From 6379e856acc090a990758909d11fdc0d27f56f7d Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 15 Aug 2024 04:11:58 +0000 Subject: [PATCH 1/4] update last_rebase.sh --- scripts/auto-rebase/last_rebase.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index d20191d8c3..d790655319 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.17.0-0.nightly-2024-08-09-031511" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.17.0-0.nightly-arm64-2024-08-13-025544" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.17.0-0.nightly-2024-08-13-031847" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.17.0-0.nightly-arm64-2024-08-13-025544" From 596309cd0d3fd8e9e3418c68b8881382451ddb58 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 15 Aug 2024 04:11:59 +0000 Subject: [PATCH 2/4] update changelog --- scripts/auto-rebase/changelog.txt | 36 +++++++++++++++++++++++++++++++ scripts/auto-rebase/commits.txt | 12 +++++------ 2 files changed, 42 insertions(+), 6 deletions(-) diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index e69de29bb2..e419d65e13 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -0,0 +1,36 @@ +- api embedded-component cbdcd0df43e80e4b31d1804e471828ed16fe06dc to d6942fb7294e5dea4c617bfcb26e5936dc267481 + - 6fbc08e 2024-08-06T14:48:19+02:00 MULTIARCH-4776: /MULTIARCH-4770: installer: promote MultiArchInstall FGs + - 748eeb7 2024-08-05T16:25:28+05:30 CFE-921: Enable GCPLabelsTags featureGate by default for GA + +- cluster-network-operator embedded-component d0ca3151c265f8c23fecdd82b9fc634e4a2c3756 to d035fdd12134b557fdce055ed29f87fcbf40fdbf + - 4e8a81d 2024-08-08T17:11:39+02:00 multus: Add openshift-cnv to globalNamespace + - 64ce003 2024-08-08T16:40:55+02:00 Change the masquerade subnet default value for new clusters + - 37c6518 2024-08-08T13:57:11+00:00 Deploy FRR-K8s + - df350de 2024-08-08T09:14:42+00:00 Bump github.com/openshift/api + +- machine-config-operator embedded-component 9c7a000be04738e98e4bae1709dad0b83af93113 to 801e9b6cf07f72e2ed8e504ec3c96c6c8d9a3e3f + - 7bfb4430 2024-08-11T13:31:02-04:00 Revert "Merge pull request #4518 from openshift-cherrypick-robot/cherry-pick-4437-to-release-4.17" + - 74f24da7 2024-08-09T14:16:05+00:00 templates/*: make crun as the default container runtime + - 1301f839 2024-08-07T14:07:54-04:00 kubeutils: Prevent empty patch calls to API server + - 13d84827 2024-08-07T10:57:38-04:00 crio: set min memory for crun + - 5f0a4be2 2024-08-06T08:56:58-04:00 add unit tests for kubeletConfig TLS profiles + - 8b0f3716 2024-08-06T08:56:58-04:00 make kubelet-config-controller react to APIServer + - 3b979e1d 2024-08-06T08:56:51-04:00 render kubelet config TLS config from APIServer + - 9b501d90 2024-07-30T14:07:15-04:00 refactors e2e tests to allow multiple namespaces + - 4437bd4b 2024-07-30T11:06:43-04:00 digestfile configmap should be labeled + - 781f7af2 2024-07-30T11:05:27-04:00 clean up label constants and use label selectors + - 588f6224 2024-07-30T11:05:27-04:00 cleans up and removes unneeded e2e tests + - 43bbce71 2024-07-30T11:05:26-04:00 lifecycle buildah with the MCO + - ff5fadce 2024-07-30T11:05:26-04:00 centralizes image configmap parsing + +- operator-framework-olm embedded-component 38181182174edf751226e1f5b988afd6baa373e4 to a3a385e87bb828693ff383a383b3e33f3d575d79 + - 7ba383f7 2024-08-09T00:03:14+00:00 Update owners (#3361) + +- oc image-amd64 535bf8e3ba0965d64070bd6109bb5de332f670b3 to 51ca91a2e3bc21e8d3c6b1850fd1088a1d002ecf + - 20b82440 2024-08-07T22:53:29-04:00 Make MacAddress mandatory until installer validations are updated + - 2f7dc5fd 2024-08-07T22:45:52-04:00 Make MacAddress flag optional, add test for createConfigFileFromFlags + - 28c2836f 2024-07-31T05:54:29-04:00 added flags to support simper single node interface + +- router image-amd64 a7313722c6e0541fcc00e92c459dd5d32a4a1534 to a33f2b6ad04f8c39b95c1839340f0e38b5c0662a + - 1c32ae6 2024-08-07T10:01:37-04:00 Bump k8s.io/* packages to v0.30.3 + diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index eb6dee4be6..c26a1c8d3a 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -1,27 +1,27 @@ -https://github.com/openshift/api embedded-component cbdcd0df43e80e4b31d1804e471828ed16fe06dc +https://github.com/openshift/api embedded-component d6942fb7294e5dea4c617bfcb26e5936dc267481 https://github.com/openshift/cluster-csi-snapshot-controller-operator embedded-component ffba005bf839897b173cb76d0bb561dcf9c7215c https://github.com/openshift/cluster-dns-operator embedded-component 54eea5bb02911cdf0c7fb6dbb80366eb5a923ea7 https://github.com/openshift/cluster-ingress-operator embedded-component 7cf86c7c749fa62b9cffd9a62275e33a4083985e https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 0ecdda58434784dc1973a6f0d17a02cbbe2340d3 https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component 0a9ed573e35751455bfb24842fd2de0b05379ed0 https://github.com/openshift/cluster-kube-scheduler-operator embedded-component 98ca953ba6955401023e219f37e0af49879355d2 -https://github.com/openshift/cluster-network-operator embedded-component d0ca3151c265f8c23fecdd82b9fc634e4a2c3756 +https://github.com/openshift/cluster-network-operator embedded-component d035fdd12134b557fdce055ed29f87fcbf40fdbf https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 2b962c71d5b3ac179898dc1ece6a98de0b33cd70 https://github.com/openshift/cluster-policy-controller embedded-component c502ece1b8bdccdbc58a327520685d9a1d2f59cf https://github.com/openshift/csi-external-snapshotter embedded-component aa558ca4bc55238e1909119f94eaf33872a76dec https://github.com/openshift/etcd embedded-component 1fb3165305efc8d986344b555b22592e6e6c1786 https://github.com/openshift/kubernetes embedded-component 43740e9179f50acbf24f0c597f78fa9abd121c96 https://github.com/openshift/kubernetes-kube-storage-version-migrator embedded-component 34fafc04e5f2872e282617da31175a7e091ffdb2 -https://github.com/openshift/machine-config-operator embedded-component 9c7a000be04738e98e4bae1709dad0b83af93113 +https://github.com/openshift/machine-config-operator embedded-component 801e9b6cf07f72e2ed8e504ec3c96c6c8d9a3e3f https://github.com/openshift/openshift-controller-manager embedded-component aabcbc2cf5d944f64e6ebdbc4e0ce7f1b95bd127 -https://github.com/openshift/operator-framework-olm embedded-component 38181182174edf751226e1f5b988afd6baa373e4 +https://github.com/openshift/operator-framework-olm embedded-component a3a385e87bb828693ff383a383b3e33f3d575d79 https://github.com/openshift/route-controller-manager embedded-component a47f6be3676d3eabb864ca339584fe857e1076c5 https://github.com/openshift/service-ca-operator embedded-component 1f7d6472fea332fc307d9c8911f8c3cf57347755 -https://github.com/openshift/oc image-amd64 535bf8e3ba0965d64070bd6109bb5de332f670b3 +https://github.com/openshift/oc image-amd64 51ca91a2e3bc21e8d3c6b1850fd1088a1d002ecf https://github.com/openshift/coredns image-amd64 d3b441c150ccbcc0d9ebf03b8c39a730b830ddb1 https://github.com/openshift/csi-external-snapshotter image-amd64 aa558ca4bc55238e1909119f94eaf33872a76dec https://github.com/openshift/csi-external-snapshotter image-amd64 aa558ca4bc55238e1909119f94eaf33872a76dec -https://github.com/openshift/router image-amd64 a7313722c6e0541fcc00e92c459dd5d32a4a1534 +https://github.com/openshift/router image-amd64 a33f2b6ad04f8c39b95c1839340f0e38b5c0662a https://github.com/openshift/kube-rbac-proxy image-amd64 8ea2c994df4296ec161023d8ff85f9ea0e383216 https://github.com/openshift/ovn-kubernetes image-amd64 190304949659af8efca11d173682a373dac97792 https://github.com/openshift/kubernetes image-amd64 43740e9179f50acbf24f0c597f78fa9abd121c96 From ad90af9fc0066ef593008e05c6bee2c816db7cda Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 15 Aug 2024 04:12:29 +0000 Subject: [PATCH 3/4] update component images --- packaging/crio.conf.d/10-microshift_amd64.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/crio.conf.d/10-microshift_amd64.conf b/packaging/crio.conf.d/10-microshift_amd64.conf index 34192397ea..0b76959425 100644 --- a/packaging/crio.conf.d/10-microshift_amd64.conf +++ b/packaging/crio.conf.d/10-microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:13e890f8679773305aa8e09af3e0c2f56f51a350e43fc8825720e65b09a3dc69" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:aa185424a8a9d420ac9a09bdd8f4b0137367924febdb65e716f7c18ffd08be34" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" From ef15142eec0d765eca1e51176f252a13aa63e87d Mon Sep 17 00:00:00 2001 From: ci-robot Date: Thu, 15 Aug 2024 04:12:32 +0000 Subject: [PATCH 4/4] rebase.sh failure artifacts --- .../05_operand_rbac.yaml | 17 +- .../csi_controller_deployment.yaml | 40 +- .../serviceaccount.yaml | 2 +- .../webhook_config.yaml | 6 +- .../webhook_deployment.yaml | 82 +- .../webhook_service.yaml | 8 +- .../webhook_serviceaccount.yaml | 2 +- .../openshift-dns/dns/daemonset.yaml | 159 ++-- .../components/openshift-dns/dns/service.yaml | 35 +- .../node-resolver/daemonset.yaml | 140 ---- .../openshift-router/deployment.yaml | 126 +-- .../openshift-router/service-cloud.yaml | 21 +- .../openshift-router/service-internal.yaml | 33 +- assets/components/service-ca/deployment.yaml | 73 +- assets/components/service-ca/ns.yaml | 2 + .../kube-apiserver/defaultconfig.yaml | 30 +- .../defaultconfig.yaml | 46 +- assets/core/kubelet.yaml | 47 +- ...tor_01_securitycontextconstraints.crd.yaml | 590 ++++++++------ .../0000_50_olm_00-namespace.yaml | 15 - ...000_50_olm_07-olm-operator.deployment.yaml | 2 +- ...50_olm_08-catalog-operator.deployment.yaml | 8 +- .../kustomization.aarch64.yaml | 27 - .../kustomization.x86_64.yaml | 27 - .../release-olm-aarch64.json | 10 - .../release-olm-x86_64.json | 10 - assets/release/release-x86_64.json | 20 +- rebase_sh.log | 757 ++++++++++++++++++ 28 files changed, 1430 insertions(+), 905 deletions(-) delete mode 100644 assets/components/openshift-dns/node-resolver/daemonset.yaml delete mode 100644 assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml delete mode 100644 assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml delete mode 100644 assets/optional/operator-lifecycle-manager/release-olm-aarch64.json delete mode 100644 assets/optional/operator-lifecycle-manager/release-olm-x86_64.json create mode 100644 rebase_sh.log diff --git a/assets/components/csi-snapshot-controller/05_operand_rbac.yaml b/assets/components/csi-snapshot-controller/05_operand_rbac.yaml index 8dc7de8c1f..b3fe5665bc 100644 --- a/assets/components/csi-snapshot-controller/05_operand_rbac.yaml +++ b/assets/components/csi-snapshot-controller/05_operand_rbac.yaml @@ -51,6 +51,7 @@ rules: - apiGroups: ["groupsnapshot.storage.k8s.io"] resources: ["volumegroupsnapshots/status"] verbs: ["update", "patch"] + --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -65,16 +66,17 @@ metadata: subjects: - kind: ServiceAccount name: csi-snapshot-controller - namespace: kube-system + namespace: openshift-cluster-storage-operator roleRef: kind: ClusterRole name: openshift-csi-snapshot-controller-runner apiGroup: rbac.authorization.k8s.io + --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - namespace: kube-system + namespace: openshift-cluster-storage-operator name: csi-snapshot-controller-leaderelection annotations: include.release.openshift.io/hypershift: "true" @@ -83,15 +85,16 @@ metadata: include.release.openshift.io/single-node-developer: "true" capability.openshift.io/name: CSISnapshot rules: - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-snapshot-controller-leaderelection - namespace: kube-system + namespace: openshift-cluster-storage-operator annotations: include.release.openshift.io/hypershift: "true" include.release.openshift.io/ibm-cloud-managed: "true" @@ -101,7 +104,7 @@ metadata: subjects: - kind: ServiceAccount name: csi-snapshot-controller - namespace: kube-system + namespace: openshift-cluster-storage-operator roleRef: kind: Role name: csi-snapshot-controller-leaderelection diff --git a/assets/components/csi-snapshot-controller/csi_controller_deployment.yaml b/assets/components/csi-snapshot-controller/csi_controller_deployment.yaml index 6455c44360..565b758456 100644 --- a/assets/components/csi-snapshot-controller/csi_controller_deployment.yaml +++ b/assets/components/csi-snapshot-controller/csi_controller_deployment.yaml @@ -2,7 +2,7 @@ kind: Deployment apiVersion: apps/v1 metadata: name: csi-snapshot-controller - namespace: kube-system + namespace: ${CONTROLPLANE_NAMESPACE} spec: serviceName: "csi-snapshot-controller" # Replicas for HyperShift. On standalone OCP it will be adjusted according to nr. of master nodes. @@ -36,11 +36,18 @@ spec: capabilities: drop: - ALL - runAsUser: 65534 - image: '{{ .ReleaseImage.csi_snapshot_controller }}' + image: ${OPERAND_IMAGE} args: - - --v=2 - - --leader-election=false + - "--v=${LOG_LEVEL}" + - "--leader-election=true" + # Leader election values are from + # https://github.com/openshift/library-go/blob/master/pkg/config/leaderelection/leaderelection.go + - "--leader-election-lease-duration=137s" + - "--leader-election-renew-deadline=107s" + - "--leader-election-retry-period=26s" + # Force the namespace name for HyperShift + - "--leader-election-namespace=openshift-cluster-storage-operator" + # guest --kubeconfig= will be injected by the operator when running on HyperShift imagePullPolicy: IfNotPresent resources: requests: @@ -58,18 +65,19 @@ spec: matchLabels: app: csi-snapshot-controller topologyKey: kubernetes.io/hostname + priorityClassName: ${PRIORITY_CLASS} nodeSelector: node-role.kubernetes.io/master: "" tolerations: - - key: "node.kubernetes.io/unreachable" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 120 - - key: "node.kubernetes.io/not-ready" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 120 - - key: node-role.kubernetes.io/master - operator: Exists - effect: "NoSchedule" + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 120 + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 120 + - key: node-role.kubernetes.io/master + operator: Exists + effect: "NoSchedule" # volume with guest Kubeconfig will be added by the operator diff --git a/assets/components/csi-snapshot-controller/serviceaccount.yaml b/assets/components/csi-snapshot-controller/serviceaccount.yaml index 6de8066162..aaa64ce0ce 100644 --- a/assets/components/csi-snapshot-controller/serviceaccount.yaml +++ b/assets/components/csi-snapshot-controller/serviceaccount.