-12 13:28:29 -0700 PDT <none>
shubham@fedora ~/oadp-operator - (master) $ oc get po -n test-new-ns-mapping-1
NAME READY STATUS RESTARTS AGE
sh 1/1 Running 0 2m4s
shubham@fedora ~/oadp-operator - (master) $ velero restore logs testnsbackup-1-20240312132828 | grep -i 'level=error'
shubham@fedora ~/oadp-operator - (master) $ oc version
Client Version: 4.14.7
Kustomize Version: v5.0.1
Server Version: 4.15.0
Kubernetes Version: v1.28.6+6216ea1
shubham@fedora ~/oadp-operator - (master) $ oc get deploy/velero -n openshift-adp | grep openshift-velero-plugin
shubham@fedora ~/oadp-operator - (master) $ oc get deploy/velero -n openshift-adp -oyaml | grep openshift-velero-plugin
- image: quay.io/spampatt/openshift-velero-plugins:fix-3598
name: openshift-velero-plugin
shubham@fedora ~/oadp-operator - (master) $
shubham@fedora ~/oadp-operator - (master) $ oc get clusterversion version -oyaml | grep -A 15 "enabledCapabilities"
enabledCapabilities:
- Build
- CSISnapshot
- CloudCredential
- Console
- DeploymentConfig
- Insights
- MachineAPI
- NodeTuning
- OperatorLifecycleManager
- Storage
- baremetal
- marketplace
- openshift-samples
knownCapabilities:
- Build
Looks like there are several now-unused funcs from earlier iterations of this that should probably be removed (around image registry capability and SA secrets). Also, I don't think we're currently checking OCP version -- we probably want to check this and only skip the waiting if are both missing image registry replicas and we're on 4.15 or later, since I suspect that these secrets still exist (and may still be required) in earlier OCP versions even if the registry is down.
@sseago added OCP version check and removed unused code, PTAL, Thanks !
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: kaovilai, sseago
The full list of commands accepted by this bot can be found here.
The pull request process is described here
/lgtm
@kaovilai: all tests passed!
Full PR test history. Your PR dashboard.
/unhold
/cherry-pick oadp-1.3
@shubham-pampattiwar: once the present PR merges, I will cherry-pick it on top of oadp-1.3 in a new PR and assign it to you.
@kaovilai: new pull request created: #235
What: we were waiting for secret when it may never appears How: ocp 4.14+ have ability to turn off imageregistry which can affect secret from appearing Fix: check if secret is needed using same code used to determine if secret will be created
Test method:
install oadp dpa with restic enabled for pod workload with ownerRefs (ie. Deployments) or lone pods for restic off. test workload ``` oc create ns test-new-ns oc run --image fedora --tty -n test-new-ns -i --attach=false --command sh ``` backup ``` velero backup create testnsbackup --include-namespaces=test-new-ns ``` restore ``` velero restore create --from-backup=testnsbackup --namespace-mappings=test-new-ns:test-new-ns-mapping ``` **With ImageRegistry capability disabled:**Install 4.15
[Prepare aws account](https://docs.openshift.com/container-platform/4.14/installing/installing_aws/installing-aws-account.html#:~:text=If%20you%20are%20using%20a,an%20example%20high%20level%20procedure.) Get openshift-install cli from console.redhat.com ``` ❯ openshift-install version openshift-install 4.15.0 built from commit e8c70b7db9e64cafa7fe3182c365257c3e53fbb6 release image quay.io/openshift-release-dev/ocp-release@sha256:0da6316466d60a3a4535d5fed3589feb0391989982fba59d47d4c729912d6363 release architecture amd64 ``` Create install config with [customizations](https://docs.openshift.com/container-platform/4.15/installing/installing_aws/installing-aws-customizations.html#installation-initializing_installing-aws-customizations) ``` ~/ocp-installer ❯ openshift-install create install-config --dir customized-install-dir ``` Adding the following to customized-install-dir/install-config.yaml We're adding [capabilities](https://docs.openshift.com/container-platform/4.15/installing/cluster-capabilities.html#:~:text=v4.15-,Specify%20this%20option%20when%20you%20want%20to%20enable%20the%20default%20capabilities,CSISnapshot%2C%20NodeTuning%2C%20ImageRegistry%2C%20Build%2C%20and%20DeploymentConfig.,-None) all except ImageRegistry ```yaml capabilities: baselineCapabilitySet: None additionalEnabledCapabilities: - baremetal - MachineAPI - marketplace - OperatorLifecycleManager - openshift-samples - Console - Insights - Storage - CSISnapshot - CloudCredential # added from error, not documented on docs.openshift.com for 4.15 bug: https://issues.redhat.com/browse/OCPBUGS-30610 - NodeTuning # - ImageRegistry - Build - DeploymentConfig ``` ``` unset SSH_AUTH_SOCK # potentially needed for macos issue https://github.com/openshift/installer/issues/2349#issuecomment-534690793 openshift-install create cluster --dir customized-install-dir-4 --log-level=info ``` monitor install logs in another terminal ``` tail -f customized-install-dir-3/.openshift_install.log ```Pre-requisites check
Checking [enabled capabilities](https://docs.openshift.com/container-platform/4.15//installing/cluster-capabilities.html#:~:text=The%20default%20capabilities%20in%20OpenShift%20Container%20Platform%204.15,Insights%2C%20Storage%2C%20CSISnapshot%2C%20NodeTuning%2C%20ImageRegistry%2C%20Build%2C%20and%20DeploymentConfig.) ``` ~/ocp-installer ❯ oc get clusterversion version -o yaml | yq .status.capabilities.enabledCapabilities | grep ImageRegistry