NE-1808: Bump controller to v2.8.2#139
NE-1808: Bump controller to v2.8.2#139openshift-merge-bot[bot] merged 1 commit intoopenshift:mainfrom
Conversation
|
@alebedev87: This pull request references NE-1807 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@alebedev87: This pull request references NE-1807 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@alebedev87: This pull request references NE-1808 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
82af5cc to
c801a1e
Compare
- Updated controller image to the latest version from downstream. - Re-generated operator bundle using `make bundle`, which also updated controller CRDs. - Synced IAM policy with the latest downstream version. - Re-generated managed IAM policy and credentials request using `make generate`. - Updated managed controller RBAC to include permissions for leases. - Note: Controller-runtime no longer supports ConfigMaps for leader election.
c801a1e to
0089375
Compare
|
/test e2e-aws-rosa-operator WAF ACL creation may conflict with other PRs. |
|
/test e2e-aws-proxy-operator |
|
/test e2e-aws-rosa-operator |
|
The e2e test passed but Addressed in openshift/release#59745. /test e2e-aws-rosa-operator |
|
/assign @gcs278 |
|
/retest |
| "elasticloadbalancing:DescribeTargetHealth", | ||
| "elasticloadbalancing:DescribeTags" | ||
| "elasticloadbalancing:DescribeTags", | ||
| "elasticloadbalancing:DescribeTrustStores" |
There was a problem hiding this comment.
Is updating the iam-policy automated at all, or do you just have to manually look at https://github.com/openshift/aws-load-balancer-controller/blob/d0c13bf1576965a3b65fc09ebce94ed9f86833a2/docs/install/iam_policy.json to see if anything changed and manually sync it?
Edit: I commented on the wrong file, I know there's iamctl to sync iam-policy within the ALBO repo, but just curious if the upstream change is manually synced to this repo, and if so, is that something that we could fix in the future?
There was a problem hiding this comment.
For now, the process is manual. Initially I planned to automate it in this PR and even created a dedicated hack file for that purpose. However, I noticed that the semantic difference can sometimes be much smaller than the byte-by-byte difference because certain statements might be reshuffled upstream.
In this particular case, the semantic change was limited to adding the elasticloadbalancing:DescribeTrustStores action for the mTLS support (which we don't support yet).
I couldn’t find a straightforward way to sort the upstream policy that would minimize the diff while avoiding the risk of losing statements. As a result, I decided to keep the process manual so that multiple people can validate the changes.
There was a problem hiding this comment.
Makes sense. If someone in the future missed a iam-policy update on a rebase, would you expect it to get caught by E2E tests? Or is it a solid "maybe"?
There was a problem hiding this comment.
Not as solid as I would like it to be. The e2e tests cover only the scenarios described in the docs. If IAM policy changes go beyond this - we may miss them.
|
Do you need to bump aws-load-balancer-operator/go.mod Line 25 in 2f421cd in the go.mod file? I see it's only used for |
Right, I do. Let me do it in #143 because it needs k8s.io |
|
/retest |
|
Thanks! |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: gcs278 The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/label px-approved The docs are enough for this feature. |
|
/label docs-approved |
|
tested it with 4.18.0-0.ci.test-2024-12-18-012548-ci-ln-h9xtjxb-latest |
|
/label qe-approved |
|
@alebedev87: This pull request references NE-1808 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/retest-required |
|
@alebedev87: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
make bundle, which also updated controller CRDs.make generate.Integrates openshift/aws-load-balancer-controller#23 into the operator.