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: csi-snapshot-controller - namespace: kube-system + namespace: ${CONTROLPLANE_NAMESPACE} diff --git a/assets/components/csi-snapshot-controller/webhook_config.yaml b/assets/components/csi-snapshot-controller/webhook_config.yaml index 6c4f539985..21493981ee 100644 --- a/assets/components/csi-snapshot-controller/webhook_config.yaml +++ b/assets/components/csi-snapshot-controller/webhook_config.yaml @@ -13,10 +13,10 @@ webhooks: clientConfig: service: name: csi-snapshot-webhook - namespace: kube-system + namespace: openshift-cluster-storage-operator path: /volumesnapshot rules: - - operations: ["CREATE", "UPDATE"] + - operations: [ "CREATE", "UPDATE" ] apiGroups: ["snapshot.storage.k8s.io"] apiVersions: ["v1beta1", "v1"] resources: ["volumesnapshotclasses"] @@ -32,7 +32,7 @@ webhooks: namespace: openshift-cluster-storage-operator path: /volumegroupsnapshot rules: - - operations: ["CREATE", "UPDATE"] + - operations: [ "CREATE", "UPDATE" ] apiGroups: ["groupsnapshot.storage.k8s.io"] apiVersions: ["v1alpha1"] resources: ["volumegroupsnapshotclasses"] diff --git a/assets/components/csi-snapshot-controller/webhook_deployment.yaml b/assets/components/csi-snapshot-controller/webhook_deployment.yaml index 1ac61c9022..022e0bb7a5 100644 --- a/assets/components/csi-snapshot-controller/webhook_deployment.yaml +++ b/assets/components/csi-snapshot-controller/webhook_deployment.yaml @@ -2,7 +2,7 @@ kind: Deployment apiVersion: apps/v1 metadata: name: csi-snapshot-webhook - namespace: kube-system + namespace: ${CONTROLPLANE_NAMESPACE} spec: serviceName: "csi-snapshot-webhook" selector: @@ -23,32 +23,31 @@ spec: spec: serviceAccount: csi-snapshot-webhook containers: - - name: webhook - image: '{{ .ReleaseImage.csi_snapshot_validation_webhook }}' - args: - - --tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt - - --tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key - - "--v=2" - - --port=8443 - ports: - - containerPort: 8443 - volumeMounts: - - name: certs - mountPath: /etc/snapshot-validation-webhook/certs - readOnly: true - optional: true - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 20Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsUser: 65534 - terminationMessagePolicy: FallbackToLogsOnError + - name: webhook + image: ${OPERAND_IMAGE} + args: + - --tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt + - --tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key + - "--v=${LOG_LEVEL}" + - --port=8443 + ports: + - containerPort: 8443 + volumeMounts: + - name: certs + mountPath: /etc/snapshot-validation-webhook/certs + readOnly: true + optional: true + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 10m + memory: 20Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + terminationMessagePolicy: FallbackToLogsOnError affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -58,6 +57,7 @@ spec: matchLabels: app: csi-snapshot-webhook topologyKey: kubernetes.io/hostname + priorityClassName: ${PRIORITY_CLASS} restartPolicy: Always securityContext: runAsNonRoot: true @@ -66,18 +66,18 @@ spec: nodeSelector: node-role.kubernetes.io/master: "" volumes: - - name: certs - secret: - secretName: csi-snapshot-webhook-secret + - name: certs + secret: + secretName: csi-snapshot-webhook-secret tolerations: - - key: "node.kubernetes.io/unreachable" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 120 - - key: "node.kubernetes.io/not-ready" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 120 - - key: node-role.kubernetes.io/master - operator: Exists - effect: "NoSchedule" + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 120 + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 120 + - key: node-role.kubernetes.io/master + operator: Exists + effect: "NoSchedule" diff --git a/assets/components/csi-snapshot-controller/webhook_service.yaml b/assets/components/csi-snapshot-controller/webhook_service.yaml index ddd576182d..57b0d2f82f 100644 --- a/assets/components/csi-snapshot-controller/webhook_service.yaml +++ b/assets/components/csi-snapshot-controller/webhook_service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: csi-snapshot-webhook - namespace: kube-system + namespace: ${CONTROLPLANE_NAMESPACE} labels: app: csi-snapshot-webhook hypershift.openshift.io/allow-guest-webhooks: "true" @@ -11,8 +11,8 @@ metadata: capability.openshift.io/name: CSISnapshot spec: ports: - - name: webhook - port: 443 - targetPort: 8443 + - name: webhook + port: 443 + targetPort: 8443 selector: app: csi-snapshot-webhook diff --git a/assets/components/csi-snapshot-controller/webhook_serviceaccount.yaml b/assets/components/csi-snapshot-controller/webhook_serviceaccount.yaml index 3d56d25c29..d831850a1f 100644 --- a/assets/components/csi-snapshot-controller/webhook_serviceaccount.yaml +++ b/assets/components/csi-snapshot-controller/webhook_serviceaccount.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: csi-snapshot-webhook - namespace: kube-system + namespace: ${CONTROLPLANE_NAMESPACE} diff --git a/assets/components/openshift-dns/dns/daemonset.yaml b/assets/components/openshift-dns/dns/daemonset.yaml index d6b720767b..ad71b08ce7 100644 --- a/assets/components/openshift-dns/dns/daemonset.yaml +++ b/assets/components/openshift-dns/dns/daemonset.yaml @@ -1,5 +1,6 @@ kind: DaemonSet apiVersion: apps/v1 +# name, namespace and labels are set at runtime spec: # minReadySeconds should be 3x the readiness probe's polling interval (i.e. periodSeconds). minReadySeconds: 9 @@ -7,91 +8,83 @@ spec: metadata: annotations: target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' - labels: - dns.operator.openshift.io/daemonset-dns: default spec: serviceAccountName: dns priorityClassName: system-node-critical containers: - - name: dns - imagePullPolicy: IfNotPresent - terminationMessagePolicy: FallbackToLogsOnError - command: ["coredns"] - args: ["-conf", "/etc/coredns/Corefile"] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - readOnly: true - ports: - - containerPort: 5353 - name: dns - protocol: UDP - - containerPort: 5353 - name: dns-tcp - protocol: TCP - readinessProbe: - httpGet: - path: /ready - port: 8181 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 3 # Update the daemonset's spec.minReadySeconds above if you change this value! - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 3 - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: - requests: - cpu: 50m - memory: 70Mi - image: '{{ .ReleaseImage.coredns }}' - - name: kube-rbac-proxy - args: - - --logtostderr - - --secure-listen-address=:9154 - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - - --upstream=http://127.0.0.1:9153/ - - --tls-cert-file=/etc/tls/private/tls.crt - - --tls-private-key-file=/etc/tls/private/tls.key - ports: - - containerPort: 9154 - name: metrics - resources: - requests: - cpu: 10m - memory: 40Mi - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/private - name: metrics-tls - readOnly: true - image: '{{ .ReleaseImage.kube_rbac_proxy }}' - imagePullPolicy: IfNotPresent + - name: dns + # image is set at runtime + imagePullPolicy: IfNotPresent + terminationMessagePolicy: FallbackToLogsOnError + command: [ "coredns" ] + args: [ "-conf", "/etc/coredns/Corefile" ] + volumeMounts: + - name: config-volume + mountPath: /etc/coredns + readOnly: true + ports: + - containerPort: 5353 + name: dns + protocol: UDP + - containerPort: 5353 + name: dns-tcp + protocol: TCP + readinessProbe: + httpGet: + path: /ready + port: 8181 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 # Update the daemonset's spec.minReadySeconds above if you change this value! + successThreshold: 1 + failureThreshold: 3 + timeoutSeconds: 3 + livenessProbe: + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + resources: + requests: + cpu: 50m + memory: 70Mi + - name: kube-rbac-proxy + # image is set at runtime + args: + - --logtostderr + - --secure-listen-address=:9154 + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + - --upstream=http://127.0.0.1:9153/ + - --tls-cert-file=/etc/tls/private/tls.crt + - --tls-private-key-file=/etc/tls/private/tls.key + ports: + - containerPort: 9154 + name: metrics + resources: + requests: + cpu: 10m + memory: 40Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: metrics-tls + readOnly: true dnsPolicy: Default + # nodeSelector is set at runtime. volumes: - - name: config-volume - configMap: - items: - - key: Corefile - path: Corefile - name: dns-default - - name: metrics-tls - secret: - defaultMode: 420 - secretName: dns-default-metrics-tls - nodeSelector: - kubernetes.io/os: linux - tolerations: - - key: node-role.kubernetes.io/master - operator: Exists + - name: config-volume + configMap: + # Name is set at runtime + items: + - key: Corefile + path: Corefile + - name: metrics-tls + # secretName is set at runtime + # tolerations is set at runtime. updateStrategy: type: RollingUpdate rollingUpdate: @@ -103,11 +96,3 @@ spec: maxSurge: 10% # maxUnavailable must be zero when maxSurge is nonzero. maxUnavailable: 0 - selector: - matchLabels: - dns.operator.openshift.io/daemonset-dns: default -metadata: - name: dns-default - namespace: openshift-dns - labels: - dns.operator.openshift.io/owning-dns: default diff --git a/assets/components/openshift-dns/dns/service.yaml b/assets/components/openshift-dns/dns/service.yaml index 3849d98bce..0dca87150b 100644 --- a/assets/components/openshift-dns/dns/service.yaml +++ b/assets/components/openshift-dns/dns/service.yaml @@ -1,24 +1,19 @@ kind: Service apiVersion: v1 +# name, namespace,labels and annotations are set at runtime spec: + # clusterIP will be automatically managed. + # selector is set at runtime ports: - - name: dns - port: 53 - targetPort: dns - protocol: UDP - - name: dns-tcp - port: 53 - targetPort: dns-tcp - protocol: TCP - - name: metrics - port: 9154 - targetPort: metrics - protocol: TCP - clusterIP: '{{.ClusterIP}}' - selector: - dns.operator.openshift.io/daemonset-dns: default -metadata: - annotations: - service.beta.openshift.io/serving-cert-secret-name: dns-default-metrics-tls - name: dns-default - namespace: openshift-dns + - name: dns + port: 53 + targetPort: dns + protocol: UDP + - name: dns-tcp + port: 53 + targetPort: dns-tcp + protocol: TCP + - name: metrics + port: 9154 + targetPort: metrics + protocol: TCP diff --git a/assets/components/openshift-dns/node-resolver/daemonset.yaml b/assets/components/openshift-dns/node-resolver/daemonset.yaml deleted file mode 100644 index 6d8a5fbf32..0000000000 --- a/assets/components/openshift-dns/node-resolver/daemonset.yaml +++ /dev/null @@ -1,140 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: node-resolver - namespace: openshift-dns -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - dns.operator.openshift.io/daemonset-node-resolver: "" - template: - metadata: - annotations: - target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' - labels: - dns.operator.openshift.io/daemonset-node-resolver: "" - spec: - containers: - - command: - - /bin/bash - - -c - - | - #!/bin/bash - set -uo pipefail - - trap 'jobs -p | xargs kill || true; wait; exit 0' TERM - - NAMESERVER=${DNS_DEFAULT_SERVICE_HOST} - OPENSHIFT_MARKER="openshift-generated-node-resolver" - HOSTS_FILE="/etc/hosts" - TEMP_FILE="/etc/hosts.tmp" - - IFS=', ' read -r -a services <<< "${SERVICES}" - - # Make a temporary file with the old hosts file's attributes. - if ! cp -f --attributes-only "${HOSTS_FILE}" "${TEMP_FILE}"; then - echo "Failed to preserve hosts file. Exiting." - exit 1 - fi - - while true; do - declare -A svc_ips - for svc in "${services[@]}"; do - # Fetch service IP from cluster dns if present. We make several tries - # to do it: IPv4, IPv6, IPv4 over TCP and IPv6 over TCP. The two last ones - # are for deployments with Kuryr on older OpenStack (OSP13) - those do not - # support UDP loadbalancers and require reaching DNS through TCP. - cmds=('dig -t A @"${NAMESERVER}" +short "${svc}.${CLUSTER_DOMAIN}"|grep -v "^;"' - 'dig -t AAAA @"${NAMESERVER}" +short "${svc}.${CLUSTER_DOMAIN}"|grep -v "^;"' - 'dig -t A +tcp +retry=0 @"${NAMESERVER}" +short "${svc}.${CLUSTER_DOMAIN}"|grep -v "^;"' - 'dig -t AAAA +tcp +retry=0 @"${NAMESERVER}" +short "${svc}.${CLUSTER_DOMAIN}"|grep -v "^;"') - for i in ${!cmds[*]} - do - ips=($(eval "${cmds[i]}")) - if [[ "$?" -eq 0 && "${#ips[@]}" -ne 0 ]]; then - svc_ips["${svc}"]="${ips[@]}" - break - fi - done - done - - # Update /etc/hosts only if we get valid service IPs - # We will not update /etc/hosts when there is coredns service outage or api unavailability - # Stale entries could exist in /etc/hosts if the service is deleted - if [[ -n "${svc_ips[*]-}" ]]; then - # Build a new hosts file from /etc/hosts with our custom entries filtered out - if ! sed --silent "/# ${OPENSHIFT_MARKER}/d; w ${TEMP_FILE}" "${HOSTS_FILE}"; then - # Only continue rebuilding the hosts entries if its original content is preserved - sleep 60 & wait - continue - fi - - # Append resolver entries for services - rc=0 - for svc in "${!svc_ips[@]}"; do - for ip in ${svc_ips[${svc}]}; do - echo "${ip} ${svc} ${svc}.${CLUSTER_DOMAIN} # ${OPENSHIFT_MARKER}" >> "${TEMP_FILE}" || rc=$? - done - done - if [[ $rc -ne 0 ]]; then - sleep 60 & wait - continue - fi - - - # TODO: Update /etc/hosts atomically to avoid any inconsistent behavior - # Replace /etc/hosts with our modified version if needed - cmp "${TEMP_FILE}" "${HOSTS_FILE}" || cp -f "${TEMP_FILE}" "${HOSTS_FILE}" - # TEMP_FILE is not removed to avoid file create/delete and attributes copy churn - fi - sleep 60 & wait - unset svc_ips - done - env: - - name: SERVICES - # Comma or space separated list of services - # NOTE: For now, ensure these are relative names; for each relative name, - # an alias with the CLUSTER_DOMAIN suffix will also be added. - value: "image-registry.openshift-image-registry.svc" - - name: NAMESERVER - value: 172.30.0.10 - - name: CLUSTER_DOMAIN - value: cluster.local - image: {{ .ReleaseImage.cli }} - imagePullPolicy: IfNotPresent - name: dns-node-resolver - resources: - requests: - cpu: 5m - memory: 21Mi - securityContext: - privileged: true - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/hosts - name: hosts-file - dnsPolicy: ClusterFirst - hostNetwork: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: node-resolver - serviceAccountName: node-resolver - terminationGracePeriodSeconds: 30 - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /etc/hosts - type: File - name: hosts-file - updateStrategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 33% - type: RollingUpdate diff --git a/assets/components/openshift-router/deployment.yaml b/assets/components/openshift-router/deployment.yaml index 1621b7532d..25cfae777c 100644 --- a/assets/components/openshift-router/deployment.yaml +++ b/assets/components/openshift-router/deployment.yaml @@ -1,70 +1,35 @@ # Deployment with default values +# Ingress Controller specific values are applied at runtime. kind: Deployment apiVersion: apps/v1 +# name and namespace are set at runtime. spec: progressDeadlineSeconds: 600 template: metadata: annotations: target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' - labels: - ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default spec: serviceAccountName: router + # nodeSelector is set at runtime. priorityClassName: system-cluster-critical containers: - name: router + # image is set at runtime. imagePullPolicy: IfNotPresent securityContext: # See https://bugzilla.redhat.com/2007246 allowPrivilegeEscalation: true readOnlyRootFilesystem: false terminationMessagePolicy: FallbackToLogsOnError + # Merged at runtime. env: - - name: ROUTER_SERVICE_NAMESPACE - value: openshift-ingress - - name: DEFAULT_CERTIFICATE_DIR - value: /etc/pki/tls/private - - name: DEFAULT_DESTINATION_CA_PATH - value: /var/run/configmaps/service-ca/service-ca.crt - - name: STATS_PORT - value: "1936" - - name: RELOAD_INTERVAL - value: 5s - - name: ROUTER_ALLOW_WILDCARD_ROUTES - value: "false" - - name: ROUTER_CANONICAL_HOSTNAME - value: router-default.apps.{{ .BaseDomain }} - - name: ROUTER_CIPHERS - value: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - - name: ROUTER_CIPHERSUITES - value: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 - - name: ROUTER_DISABLE_HTTP2 - value: "true" - - name: ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK - value: '{{.RouterNamespaceOwnership}}' - - name: ROUTER_LOAD_BALANCE_ALGORITHM - value: random - - name: ROUTER_METRICS_TYPE - value: haproxy - - name: ROUTER_SERVICE_NAME - value: default - - name: ROUTER_SET_FORWARDED_HEADERS - value: append - - name: ROUTER_TCP_BALANCE_SCHEME - value: source - - name: ROUTER_THREADS - value: "4" - - name: SSL_MIN_VERSION - value: TLSv1.2 - - name: ROUTER_USE_PROXY_PROTOCOL - value: "false" - - name: GRACEFUL_SHUTDOWN_DELAY - value: 1s - - name: ROUTER_DOMAIN - value: apps.{{ .BaseDomain }} - - name: ROUTER_IP_V4_V6_MODE - value: '{{ .RouterMode }}' + - name: ROUTER_SERVICE_NAMESPACE + value: openshift-ingress + - name: DEFAULT_CERTIFICATE_DIR + value: /etc/pki/tls/private + - name: DEFAULT_DESTINATION_CA_PATH + value: /var/run/configmaps/service-ca/service-ca.crt livenessProbe: failureThreshold: 3 httpGet: @@ -98,55 +63,22 @@ spec: cpu: 100m memory: 256Mi volumeMounts: - - mountPath: /etc/pki/tls/private - name: default-certificate - readOnly: true - - mountPath: /var/run/configmaps/service-ca - name: service-ca-bundle - readOnly: true - image: '{{ .ReleaseImage.haproxy_router }}' - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: metrics - containerPort: 1936 - protocol: TCP - args: - - -v=4 - volumes: - - name: default-certificate - secret: - defaultMode: 420 - secretName: router-certs-default - - name: service-ca-bundle - configMap: - defaultMode: 420 - items: - - key: service-ca.crt - path: service-ca.crt + - mountPath: /etc/pki/tls/private + name: default-certificate + readOnly: true + - mountPath: /var/run/configmaps/service-ca name: service-ca-bundle - optional: false - restartPolicy: Always - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - node-role.kubernetes.io/worker: "" - serviceAccount: router - securityContext: {} - schedulerName: default-scheduler - minReadySeconds: 30 - selector: - matchLabels: - ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default - replicas: 1 - strategy: - type: Recreate -metadata: - name: router-default - namespace: openshift-ingress - labels: - ingresscontroller.operator.openshift.io/owning-ingresscontroller: default + readOnly: true + volumes: + - name: default-certificate + secret: + defaultMode: 420 + # SecretName is set at run-time. + - name: service-ca-bundle + configMap: + defaultMode: 420 + items: + - key: service-ca.crt + path: service-ca.crt + name: service-ca-bundle + optional: false diff --git a/assets/components/openshift-router/service-cloud.yaml b/assets/components/openshift-router/service-cloud.yaml index 305993fb02..9f5a072b7f 100644 --- a/assets/components/openshift-router/service-cloud.yaml +++ b/assets/components/openshift-router/service-cloud.yaml @@ -7,24 +7,21 @@ metadata: namespace: openshift-ingress labels: app: router - ingresscontroller.operator.openshift.io/owning-ingresscontroller: default - name: router-default spec: type: LoadBalancer selector: - ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default + app: router # This also has the effect of marking LB pool targets as unhealthy when no # router pods are present on a node behind the service. externalTrafficPolicy: Local internalTrafficPolicy: Cluster ports: - - name: http - protocol: TCP - port: {{ .RouterHttpPort }} - targetPort: http - - name: https - protocol: TCP - port: {{ .RouterHttpsPort }} - targetPort: https + - name: http + protocol: TCP + port: 80 + targetPort: http + - name: https + protocol: TCP + port: 443 + targetPort: https sessionAffinity: None - ipFamilyPolicy: '{{.IPFamily}}' diff --git a/assets/components/openshift-router/service-internal.yaml b/assets/components/openshift-router/service-internal.yaml index 5183fe49b8..126f6ba273 100644 --- a/assets/components/openshift-router/service-internal.yaml +++ b/assets/components/openshift-router/service-internal.yaml @@ -2,28 +2,21 @@ # Ingress Controller specific annotations are applied at runtime. kind: Service apiVersion: v1 +# name, namespace and annotations are set at runtime. spec: type: ClusterIP internalTrafficPolicy: Cluster ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - - name: https - port: 443 - protocol: TCP - targetPort: https - - name: metrics - port: 1936 - protocol: TCP - targetPort: metrics + - name: http + port: 80 + protocol: TCP + targetPort: http + - name: https + port: 443 + protocol: TCP + targetPort: https + - name: metrics + port: 1936 + protocol: TCP + targetPort: metrics sessionAffinity: None - selector: - ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default - ipFamilyPolicy: '{{.IPFamily}}' -metadata: - labels: - ingresscontroller.operator.openshift.io/owning-ingresscontroller: default - name: router-internal-default - namespace: openshift-ingress diff --git a/assets/components/service-ca/deployment.yaml b/assets/components/service-ca/deployment.yaml index fc27a300fb..6b9c679a97 100644 --- a/assets/components/service-ca/deployment.yaml +++ b/assets/components/service-ca/deployment.yaml @@ -25,46 +25,43 @@ spec: spec: serviceAccountName: service-ca containers: - - name: service-ca-controller - image: '{{ .ReleaseImage.service_ca_operator }}' - imagePullPolicy: IfNotPresent - command: ["service-ca-operator", "controller"] - ports: - - containerPort: 8443 - securityContext: - runAsNonRoot: true - resources: - requests: - memory: 120Mi - cpu: 10m - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /var/run/secrets/signing-key - name: signing-key - - mountPath: /var/run/configmaps/signing-cabundle - name: signing-cabundle - args: - - -v=2 + - name: service-ca-controller + image: ${IMAGE} + imagePullPolicy: IfNotPresent + command: ["service-ca-operator", "controller"] + ports: + - containerPort: 8443 + securityContext: + runAsNonRoot: true + resources: + requests: + memory: 120Mi + cpu: 10m + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/run/secrets/signing-key + name: signing-key + - mountPath: /var/run/configmaps/signing-cabundle + name: signing-cabundle volumes: - - name: signing-key - secret: - secretName: '{{.TLSSecret}}' - - name: signing-cabundle - configMap: - name: '{{.CAConfigMap}}' + - name: signing-key + secret: + secretName: signing-key + - name: signing-cabundle + configMap: + name: signing-cabundle nodeSelector: node-role.kubernetes.io/master: "" priorityClassName: "system-cluster-critical" tolerations: - - key: node-role.kubernetes.io/master - operator: Exists - effect: "NoSchedule" - - key: "node.kubernetes.io/unreachable" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 120 - - key: "node.kubernetes.io/not-ready" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 120 - replicas: 1 + - key: node-role.kubernetes.io/master + operator: Exists + effect: "NoSchedule" + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 120 + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 120 diff --git a/assets/components/service-ca/ns.yaml b/assets/components/service-ca/ns.yaml index 5826956115..0ba2847ecc 100644 --- a/assets/components/service-ca/ns.yaml +++ b/assets/components/service-ca/ns.yaml @@ -5,3 +5,5 @@ metadata: annotations: openshift.io/node-selector: "" workload.openshift.io/allowed: "management" + labels: + openshift.io/run-level-: "" # remove the label on upgrades diff --git a/assets/controllers/kube-apiserver/defaultconfig.yaml b/assets/controllers/kube-apiserver/defaultconfig.yaml index b69a1ae3a1..5fe580be4f 100644 --- a/assets/controllers/kube-apiserver/defaultconfig.yaml +++ b/assets/controllers/kube-apiserver/defaultconfig.yaml @@ -14,21 +14,21 @@ admission: kind: PodSecurityConfiguration apiVersion: pod-security.admission.config.k8s.io/v1 defaults: - enforce: "restricted" - enforce-version: "latest" - audit: "restricted" - audit-version: "latest" - warn: "restricted" - warn-version: "latest" + enforce: "invalid-to-force-substitution" + enforce-version: "invalid-to-force-substitution" + audit: "invalid-to-force-substitution" + audit-version: "invalid-to-force-substitution" + warn: "invalid-to-force-substitution" + warn-version: "invalid-to-force-substitution" exemptions: usernames: - # The build controller creates pods that are likely to be privileged - # based on BuildConfig objects. Access to these build pods is however - # still limited by the SCC exec admission and so we can safely add the - # build-controller SA here. - # This configuration should never be exposed to cluster users as no - # such guarantees are made for any other OpenShift SA/user. - - system:serviceaccount:openshift-infra:build-controller + # The build controller creates pods that are likely to be privileged + # based on BuildConfig objects. Access to these build pods is however + # still limited by the SCC exec admission and so we can safely add the + # build-controller SA here. + # This configuration should never be exposed to cluster users as no + # such guarantees are made for any other OpenShift SA/user. + - system:serviceaccount:openshift-infra:build-controller apiServerArguments: allow-privileged: - "true" @@ -122,7 +122,7 @@ apiServerArguments: goaway-chance: - "0" http2-max-streams-per-connection: - - "2000" # recommended is 1000, but we need to mitigate https://github.com/kubernetes/kubernetes/issues/74412 + - "2000" # recommended is 1000, but we need to mitigate https://github.com/kubernetes/kubernetes/issues/74412 kubelet-certificate-authority: - /etc/kubernetes/static-pod-resources/configmaps/kubelet-serving-ca/ca-bundle.crt kubelet-client-certificate: @@ -167,7 +167,7 @@ apiServerArguments: shutdown-delay-duration: - 70s # give SDN some time to converge: 30s for iptable lock contention, 25s for the second try and some seconds for AWS to update ELBs shutdown-send-retry-after: - - "true" + - "true" storage-backend: - etcd3 storage-media-type: diff --git a/assets/controllers/kube-controller-manager/defaultconfig.yaml b/assets/controllers/kube-controller-manager/defaultconfig.yaml index 4cb47f0949..591926231f 100644 --- a/assets/controllers/kube-controller-manager/defaultconfig.yaml +++ b/assets/controllers/kube-controller-manager/defaultconfig.yaml @@ -2,39 +2,45 @@ apiVersion: kubecontrolplane.config.openshift.io/v1 kind: KubeControllerManagerConfig extendedArguments: enable-dynamic-provisioning: - - "true" + - "true" allocate-node-cidrs: - - "false" + - "false" use-service-account-credentials: - - "true" + - "true" + flex-volume-plugin-dir: + - "/etc/kubernetes/kubelet-plugins/volume/exec" # created by machine-config-operator, owned by storage team/hekumar@redhat.com + pv-recycler-pod-template-filepath-nfs: # owned by storage team/fbertina@redhat.com + - "/etc/kubernetes/static-pod-resources/configmaps/recycler-config/recycler-pod.yaml" + pv-recycler-pod-template-filepath-hostpath: # owned by storage team/fbertina@redhat.com + - "/etc/kubernetes/static-pod-resources/configmaps/recycler-config/recycler-pod.yaml" leader-elect: - - "true" + - "true" leader-elect-retry-period: - - "3s" + - "3s" leader-elect-resource-lock: - - "leases" + - "leases" leader-elect-renew-deadline: - - "12s" # Increase api call timeout value from default 5s to 6s, required in case primary dns server fail. + - "12s" # Increase api call timeout value from default 5s to 6s, required in case primary dns server fail. controllers: - - "*" - - "-ttl" # TODO: this is excluded in kube-core, but not in #21092 - - "-bootstrapsigner" - - "-tokencleaner" + - "*" + - "-ttl" # TODO: this is excluded in kube-core, but not in #21092 + - "-bootstrapsigner" + - "-tokencleaner" cluster-signing-duration: - - "720h" + - "720h" secure-port: - - "10257" + - "10257" cert-dir: - - "/var/run/kubernetes" + - "/var/run/kubernetes" root-ca-file: - - "/etc/kubernetes/static-pod-resources/configmaps/serviceaccount-ca/ca-bundle.crt" + - "/etc/kubernetes/static-pod-resources/configmaps/serviceaccount-ca/ca-bundle.crt" service-account-private-key-file: - - "/etc/kubernetes/static-pod-resources/secrets/service-account-private-key/service-account.key" + - "/etc/kubernetes/static-pod-resources/secrets/service-account-private-key/service-account.key" cluster-signing-cert-file: - - "/etc/kubernetes/static-pod-certs/secrets/csr-signer/tls.crt" + - "/etc/kubernetes/static-pod-certs/secrets/csr-signer/tls.crt" cluster-signing-key-file: - - "/etc/kubernetes/static-pod-certs/secrets/csr-signer/tls.key" + - "/etc/kubernetes/static-pod-certs/secrets/csr-signer/tls.key" kube-api-qps: - - "150" # this is a historical values + - "150" # this is a historical values kube-api-burst: - - "300" # this is a historical values + - "300" # this is a historical values diff --git a/assets/core/kubelet.yaml b/assets/core/kubelet.yaml index b4d29296be..07061749d1 100644 --- a/assets/core/kubelet.yaml +++ b/assets/core/kubelet.yaml @@ -1,37 +1,32 @@ kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 authentication: + x509: + clientCAFile: /etc/kubernetes/kubelet-ca.crt anonymous: enabled: false - x509: - clientCAFile: "{{ .clientCAFile }}" cgroupDriver: systemd -cgroupsPerQOS: true +cgroupRoot: / clusterDNS: - - "{{ .clusterDNSIP }}" + - {{.ClusterDNSIP}} clusterDomain: cluster.local containerLogMaxSize: 50Mi -containerRuntimeEndpoint: unix:///var/run/crio/crio.sock -enforceNodeAllocatable: [] -failSwapOn: false -featureGates: - APIPriorityAndFairness: true - DownwardAPIHugePages: true - PodSecurity: true - RotateKubeletServerCertificate: false # TODO -kubeAPIBurst: 100 -kubeAPIQPS: 50 +enableSystemLogQuery: true maxPods: 250 -nodeStatusReportFrequency: 5m -rotateCertificates: false # TODO +kubeAPIQPS: 50 +kubeAPIBurst: 100 +podPidsLimit: 4096 +protectKernelDefaults: true +rotateCertificates: true serializeImagePulls: false -serverTLSBootstrap: false # TODO -tlsCertFile: "{{ .tlsCertFile }}" -tlsPrivateKeyFile: "{{ .tlsPrivateKeyFile }}" -volumePluginDir: "{{ .volumePluginDir }}" -{{- if .resolvConf }} -resolvConf: "{{ .resolvConf }}" -{{- end }} -{{ if .userProvidedConfig }} -{{- .userProvidedConfig -}} -{{ end }} +staticPodPath: /etc/kubernetes/manifests +systemCgroups: /system.slice +nodeStatusUpdateFrequency: 10s +nodeStatusReportFrequency: 5m +serverTLSBootstrap: true +tlsMinVersion: {{.TLSMinVersion}} +tlsCipherSuites: + {{- range .TLSCipherSuites }} + - {{ . }} + {{- end }} + diff --git a/assets/crd/0000_03_config-operator_01_securitycontextconstraints.crd.yaml b/assets/crd/0000_03_config-operator_01_securitycontextconstraints.crd.yaml index bd48ff0f64..93562e7d3f 100644 --- a/assets/crd/0000_03_config-operator_01_securitycontextconstraints.crd.yaml +++ b/assets/crd/0000_03_config-operator_01_securitycontextconstraints.crd.yaml @@ -15,268 +15,352 @@ spec: listKind: SecurityContextConstraintsList plural: securitycontextconstraints singular: securitycontextconstraints - shortNames: - - scc scope: Cluster versions: - - additionalPrinterColumns: - - description: Determines if a container can request to be run as privileged - jsonPath: .allowPrivilegedContainer - name: Priv - type: string - - description: A list of capabilities that can be requested to add to the container - jsonPath: .allowedCapabilities - name: Caps - type: string - - description: Strategy that will dictate what labels will be set in the SecurityContext - jsonPath: .seLinuxContext.type - name: SELinux - type: string - - description: Strategy that will dictate what RunAsUser is used in the SecurityContext - jsonPath: .runAsUser.type - name: RunAsUser - type: string - - description: Strategy that will dictate what fs group is used by the SecurityContext - jsonPath: .fsGroup.type - name: FSGroup - type: string - - description: Strategy that will dictate what supplemental groups are used by the SecurityContext - jsonPath: .supplementalGroups.type - name: SupGroup - type: string - - description: Sort order of SCCs - jsonPath: .priority - name: Priority - type: string - - description: Force containers to run with a read only root file system - jsonPath: .readOnlyRootFilesystem - name: ReadOnlyRootFS - type: string - - description: White list of allowed volume plugins - jsonPath: .volumes - name: Volumes - type: string - name: v1 - schema: - openAPIV3Schema: - description: "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - allowHostDirVolumePlugin: - description: AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin - type: boolean - allowHostIPC: - description: AllowHostIPC determines if the policy allows host ipc in the containers. - type: boolean - allowHostNetwork: - description: AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec. - type: boolean - allowHostPID: - description: AllowHostPID determines if the policy allows host pid in the containers. - type: boolean - allowHostPorts: - description: AllowHostPorts determines if the policy allows host ports in the containers. - type: boolean - allowPrivilegeEscalation: - description: AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true. - nullable: true - type: boolean - allowPrivilegedContainer: - description: AllowPrivilegedContainer determines if a container can request to be run as privileged. - type: boolean - allowedCapabilities: - description: AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'. - items: - description: Capability represent POSIX capabilities type - type: string - nullable: true - type: array - allowedFlexVolumes: - description: AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the "Volumes" field. - items: - description: AllowedFlexVolume represents a single Flexvolume that is allowed to be used. - properties: - driver: - description: Driver is the name of the Flexvolume driver. - type: string - required: - - driver - type: object - nullable: true - type: array - allowedUnsafeSysctls: - description: "AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. \n Examples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc." - items: - type: string - nullable: true - type: array - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + - additionalPrinterColumns: + - description: Determines if a container can request to be run as privileged + jsonPath: .allowPrivilegedContainer + name: Priv + type: string + - description: A list of capabilities that can be requested to add to the container + jsonPath: .allowedCapabilities + name: Caps + type: string + - description: Strategy that will dictate what labels will be set in the SecurityContext + jsonPath: .seLinuxContext.type + name: SELinux + type: string + - description: Strategy that will dictate what RunAsUser is used in the SecurityContext + jsonPath: .runAsUser.type + name: RunAsUser + type: string + - description: Strategy that will dictate what fs group is used by the SecurityContext + jsonPath: .fsGroup.type + name: FSGroup + type: string + - description: Strategy that will dictate what supplemental groups are used by + the SecurityContext + jsonPath: .supplementalGroups.type + name: SupGroup + type: string + - description: Sort order of SCCs + jsonPath: .priority + name: Priority + type: string + - description: Force containers to run with a read only root file system + jsonPath: .readOnlyRootFilesystem + name: ReadOnlyRootFS + type: string + - description: White list of allowed volume plugins + jsonPath: .volumes + name: Volumes + type: string + name: v1 + schema: + openAPIV3Schema: + description: "SecurityContextConstraints governs the ability to make requests + that affect the SecurityContext that will be applied to a container. For + historical reasons SCC was exposed under the core Kubernetes API group. + That exposure is deprecated and will be removed in a future release - users + should instead use the security.openshift.io group to manage SecurityContextConstraints. + \n Compatibility level 1: Stable within a major release for a minimum of + 12 months or 3 minor releases (whichever is longer)." + properties: + allowHostDirVolumePlugin: + description: AllowHostDirVolumePlugin determines if the policy allow containers + to use the HostDir volume plugin + type: boolean + allowHostIPC: + description: AllowHostIPC determines if the policy allows host ipc in + the containers. + type: boolean + allowHostNetwork: + description: AllowHostNetwork determines if the policy allows the use + of HostNetwork in the pod spec. + type: boolean + allowHostPID: + description: AllowHostPID determines if the policy allows host pid in + the containers. + type: boolean + allowHostPorts: + description: AllowHostPorts determines if the policy allows host ports + in the containers. + type: boolean + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation determines if a pod can request + to allow privilege escalation. If unspecified, defaults to true. + nullable: true + type: boolean + allowPrivilegedContainer: + description: AllowPrivilegedContainer determines if a container can request + to be run as privileged. + type: boolean + allowedCapabilities: + description: AllowedCapabilities is a list of capabilities that can be + requested to add to the container. Capabilities in this field maybe + added at the pod author's discretion. You must not list a capability + in both AllowedCapabilities and RequiredDropCapabilities. To allow all + capabilities you may use '*'. + items: + description: Capability represent POSIX capabilities type type: string - defaultAddCapabilities: - description: DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities. - items: - description: Capability represent POSIX capabilities type - type: string - nullable: true - type: array - defaultAllowPrivilegeEscalation: - description: DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process. - nullable: true - type: boolean - forbiddenSysctls: - description: "ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. \n Examples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc." - items: - type: string - nullable: true - type: array - fsGroup: - description: FSGroup is the strategy that will dictate what fs group is used by the SecurityContext. - nullable: true + nullable: true + type: array + allowedFlexVolumes: + description: AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty + or nil indicates that all Flexvolumes may be used. This parameter is + effective only when the usage of the Flexvolumes is allowed in the "Volumes" + field. + items: + description: AllowedFlexVolume represents a single Flexvolume that is + allowed to be used. properties: - ranges: - description: Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. - items: - description: 'IDRange provides a min/max of an allowed range of IDs. TODO: this could be reused for UIDs.' - properties: - max: - description: Max is the end of the range, inclusive. - format: int64 - type: integer - min: - description: Min is the start of the range, inclusive. - format: int64 - type: integer - type: object - type: array - type: - description: Type is the strategy that will dictate what FSGroup is used in the SecurityContext. + driver: + description: Driver is the name of the Flexvolume driver. type: string + required: + - driver type: object - groups: - description: The groups that have permission to use this security context constraints - items: - type: string - nullable: true - type: array - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + nullable: true + type: array + allowedUnsafeSysctls: + description: "AllowedUnsafeSysctls is a list of explicitly allowed unsafe + sysctls, defaults to none. Each entry is either a plain sysctl name + or ends in \"*\" in which case it is considered as a prefix of allowed + sysctls. Single * means all unsafe sysctls are allowed. Kubelet has + to whitelist all allowed unsafe sysctls explicitly to avoid rejection. + \n Examples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. + \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc." + items: type: string - metadata: - type: object - priority: - description: Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name. - format: int32 - nullable: true - type: integer - readOnlyRootFilesystem: - description: ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to. - type: boolean - requiredDropCapabilities: - description: RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added. - items: - description: Capability represent POSIX capabilities type - type: string - nullable: true - type: array - runAsUser: - description: RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext. - nullable: true - properties: - type: - description: Type is the strategy that will dictate what RunAsUser is used in the SecurityContext. - type: string - uid: - description: UID is the user id that containers must run as. Required for the MustRunAs strategy if not using namespace/service account allocated uids. - format: int64 - type: integer - uidRangeMax: - description: UIDRangeMax defines the max value for a strategy that allocates by range. - format: int64 - type: integer - uidRangeMin: - description: UIDRangeMin defines the min value for a strategy that allocates by range. - format: int64 - type: integer - type: object - seLinuxContext: - description: SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext. - nullable: true - properties: - seLinuxOptions: - description: seLinuxOptions required to run as; required for MustRunAs + nullable: true + type: array + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + defaultAddCapabilities: + description: DefaultAddCapabilities is the default set of capabilities + that will be added to the container unless the pod spec specifically + drops the capability. You may not list a capabiility in both DefaultAddCapabilities + and RequiredDropCapabilities. + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + type: array + defaultAllowPrivilegeEscalation: + description: DefaultAllowPrivilegeEscalation controls the default setting + for whether a process can gain more privileges than its parent process. + nullable: true + type: boolean + forbiddenSysctls: + description: "ForbiddenSysctls is a list of explicitly forbidden sysctls, + defaults to none. Each entry is either a plain sysctl name or ends in + \"*\" in which case it is considered as a prefix of forbidden sysctls. + Single * means all sysctls are forbidden. \n Examples: e.g. \"foo/*\" + forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", + \"foo.baz\", etc." + items: + type: string + nullable: true + type: array + fsGroup: + description: FSGroup is the strategy that will dictate what fs group is + used by the SecurityContext. + nullable: true + properties: + ranges: + description: Ranges are the allowed ranges of fs groups. If you would + like to force a single fs group then supply a single range with + the same start and end. + items: + description: 'IDRange provides a min/max of an allowed range of + IDs. TODO: this could be reused for UIDs.' properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string + max: + description: Max is the end of the range, inclusive. + format: int64 + type: integer + min: + description: Min is the start of the range, inclusive. + format: int64 + type: integer type: object - type: - description: Type is the strategy that will dictate what SELinux context is used in the SecurityContext. - type: string - type: object - seccompProfiles: - description: "SeccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default." - items: + type: array + type: + description: Type is the strategy that will dictate what FSGroup is + used in the SecurityContext. type: string - nullable: true - type: array - supplementalGroups: - description: SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. - nullable: true - properties: - ranges: - description: Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. - items: - description: 'IDRange provides a min/max of an allowed range of IDs. TODO: this could be reused for UIDs.' - properties: - max: - description: Max is the end of the range, inclusive. - format: int64 - type: integer - min: - description: Min is the start of the range, inclusive. - format: int64 - type: integer - type: object - type: array - type: - description: Type is the strategy that will dictate what supplemental groups is used in the SecurityContext. - type: string - type: object - users: - description: The users who have permissions to use this security context constraints - items: + type: object + groups: + description: The groups that have permission to use this security context + constraints + items: + type: string + nullable: true + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + priority: + description: Priority influences the sort order of SCCs when evaluating + which SCCs to try first for a given pod request based on access in the + Users and Groups fields. The higher the int, the higher priority. An + unset value is considered a 0 priority. If scores for multiple SCCs + are equal they will be sorted from most restrictive to least restrictive. + If both priorities and restrictions are equal the SCCs will be sorted + by name. + format: int32 + nullable: true + type: integer + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem when set to true will force containers + to run with a read only root file system. If the container specifically + requests to run with a non-read only root file system the SCC should + deny the pod. If set to false the container may run with a read only + root file system if it wishes but it will not be forced to. + type: boolean + requiredDropCapabilities: + description: RequiredDropCapabilities are the capabilities that will be + dropped from the container. These are required to be dropped and cannot + be added. + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + type: array + runAsUser: + description: RunAsUser is the strategy that will dictate what RunAsUser + is used in the SecurityContext. + nullable: true + properties: + type: + description: Type is the strategy that will dictate what RunAsUser + is used in the SecurityContext. type: string - nullable: true - type: array - volumes: - description: Volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use "*". To allow no volumes, set to ["none"]. - items: - description: FS Type gives strong typing to different file systems that are used by volumes. + uid: + description: UID is the user id that containers must run as. Required + for the MustRunAs strategy if not using namespace/service account + allocated uids. + format: int64 + type: integer + uidRangeMax: + description: UIDRangeMax defines the max value for a strategy that + allocates by range. + format: int64 + type: integer + uidRangeMin: + description: UIDRangeMin defines the min value for a strategy that + allocates by range. + format: int64 + type: integer + type: object + seLinuxContext: + description: SELinuxContext is the strategy that will dictate what labels + will be set in the SecurityContext. + nullable: true + properties: + seLinuxOptions: + description: seLinuxOptions required to run as; required for MustRunAs + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + type: + description: Type is the strategy that will dictate what SELinux context + is used in the SecurityContext. + type: string + type: object + seccompProfiles: + description: "SeccompProfiles lists the allowed profiles that may be set + for the pod or container's seccomp annotations. An unset (nil) or empty + value means that no profiles may be specifid by the pod or container.\tThe + wildcard '*' may be used to allow all profiles. When used to generate + a value for a pod the first non-wildcard profile will be used as the + default." + items: + type: string + nullable: true + type: array + supplementalGroups: + description: SupplementalGroups is the strategy that will dictate what + supplemental groups are used by the SecurityContext. + nullable: true + properties: + ranges: + description: Ranges are the allowed ranges of supplemental groups. If + you would like to force a single supplemental group then supply + a single range with the same start and end. + items: + description: 'IDRange provides a min/max of an allowed range of + IDs. TODO: this could be reused for UIDs.' + properties: + max: + description: Max is the end of the range, inclusive. + format: int64 + type: integer + min: + description: Min is the start of the range, inclusive. + format: int64 + type: integer + type: object + type: array + type: + description: Type is the strategy that will dictate what supplemental + groups is used in the SecurityContext. type: string - nullable: true - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - served: true - storage: true + type: object + users: + description: The users who have permissions to use this security context + constraints + items: + type: string + nullable: true + type: array + volumes: + description: Volumes is a white list of allowed volume plugins. FSType + corresponds directly with the field names of a VolumeSource (azureFile, + configMap, emptyDir). To allow all volumes you may use "*". To allow + no volumes, set to ["none"]. + items: + description: FS Type gives strong typing to different file systems that + are used by volumes. + type: string + nullable: true + type: array + required: + - allowHostDirVolumePlugin + - allowHostIPC + - allowHostNetwork + - allowHostPID + - allowHostPorts + - allowPrivilegedContainer + - allowedCapabilities + - defaultAddCapabilities + - priority + - readOnlyRootFilesystem + - requiredDropCapabilities + - volumes + type: object + served: true + storage: true diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-namespace.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-namespace.yaml index deebf3d345..5680a258d3 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_00-namespace.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_00-namespace.yaml @@ -30,18 +30,3 @@ metadata: include.release.openshift.io/self-managed-high-availability: "true" capability.openshift.io/name: "OperatorLifecycleManager" include.release.openshift.io/hypershift: "true" ---- -apiVersion: v1 -kind: Namespace -metadata: - name: openshift-marketplace - labels: - pod-security.kubernetes.io/enforce: baseline - pod-security.kubernetes.io/enforce-version: "v1.24" - openshift.io/scc: "" - annotations: - openshift.io/node-selector: "" - workload.openshift.io/allowed: "management" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - capability.openshift.io/name: "OperatorLifecycleManager" diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_07-olm-operator.deployment.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_07-olm-operator.deployment.yaml index ebec29236f..2e9c360d9d 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_07-olm-operator.deployment.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_07-olm-operator.deployment.yaml @@ -61,7 +61,7 @@ spec: - /profile-collector-cert/tls.crt - --protectedCopiedCSVNamespaces - openshift - image: quay.io/operator-framework/olm + image: quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607 imagePullPolicy: IfNotPresent ports: - containerPort: 8443 diff --git a/assets/optional/operator-lifecycle-manager/0000_50_olm_08-catalog-operator.deployment.yaml b/assets/optional/operator-lifecycle-manager/0000_50_olm_08-catalog-operator.deployment.yaml index 9b5370c81e..e923733d8a 100644 --- a/assets/optional/operator-lifecycle-manager/0000_50_olm_08-catalog-operator.deployment.yaml +++ b/assets/optional/operator-lifecycle-manager/0000_50_olm_08-catalog-operator.deployment.yaml @@ -53,10 +53,10 @@ spec: args: - '--namespace' - openshift-marketplace - - --configmapServerImage=$(OPERATOR_REGISTRY_IMAGE) - - --opmImage=$(OPERATOR_REGISTRY_IMAGE) + - --configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest + - --opmImage=quay.io/operator-framework/configmap-operator-registry:latest - --util-image - - $(OLM_IMAGE) + - quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607 - --writeStatusName - operator-lifecycle-manager-catalog - --tls-cert @@ -66,7 +66,7 @@ spec: - --client-ca - /profile-collector-cert/tls.crt - --set-workload-user-id=false - image: quay.io/operator-framework/olm + image: quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607 imagePullPolicy: IfNotPresent ports: - containerPort: 8443 diff --git a/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml b/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml deleted file mode 100644 index 14115787db..0000000000 --- a/assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml +++ /dev/null @@ -1,27 +0,0 @@ - -images: - - name: quay.io/operator-framework/olm - newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:12dc8a627bffff0cf245b05d8404bcba1988b358ee00cd9f25fe2ad5d2eab83f - - name: quay.io/operator-framework/configmap-operator-registry - newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:96d031f82daf9fbbeb6d9f82afe90ba1a7cf404eab35a6a0a9ab436d0095050d - - name: quay.io/openshift/origin-kube-rbac-proxy - newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:9520964f43a9244f072af5a55fd2877d4830709772e8cdcaf5ab078f792b2612 - -patches: - - patch: |- - - op: add - path: /spec/template/spec/containers/0/env/- - value: - name: OPERATOR_REGISTRY_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:96d031f82daf9fbbeb6d9f82afe90ba1a7cf404eab35a6a0a9ab436d0095050d - - op: add - path: /spec/template/spec/containers/0/env/- - value: - name: OLM_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:12dc8a627bffff0cf245b05d8404bcba1988b358ee00cd9f25fe2ad5d2eab83f - target: - kind: Deployment - labelSelector: app=catalog-operator diff --git a/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml b/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml deleted file mode 100644 index aab966ef93..0000000000 --- a/assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml +++ /dev/null @@ -1,27 +0,0 @@ - -images: - - name: quay.io/operator-framework/olm - newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:364296a51d5c167c141ac5ad9e99210de08d3432cc20ab65f5017cdb6ba1f485 - - name: quay.io/operator-framework/configmap-operator-registry - newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:9fd976f5f4982535c7ab0ea3346d1d8c785ec7caa5fb6dae2e240b45dbdb8410 - - name: quay.io/openshift/origin-kube-rbac-proxy - newName: quay.io/openshift-release-dev/ocp-v4.0-art-dev - digest: sha256:df47aabf5cd84f98c4c420a4c1cae56225e47907d4370dcab60a0108ad33cd18 - -patches: - - patch: |- - - op: add - path: /spec/template/spec/containers/0/env/- - value: - name: OPERATOR_REGISTRY_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9fd976f5f4982535c7ab0ea3346d1d8c785ec7caa5fb6dae2e240b45dbdb8410 - - op: add - path: /spec/template/spec/containers/0/env/- - value: - name: OLM_IMAGE - value: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:364296a51d5c167c141ac5ad9e99210de08d3432cc20ab65f5017cdb6ba1f485 - target: - kind: Deployment - labelSelector: app=catalog-operator diff --git a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json b/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json deleted file mode 100644 index 964069587f..0000000000 --- a/assets/optional/operator-lifecycle-manager/release-olm-aarch64.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "release": { - "base": "4.17.0-0.nightly-arm64-2024-08-13-025544" - }, - "images": { - "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:12dc8a627bffff0cf245b05d8404bcba1988b358ee00cd9f25fe2ad5d2eab83f", - "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:96d031f82daf9fbbeb6d9f82afe90ba1a7cf404eab35a6a0a9ab436d0095050d", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9520964f43a9244f072af5a55fd2877d4830709772e8cdcaf5ab078f792b2612" - } -} diff --git a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json b/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json deleted file mode 100644 index a2e17f733a..0000000000 --- a/assets/optional/operator-lifecycle-manager/release-olm-x86_64.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "release": { - "base": "4.17.0-0.nightly-2024-08-09-031511" - }, - "images": { - "operator-lifecycle-manager": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:364296a51d5c167c141ac5ad9e99210de08d3432cc20ab65f5017cdb6ba1f485", - "operator-registry": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9fd976f5f4982535c7ab0ea3346d1d8c785ec7caa5fb6dae2e240b45dbdb8410", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:df47aabf5cd84f98c4c420a4c1cae56225e47907d4370dcab60a0108ad33cd18" - } -} diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 5b78b18fe8..822d52b4a7 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,18 +1,18 @@ { "release": { - "base": "4.17.0-0.nightly-2024-08-09-031511" + "base": "4.17.0-0.nightly-2024-08-13-031847" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:30a1a89811d79d955901eaa45d02a62d6ce234491256e6a6e229af9c9935f149", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e06839473a75025488f6118a6928bd6e467cbe3dea9ef46f28972ca55219bcac", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5fe1f43bb9876dbb7b8927913e8d8e75e7691d0b3d09b3f112edf9c572a92e8a", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:df47aabf5cd84f98c4c420a4c1cae56225e47907d4370dcab60a0108ad33cd18", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:68fe6bb1b731a81676d5b67f526589027c69f75b4b61c9aeece34ca722073d3b", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2d50c83d55ebab09c88764ad608a5f09de67ddf541b5c279c37f4e88f0302eb1", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:77b9683d0bda0e5e0945acc0614805263ef75ccab7c3acef5f1164bb2d9dc6c4", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c10c3f66f79fcaac866776237a9ab20217a508f0fe93325f958dcd445a7cde07", "openssl": "registry.redhat.io/ubi9@sha256:ed84f34cd929ea6b0c247b6daef54dd79602804a32480a052951021caf429494", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3f50c13dd28d1fb27ca443ddf611c040fea65bbe3e88f4d1bf6cd3da1117485e", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:13e890f8679773305aa8e09af3e0c2f56f51a350e43fc8825720e65b09a3dc69", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1b202402fad083c9d07eb66f8c9e65bc525dad49eb533233b0a625359e5c41ff", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c0021be8ba208015d2008a75b7ad1cc2d124dadf761368b1abf526da0b4af661", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:aa185424a8a9d420ac9a09bdd8f4b0137367924febdb65e716f7c18ffd08be34", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:1b41110921add1acad1f913a7060e18028d18bd55a04d9d4d9d8d52c81441b52", "lvms_operator": "quay.io/lvms_dev/lvms4-lvms-rhel9-operator@sha256:d236a30c0793850c3453163cd0160227fb0beb81863d17ff1d9ee1439c8798b3", - "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0032f18b30fc97d6c40693c5ac4e4a229cd7e9133a99816cbf77002e3f66b2f7", - "csi-snapshot-validation-webhook": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef7b4cacf557c2027b7109fe7933d327cd3efb52b595401885d5b85a812705be" + "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5f2f6a0cd172221eccb67dd2380f91cafe20e9aaf7bad9894046818bbf2287f9", + "csi-snapshot-validation-webhook": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:77fe92672ad3033c5688710d8a170207b942a91c30eabc163da4c4ffc9396ed0" } } diff --git a/rebase_sh.log b/rebase_sh.log new file mode 100644 index 0000000000..18e4bb7050 --- /dev/null +++ b/rebase_sh.log @@ -0,0 +1,757 @@ +# Rebasing to registry.ci.openshift.org/ocp/release:4.17.0-0.nightly-2024-08-13-031847 and registry.ci.openshift.org/ocp-arm64/release-arm64:4.17.0-0.nightly-arm64-2024-08-13-025544 +# Fetching release info for registry.ci.openshift.org/ocp/release:4.17.0-0.nightly-2024-08-13-031847 (amd64) +# Fetching release info for registry.ci.openshift.org/ocp-arm64/release-arm64:4.17.0-0.nightly-arm64-2024-08-13-025544 (arm64) +# Extracting registry.ci.openshift.org/ocp/release:4.17.0-0.nightly-2024-08-13-031847 manifest content +# Cloning registry.ci.openshift.org/ocp/release:4.17.0-0.nightly-2024-08-13-031847 component repos +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/api/.git/ +HEAD is now at d6942fb Merge pull request #1971 from bharath-b-rh/cfe-921 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-csi-snapshot-controller-operator/.git/ +HEAD is now at ffba005 Merge pull request #214 from davidvossel/hcp-tolerations + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-dns-operator/.git/ +HEAD is now at 54eea5b Merge pull request #415 from arkadeepsen/dnsnameresolver-controller + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-ingress-operator/.git/ +HEAD is now at 7cf86c7 Merge pull request #1122 from Miciah/OCPBUGS-23742-bump-controller-runtime-to-v0.18.4 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-kube-apiserver-operator/.git/ +HEAD is now at 0ecdda5 Merge pull request #1704 from vrutkovs/node-kubeconfigs-annotations + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-kube-controller-manager-operator/.git/ +HEAD is now at 0a9ed57 Merge pull request #814 from tjungblu/ckao_lg_1743 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-kube-scheduler-operator/.git/ +HEAD is now at 98ca953 Merge pull request #546 from ingvagabund/545 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-network-operator/.git/ +HEAD is now at d035fdd Merge pull request #2466 from qinqon/multus-add-openshift-cnv-as-global-namespace + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-openshift-controller-manager-operator/.git/ +HEAD is now at 2b962c7 Merge pull request #354 from ingvagabund/update-owners + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-policy-controller/.git/ +HEAD is now at c502ece Merge pull request #151 from ingvagabund/bump-k8s-1.30.1 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/csi-external-snapshotter/.git/ +HEAD is now at aa558ca Merge pull request #156 from dfajmon/rebase-8.0.1 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/etcd/.git/ +HEAD is now at 1fb31653 Merge pull request #273 from Elbehery/rebase-etcd-3.5.14-openshift-4.17 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/kubernetes/.git/ +HEAD is now at 43740e917 Merge pull request #2038 from dinhxuanvu/bump-1.30.3 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/kubernetes-kube-storage-version-migrator/.git/ +HEAD is now at 34fafc0 Merge pull request #205 from openshift-bot/art-consistency-openshift-4.17-ose-kube-storage-version-migrator + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/machine-config-operator/.git/ +HEAD is now at 801e9b6c Merge pull request #4524 from neisw/revert-4518-1723397461936 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/openshift-controller-manager/.git/ +HEAD is now at aabcbc2 Merge pull request #318 from sanchezl/ocpbugs-35731 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/operator-framework-olm/.git/ +HEAD is now at a3a385e8 Merge pull request #835 from openshift-bot/synchronize-upstream + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/route-controller-manager/.git/ +HEAD is now at a47f6be Merge pull request #44 from ingvagabund/bump-k8s-1.30.1 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/service-ca-operator/.git/ +HEAD is now at 1f7d647 Merge pull request #241 from lunarwhite/fix-doc + +# Cloning registry.ci.openshift.org/ocp/release:4.17.0-0.nightly-2024-08-13-031847 image repos +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/oc/.git/ +HEAD is now at 51ca91a2 Merge pull request #1841 from rwsu/WRKLDS-1318-update + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/coredns/.git/ +HEAD is now at d3b441c Merge pull request #118 from gcs278/merge-1.11.3 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/csi-external-snapshotter/.git/ +HEAD is now at aa558ca Merge pull request #156 from dfajmon/rebase-8.0.1 + + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/router/.git/ +HEAD is now at a33f2b6 Merge pull request #615 from Miciah/OCPBUGS-38101-bump-k8s.io-slash-star-to-v0.30.3 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/kube-rbac-proxy/.git/ +HEAD is now at 8ea2c99 Merge pull request #98 from ibihim/release-0.17.1-downstream + +lvms_operator not from release payload, skipping + +openssl not from release payload, skipping + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/ovn-kubernetes/.git/ +HEAD is now at 19030494 Merge pull request #2240 from cgoncalves/master-OCPBUGS-37541 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/kubernetes/.git/ +HEAD is now at 43740e917 Merge pull request #2038 from dinhxuanvu/bump-1.30.3 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/service-ca-operator/.git/ +HEAD is now at 1f7d647 Merge pull request #241 from lunarwhite/fix-doc + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/oc/.git/ +HEAD is now at 51ca91a2 Merge pull request #1841 from rwsu/WRKLDS-1318-update + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/coredns/.git/ +HEAD is now at d3b441c Merge pull request #118 from gcs278/merge-1.11.3 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/csi-external-snapshotter/.git/ +HEAD is now at aa558ca Merge pull request #156 from dfajmon/rebase-8.0.1 + + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/router/.git/ +HEAD is now at a33f2b6 Merge pull request #615 from Miciah/OCPBUGS-38101-bump-k8s.io-slash-star-to-v0.30.3 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/kube-rbac-proxy/.git/ +HEAD is now at 8ea2c99 Merge pull request #98 from ibihim/release-0.17.1-downstream + +lvms_operator not from release payload, skipping + +openssl not from release payload, skipping + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/ovn-kubernetes/.git/ +HEAD is now at 19030494 Merge pull request #2240 from cgoncalves/master-OCPBUGS-37541 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/kubernetes/.git/ +HEAD is now at 43740e917 Merge pull request #2038 from dinhxuanvu/bump-1.30.3 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/service-ca-operator/.git/ +HEAD is now at 1f7d647 Merge pull request #241 from lunarwhite/fix-doc + +Warning: env var PULL_BASE_REF not found or empty, falling back to local active branch. +error: branch 'rebase-release-4.17-4.17.0-0.nightly-2024-08-13-031847_amd64-2024-08-13_arm64-2024-08-13' not found. +Switched to a new branch 'rebase-release-4.17-4.17.0-0.nightly-2024-08-13-031847_amd64-2024-08-13_arm64-2024-08-13' +## Updating last_rebase.sh +## Committing changes to last_rebase.sh +[rebase-release-4.17-4.17.0-0.nightly-2024-08-13-031847_amd64-2024-08-13_arm64-2024-08-13 6379e856a] update last_rebase.sh + 1 file changed, 1 insertion(+), 1 deletion(-) +cluster-csi-snapshot-controller-operator embedded-component no change + +cluster-dns-operator embedded-component no change + +cluster-ingress-operator embedded-component no change + +cluster-kube-apiserver-operator embedded-component no change + +cluster-kube-controller-manager-operator embedded-component no change + +cluster-kube-scheduler-operator embedded-component no change + +cluster-openshift-controller-manager-operator embedded-component no change + +cluster-policy-controller embedded-component no change + +csi-external-snapshotter embedded-component no change + +etcd embedded-component no change + +kubernetes embedded-component no change + +kubernetes-kube-storage-version-migrator embedded-component no change + +openshift-controller-manager embedded-component no change + +route-controller-manager embedded-component no change + +service-ca-operator embedded-component no change + +coredns image-amd64 no change + +csi-external-snapshotter image-amd64 no change + +csi-external-snapshotter image-amd64 no change + +kube-rbac-proxy image-amd64 no change + +ovn-kubernetes image-amd64 no change + +kubernetes image-amd64 no change + +service-ca-operator image-amd64 no change + +oc image-arm64 no change + +coredns image-arm64 no change + +csi-external-snapshotter image-arm64 no change + +csi-external-snapshotter image-arm64 no change + +router image-arm64 no change + +kube-rbac-proxy image-arm64 no change + +ovn-kubernetes image-arm64 no change + +kubernetes image-arm64 no change + +service-ca-operator image-arm64 no change + +## Committing changes to changelog +[rebase-release-4.17-4.17.0-0.nightly-2024-08-13-031847_amd64-2024-08-13_arm64-2024-08-13 596309cd0] update changelog + 2 files changed, 42 insertions(+), 6 deletions(-) +# Updating microshift/go.mod +go mod edit -require github.com/openshift/cluster-policy-controller@c502ece1b8bdccdbc58a327520685d9a1d2f59cf +go: downloading github.com/openshift/api v0.0.0-20240530053948-b01900f1982a +go: downloading github.com/openshift/library-go v0.0.0-20240528110646-354b673304be +go: downloading github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240805184523-43740e9179f5 +go: downloading k8s.io/klog/v2 v2.120.1 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240805184523-43740e9179f5 +go: downloading k8s.io/utils v0.0.0-20240102154912-e7106e64919e +go: downloading sigs.k8s.io/yaml v1.3.0 +go: downloading github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e +go: downloading github.com/spf13/cobra v1.7.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/openshift/kubernetes v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/stretchr/testify v1.8.4 +go: downloading github.com/fsnotify/fsnotify v1.7.0 +go: downloading github.com/apparentlymart/go-cidr v1.1.0 +go: downloading github.com/spf13/pflag v1.0.5 +go: downloading github.com/vishvananda/netlink v1.1.0 +go: downloading sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 +go: downloading sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 +go: downloading github.com/openshift/cluster-policy-controller v0.0.0-20240604062218-c502ece1b8bd +go: downloading github.com/openshift/route-controller-manager v0.0.0-20240604082609-a47f6be3676d +go: downloading github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20240613152121-1fb3165305ef +go: downloading github.com/openshift/etcd/client/v3 v3.5.1-0.20240613152121-1fb3165305ef +go: downloading github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20240605171054-34fafc04e5f2 +go: downloading github.com/google/go-cmp v0.6.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/miekg/dns v1.1.35 +go: downloading github.com/openshift/build-machinery-go v0.0.0-20240419090851-af9c868bcf52 +go: downloading gopkg.in/yaml.v3 v3.0.1 +go: downloading golang.org/x/sys v0.18.0 +go: downloading gopkg.in/yaml.v2 v2.4.0 +go: downloading k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 +go: downloading github.com/evanphx/json-patch v4.12.0+incompatible +go: downloading github.com/davecgh/go-spew v1.1.1 +go: downloading github.com/gogo/protobuf v1.3.2 +go: downloading github.com/google/gofuzz v1.2.0 +go: downloading sigs.k8s.io/structured-merge-diff/v4 v4.4.1 +go: downloading github.com/golang/protobuf v1.5.4 +go: downloading github.com/google/gnostic-models v0.6.8 +go: downloading google.golang.org/protobuf v1.33.0 +go: downloading golang.org/x/net v0.23.0 +go: downloading github.com/imdario/mergo v0.3.11 +go: downloading golang.org/x/term v0.18.0 +go: downloading github.com/go-logr/logr v1.4.1 +go: downloading github.com/inconshreveable/mousetrap v1.1.0 +go: downloading sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd +go: downloading github.com/pmezard/go-difflib v1.0.0 +go: downloading github.com/google/uuid v1.3.1 +go: downloading github.com/vishvananda/netns v0.0.4 +go: downloading github.com/openshift/etcd/api/v3 v3.5.1-0.20240613152121-1fb3165305ef +go: downloading go.uber.org/zap v1.26.0 +go: downloading google.golang.org/grpc v1.59.0 +go: downloading github.com/jonboulle/clockwork v0.2.2 +go: downloading github.com/pkg/errors v0.9.1 +go: downloading github.com/MakeNowJust/heredoc v1.0.0 +go: downloading github.com/mitchellh/go-wordwrap v1.0.1 +go: downloading github.com/russross/blackfriday/v2 v2.1.0 +go: downloading golang.org/x/time v0.3.0 +go: downloading golang.org/x/crypto v0.21.0 +go: downloading golang.org/x/sync v0.6.0 +go: downloading k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 +go: downloading go.opentelemetry.io/otel/trace v1.19.0 +go: downloading github.com/google/cadvisor v0.49.0 +go: downloading go.opentelemetry.io/otel v1.19.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/Microsoft/go-winio v0.6.0 +go: downloading github.com/coreos/go-systemd/v22 v22.5.0 +go: downloading github.com/opencontainers/runc v1.1.12 +go: downloading go.opentelemetry.io/otel/sdk v1.19.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240805184523-43740e9179f5 +go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240805184523-43740e9179f5 +go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da +go: downloading github.com/blang/semver/v4 v4.0.0 +go: downloading github.com/prometheus/client_golang v1.16.0 +go: downloading github.com/prometheus/client_model v0.4.0 +go: downloading github.com/prometheus/procfs v0.10.1 +go: downloading gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c +go: downloading github.com/prometheus/common v0.44.0 +go: downloading gopkg.in/inf.v0 v0.9.1 +go: downloading github.com/go-openapi/swag v0.22.3 +go: downloading golang.org/x/oauth2 v0.11.0 +go: downloading github.com/json-iterator/go v1.1.12 +go: downloading github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de +go: downloading github.com/moby/term v0.0.0-20221205130635-1aeaba878587 +go: downloading golang.org/x/text v0.14.0 +go: downloading github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 +go: downloading github.com/peterbourgon/diskv v2.0.1+incompatible +go: downloading github.com/go-openapi/jsonreference v0.20.2 +go: downloading github.com/go-errors/errors v1.4.2 +go: downloading github.com/pkg/profile v1.3.0 +go: downloading github.com/sirupsen/logrus v1.9.0 +go: downloading github.com/emicklei/go-restful/v3 v3.11.0 +go: downloading go.uber.org/atomic v1.10.0 +go: downloading github.com/chai2010/gettext-go v1.0.2 +go: downloading github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20240314173009-2cd07f4ca53d +go: downloading github.com/onsi/gomega v1.31.0 +go: downloading github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d +go: downloading github.com/coreos/go-semver v0.3.1 +go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d +go: downloading go.uber.org/multierr v1.11.0 +go: downloading go.uber.org/goleak v1.3.0 +go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d +go: downloading google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d +go: downloading golang.org/x/tools v0.18.0 +go: downloading github.com/onsi/ginkgo v1.16.5 +go: downloading gopkg.in/natefinch/lumberjack.v2 v2.2.1 +go: downloading gopkg.in/square/go-jose.v2 v2.6.0 +go: downloading go.etcd.io/etcd/server/v3 v3.5.10 +go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 +go: downloading sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 +go: downloading github.com/openshift/apiserver-library-go v0.0.0-20240716092710-e88385a79b17 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/karrick/godirwalk v1.17.0 +go: downloading github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 +go: downloading github.com/containerd/typeurl v1.0.2 +go: downloading github.com/google/cel-go v0.17.8 +go: downloading github.com/docker/go-units v0.5.0 +go: downloading go.opentelemetry.io/proto/otlp v1.0.0 +go: downloading github.com/cyphar/filepath-securejoin v0.2.4 +go: downloading github.com/moby/sys/mountinfo v0.6.2 +go: downloading github.com/opencontainers/selinux v1.11.0 +go: downloading github.com/golang/mock v1.6.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240805184523-43740e9179f5 +go: downloading go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful v0.42.0 +go: downloading github.com/container-storage-interface/spec v1.8.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/libopenstorage/openstorage v1.0.0 +go: downloading github.com/robfig/cron/v3 v3.0.1 +go: downloading github.com/robfig/cron v1.2.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/beorn7/perks v1.0.1 +go: downloading github.com/cespare/xxhash/v2 v2.2.0 +go: downloading github.com/kr/pretty v0.3.1 +go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 +go: downloading github.com/mailru/easyjson v0.7.7 +go: downloading github.com/matttproud/golang_protobuf_extensions v1.0.4 +go: downloading github.com/creack/pty v1.1.18 +go: downloading github.com/go-logr/zapr v1.3.0 +go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd +go: downloading github.com/modern-go/reflect2 v1.0.2 +go: downloading github.com/google/btree v1.0.1 +go: downloading github.com/NYTimes/gziphandler v1.1.1 +go: downloading github.com/go-openapi/jsonpointer v0.19.6 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/fvbommel/sortorder v1.1.0 +go: downloading github.com/gorilla/websocket v1.5.0 +go: downloading github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 +go: downloading go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240805184523-43740e9179f5 +go: downloading github.com/coreos/go-oidc v2.2.1+incompatible +go: downloading github.com/felixge/httpsnoop v1.0.3 +go: downloading go.opentelemetry.io/otel/metric v1.19.0 +go: downloading github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f +go: downloading github.com/distribution/reference v0.5.0 +go: downloading github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible +go: downloading github.com/containerd/ttrpc v1.2.2 +go: downloading github.com/opencontainers/go-digest v1.0.0 +go: downloading github.com/grpc-ecosystem/grpc-gateway v1.16.0 +go: downloading github.com/soheilhy/cmux v0.1.5 +go: downloading github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 +go: downloading go.etcd.io/bbolt v1.3.8 +go: downloading go.etcd.io/etcd/pkg/v3 v3.5.10 +go: downloading github.com/euank/go-kmsg-parser v2.0.0+incompatible +go: downloading github.com/go-logr/stdr v1.2.2 +go: downloading github.com/cenkalti/backoff/v4 v4.2.1 +go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 +go: downloading github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e +go: downloading github.com/containerd/cgroups v1.1.0 +go: downloading github.com/Microsoft/hcsshim v0.8.25 +go: downloading github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab +go: downloading github.com/lithammer/dedent v1.1.0 +go: downloading cloud.google.com/go/compute/metadata v0.2.3 +go: downloading github.com/godbus/dbus/v5 v5.1.0 +go: downloading cloud.google.com/go/compute v1.23.0 +go: downloading github.com/stoewer/go-strcase v1.2.0 +go: downloading github.com/moby/spdystream v0.2.0 +go: downloading github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 +go: downloading go.opentelemetry.io/contrib/propagators/b3 v1.17.0 +go: downloading github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.1-0.20220218231025-f11817397a1b +go: downloading google.golang.org/api v0.126.0 +go: downloading gopkg.in/gcfg.v1 v1.2.3 +go: downloading github.com/mohae/deepcopy v0.0.0-20170603005431-491d3605edfb +go: downloading github.com/kr/text v0.2.0 +go: downloading github.com/rogpeppe/go-internal v1.10.0 +go: downloading google.golang.org/appengine v1.6.7 +go: downloading github.com/sergi/go-diff v1.1.0 +go: downloading github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 +go: downloading github.com/josharian/intern v1.0.0 +go: downloading github.com/fatih/camelcase v1.0.0 +go: downloading github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a +go: downloading github.com/pquerna/cachecontrol v0.1.0 +go: downloading golang.org/x/mod v0.15.0 +go: downloading github.com/stretchr/objx v0.5.0 +go: downloading github.com/checkpoint-restore/go-criu/v5 v5.3.0 +go: downloading github.com/containerd/console v1.0.3 +go: downloading github.com/mrunalp/fileutils v0.5.1 +go: downloading go.etcd.io/etcd/raft/v3 v3.5.10 +go: downloading github.com/dustin/go-humanize v1.0.1 +go: downloading github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 +go: downloading github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 +go: downloading github.com/docker/docker v20.10.27+incompatible +go: downloading github.com/docker/go-connections v0.4.0 +go: downloading github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df +go: downloading gopkg.in/warnings.v0 v0.1.2 +go: downloading github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 +go: downloading github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 +go: downloading github.com/xlab/treeprint v1.2.0 +go: downloading github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 +go: downloading github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 +go: downloading github.com/go-ldap/ldap/v3 v3.4.3 +go: downloading github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 +go: downloading github.com/seccomp/libseccomp-golang v0.10.0 +go: downloading github.com/cilium/ebpf v0.9.1 +go: downloading github.com/golang-jwt/jwt/v4 v4.5.0 +go: downloading go.etcd.io/etcd/client/v2 v2.305.10 +go: downloading github.com/opencontainers/image-spec v1.0.2 +go: downloading github.com/docker/distribution v2.8.2+incompatible +go: downloading github.com/golang/glog v1.1.2 +go: downloading go.opencensus.io v0.24.0 +go: downloading golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e +go: downloading github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 +go: downloading github.com/envoyproxy/protoc-gen-validate v1.0.2 +go: downloading github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e +go: downloading github.com/go-asn1-ber/asn1-ber v1.5.4 +go: downloading github.com/frankban/quicktest v1.14.0 +go: downloading go.starlark.net v0.0.0-20230525235612-a134d8f9ddca +go: downloading github.com/google/s2a-go v0.1.7 +go: downloading github.com/googleapis/gax-go/v2 v2.11.0 +go: downloading github.com/googleapis/enterprise-certificate-proxy v0.2.3 +go mod edit -require github.com/openshift/route-controller-manager@a47f6be3676d3eabb864ca339584fe857e1076c5 +go mod edit -replace k8s.io/api=github.com/openshift/kubernetes/staging/src/k8s.io/api@43740e9179f50acbf24f0c597f78fa9abd121c96 +go mod edit -replace k8s.io/apiextensions-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/apimachinery=github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cli-runtime=github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/client-go=github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cloud-provider=github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cluster-bootstrap=github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/code-generator=github.com/openshift/kubernetes/staging/src/k8s.io/code-generator@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/component-base=github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/component-helpers=github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cri-api=github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/csi-translation-lib=github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/dynamic-resource-allocation=github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/endpointslice=github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kms=github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-aggregator=github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-proxy=github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-scheduler=github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kubectl=github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kubelet=github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/legacy-cloud-providers=github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/metrics=github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/mount-utils=github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/pod-security-admission=github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/sample-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/sample-cli-plugin=github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/sample-controller=github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace github.com/onsi/ginkgo/v2=github.com/openshift/onsi-ginkgo/v2@v2.6.1-0.20240314173009-2cd07f4ca53d +go mod edit -replace k8s.io/api=github.com/openshift/kubernetes/staging/src/k8s.io/api@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/apiextensions-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/apimachinery=github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cli-runtime=github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/client-go=github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cloud-provider=github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cluster-bootstrap=github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/code-generator=github.com/openshift/kubernetes/staging/src/k8s.io/code-generator@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/component-base=github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/component-helpers=github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cri-api=github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/csi-translation-lib=github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/dynamic-resource-allocation=github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kms=github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-aggregator=github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-proxy=github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-scheduler=github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kubectl=github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kubelet=github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kubernetes=github.com/openshift/kubernetes@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/legacy-cloud-providers=github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/metrics=github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/mount-utils=github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/pod-security-admission=github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/sample-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/sample-cli-plugin=github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/sample-controller=github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace go.etcd.io/etcd/api/v3=github.com/openshift/etcd/api/v3@1fb3165305efc8d986344b555b22592e6e6c1786 +go mod edit -replace go.etcd.io/etcd/client/pkg/v3=github.com/openshift/etcd/client/pkg/v3@v3.5.1-0.20240613152121-1fb3165305ef +go mod edit -replace go.etcd.io/etcd/client/v3=github.com/openshift/etcd/client/v3@v3.5.1-0.20240613152121-1fb3165305ef +go mod edit -replace sigs.k8s.io/kube-storage-version-migrator=github.com/openshift/kubernetes-kube-storage-version-migrator@34fafc04e5f2872e282617da31175a7e091ffdb2 +go mod edit -replace k8s.io/endpointslice=github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240805184523-43740e9179f5 +# Updating etcd/go.mod +go mod edit -require github.com/openshift/cluster-policy-controller@c502ece1b8bdccdbc58a327520685d9a1d2f59cf +go: downloading github.com/openshift/etcd/server/v3 v3.5.1-0.20240613152121-1fb3165305ef +go: downloading go.etcd.io/bbolt v1.3.10 +go: downloading github.com/openshift/etcd/pkg/v3 v3.5.1-0.20240613152121-1fb3165305ef +go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.20.0 +go: downloading go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 +go: downloading go.opentelemetry.io/otel v1.20.0 +go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.20.0 +go: downloading go.opentelemetry.io/otel/sdk v1.20.0 +go: downloading github.com/sirupsen/logrus v1.9.3 +go: downloading github.com/openshift/etcd/raft/v3 v3.5.1-0.20240613152121-1fb3165305ef +go: downloading go.opentelemetry.io/otel/metric v1.20.0 +go: downloading go.opentelemetry.io/otel/trace v1.20.0 +go: downloading go.etcd.io/etcd/client/v2 v2.305.14 +go: downloading cloud.google.com/go v0.110.7 +go: downloading github.com/cockroachdb/datadriven v1.0.2 +go mod edit -require github.com/openshift/route-controller-manager@a47f6be3676d3eabb864ca339584fe857e1076c5 +go mod edit -replace k8s.io/api=github.com/openshift/kubernetes/staging/src/k8s.io/api@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/apiextensions-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/apimachinery=github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cli-runtime=github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/client-go=github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cloud-provider=github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cluster-bootstrap=github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/code-generator=github.com/openshift/kubernetes/staging/src/k8s.io/code-generator@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/component-base=github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/component-helpers=github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cri-api=github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/csi-translation-lib=github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/dynamic-resource-allocation=github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/endpointslice=github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kms=github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-aggregator=github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-proxy=github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-scheduler=github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kubectl=github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kubelet=github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/legacy-cloud-providers=github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/metrics=github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/mount-utils=github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/pod-security-admission=github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/sample-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/sample-cli-plugin=github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/sample-controller=github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller@v0.0.0-20240805184523-43740e9179f5 +skipping modulepath github.com/openshift/microshift: no or unknown command [] +skipping modulepath github.com/openshift/microshift/pkg/config: no or unknown command [] +skipping modulepath github.com/openshift/microshift/pkg/util/cryptomaterial: no or unknown command [] +go mod edit -replace github.com/onsi/ginkgo/v2=github.com/openshift/onsi-ginkgo/v2@v2.6.1-0.20240314173009-2cd07f4ca53d +go mod edit -replace go.etcd.io/etcd/api/v3=github.com/openshift/etcd/api/v3@v3.5.1-0.20240613152121-1fb3165305ef +go mod edit -replace go.etcd.io/etcd/client/pkg/v3=github.com/openshift/etcd/client/pkg/v3@v3.5.1-0.20240613152121-1fb3165305ef +go mod edit -replace go.etcd.io/etcd/client/v3=github.com/openshift/etcd/client/v3@v3.5.1-0.20240613152121-1fb3165305ef +go mod edit -replace go.etcd.io/etcd/pkg/v3=github.com/openshift/etcd/pkg/v3@v3.5.1-0.20240613152121-1fb3165305ef +go mod edit -replace go.etcd.io/etcd/raft/v3=github.com/openshift/etcd/raft/v3@v3.5.1-0.20240613152121-1fb3165305ef +go mod edit -replace go.etcd.io/etcd/server/v3=github.com/openshift/etcd/server/v3@v3.5.1-0.20240613152121-1fb3165305ef +go mod edit -replace k8s.io/api=github.com/openshift/kubernetes/staging/src/k8s.io/api@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/apiextensions-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/apimachinery=github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cli-runtime=github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/client-go=github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cloud-provider=github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cluster-bootstrap=github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/code-generator=github.com/openshift/kubernetes/staging/src/k8s.io/code-generator@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/component-base=github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/component-helpers=github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/cri-api=github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/csi-translation-lib=github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/dynamic-resource-allocation=github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kms=github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-aggregator=github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-proxy=github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kube-scheduler=github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kubectl=github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/kubelet=github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/legacy-cloud-providers=github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/metrics=github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/mount-utils=github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/pod-security-admission=github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/sample-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/sample-cli-plugin=github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/sample-controller=github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller@v0.0.0-20240805184523-43740e9179f5 +go mod edit -replace k8s.io/endpointslice=github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240805184523-43740e9179f5 +No changes in microshift/go.mod. +No changes in etcd/go.mod. +Rebasing release_*.json +## Committing changes to pkg/release +[rebase-release-4.17-4.17.0-0.nightly-2024-08-13-031847_amd64-2024-08-13_arm64-2024-08-13 ad90af9fc] update component images + 1 file changed, 1 insertion(+), 1 deletion(-) +Copying manifests +2024-08-15 04:12:29,451 INFO Clearing directory assets/components/openshift-dns/dns/ +2024-08-15 04:12:29,452 DEBUG Copying assets/components/openshift-dns/dns/cluster-role-binding.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/dns/cluster-role-binding.yaml +2024-08-15 04:12:29,453 DEBUG Copying assets/components/openshift-dns/dns/cluster-role.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/dns/cluster-role.yaml +2024-08-15 04:12:29,453 INFO Restoring assets/components/openshift-dns/dns/configmap.yaml +2024-08-15 04:12:29,453 DEBUG Executing 'git restore assets/components/openshift-dns/dns/configmap.yaml' +2024-08-15 04:12:29,471 DEBUG Copying assets/components/openshift-dns/dns/daemonset.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/dns/daemonset.yaml +2024-08-15 04:12:29,472 DEBUG Copying assets/components/openshift-dns/dns/namespace.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/dns/namespace.yaml +2024-08-15 04:12:29,472 DEBUG Copying assets/components/openshift-dns/dns/service-account.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/dns/service-account.yaml +2024-08-15 04:12:29,473 DEBUG Copying assets/components/openshift-dns/dns/service.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/dns/service.yaml +2024-08-15 04:12:29,474 INFO Clearing directory assets/components/openshift-dns/node-resolver +2024-08-15 04:12:29,474 WARNING Ignoring components/openshift-dns/node-resolver/daemonset.yaml because it's created by processing daemonset.yaml.tmpl +2024-08-15 04:12:29,474 INFO Restoring assets/components/openshift-dns/node-resolver/daemonset.yaml.tmpl +2024-08-15 04:12:29,474 DEBUG Executing 'git restore assets/components/openshift-dns/node-resolver/daemonset.yaml.tmpl' +2024-08-15 04:12:29,494 DEBUG Copying assets/components/openshift-dns/node-resolver/service-account.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/node-resolver/service-account.yaml +2024-08-15 04:12:29,495 DEBUG Copying assets/components/openshift-dns/node-resolver/update-node-resolver.sh <- _output/staging/cluster-dns-operator/pkg/manifests/assets/node-resolver/update-node-resolver.sh +2024-08-15 04:12:29,495 INFO Clearing directory assets/components/openshift-router/ +2024-08-15 04:12:29,496 DEBUG Copying assets/components/openshift-router/cluster-role-binding.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/cluster-role-binding.yaml +2024-08-15 04:12:29,497 DEBUG Copying assets/components/openshift-router/cluster-role.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/cluster-role.yaml +2024-08-15 04:12:29,497 INFO Restoring assets/components/openshift-router/cluster-role-system-router.yaml +2024-08-15 04:12:29,497 DEBUG Executing 'git restore assets/components/openshift-router/cluster-role-system-router.yaml' +2024-08-15 04:12:29,514 INFO Restoring assets/components/openshift-router/configmap.yaml +2024-08-15 04:12:29,515 DEBUG Executing 'git restore assets/components/openshift-router/configmap.yaml' +2024-08-15 04:12:29,534 DEBUG Copying assets/components/openshift-router/deployment.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/deployment.yaml +2024-08-15 04:12:29,535 DEBUG Copying assets/components/openshift-router/namespace.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/namespace.yaml +2024-08-15 04:12:29,535 DEBUG Copying assets/components/openshift-router/service-account.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/service-account.yaml +2024-08-15 04:12:29,536 DEBUG Copying assets/components/openshift-router/service-internal.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/service-internal.yaml +2024-08-15 04:12:29,537 DEBUG Copying assets/components/openshift-router/service-cloud.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/service-cloud.yaml +2024-08-15 04:12:29,537 INFO Restoring assets/components/openshift-router/serving-certificate.yaml +2024-08-15 04:12:29,537 DEBUG Executing 'git restore assets/components/openshift-router/serving-certificate.yaml' +2024-08-15 04:12:29,556 INFO Restoring assets/components/openshift-router/cluster-role-aggregate-route.yaml +2024-08-15 04:12:29,556 DEBUG Executing 'git restore assets/components/openshift-router/cluster-role-aggregate-route.yaml' +2024-08-15 04:12:29,575 WARNING Ignoring components/ovn/ because it's not covered by rebase script yet +2024-08-15 04:12:29,575 INFO Clearing directory assets/components/service-ca/ +2024-08-15 04:12:29,576 DEBUG Copying assets/components/service-ca/clusterrole.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/clusterrole.yaml +2024-08-15 04:12:29,576 DEBUG Copying assets/components/service-ca/clusterrolebinding.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/clusterrolebinding.yaml +2024-08-15 04:12:29,576 DEBUG Copying assets/components/service-ca/deployment.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/deployment.yaml +2024-08-15 04:12:29,576 DEBUG Copying assets/components/service-ca/ns.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/ns.yaml +2024-08-15 04:12:29,576 DEBUG Copying assets/components/service-ca/role.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/role.yaml +2024-08-15 04:12:29,577 DEBUG Copying assets/components/service-ca/rolebinding.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/rolebinding.yaml +2024-08-15 04:12:29,577 DEBUG Copying assets/components/service-ca/sa.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/sa.yaml +2024-08-15 04:12:29,577 DEBUG Copying assets/components/service-ca/signing-cabundle.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/signing-cabundle.yaml +2024-08-15 04:12:29,577 DEBUG Copying assets/components/service-ca/signing-secret.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/signing-secret.yaml +2024-08-15 04:12:29,577 INFO Not clearing dir components/csi-snapshot-controller/ +2024-08-15 04:12:29,577 DEBUG Copying assets/components/csi-snapshot-controller/csi_controller_deployment.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/csi_controller_deployment.yaml +2024-08-15 04:12:29,578 DEBUG Copying assets/components/csi-snapshot-controller/serviceaccount.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/serviceaccount.yaml +2024-08-15 04:12:29,579 DEBUG Copying assets/components/csi-snapshot-controller/webhook_config.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/webhook_config.yaml +2024-08-15 04:12:29,579 DEBUG Copying assets/components/csi-snapshot-controller/webhook_deployment.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/webhook_deployment.yaml +2024-08-15 04:12:29,580 DEBUG Copying assets/components/csi-snapshot-controller/webhook_service.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/webhook_service.yaml +2024-08-15 04:12:29,580 DEBUG Copying assets/components/csi-snapshot-controller/webhook_serviceaccount.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/webhook_serviceaccount.yaml +2024-08-15 04:12:29,581 DEBUG Copying assets/components/csi-snapshot-controller/webhook_clusterrole.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/./rbac/webhook_clusterrole.yaml +2024-08-15 04:12:29,582 DEBUG Copying assets/components/csi-snapshot-controller/webhook_clusterrolebinding.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/./rbac/webhook_clusterrolebinding.yaml +2024-08-15 04:12:29,582 DEBUG Copying assets/components/csi-snapshot-controller/volumesnapshotclasses.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/volumesnapshotclasses.yaml +2024-08-15 04:12:29,583 DEBUG Copying assets/components/csi-snapshot-controller/volumesnapshotcontents.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/volumesnapshotcontents.yaml +2024-08-15 04:12:29,584 DEBUG Copying assets/components/csi-snapshot-controller/volumesnapshots.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/volumesnapshots.yaml +2024-08-15 04:12:29,584 DEBUG Copying assets/components/csi-snapshot-controller/05_operand_rbac.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/../manifests/05_operand_rbac.yaml +2024-08-15 04:12:29,585 WARNING Ignoring components/csi-snapshot-controller/clusterrole.yaml because extracted automatically from 05_operand_rbac.yaml +2024-08-15 04:12:29,585 WARNING Ignoring components/csi-snapshot-controller/clusterrolebinding.yaml because extracted automatically from 05_operand_rbac.yaml +2024-08-15 04:12:29,585 INFO Clearing directory assets/controllers/cluster-policy-controller/ +2024-08-15 04:12:29,586 DEBUG Copying assets/controllers/cluster-policy-controller/namespace-security-allocation-controller-clusterrole.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/namespace-security-allocation-controller-clusterrole.yaml +2024-08-15 04:12:29,586 DEBUG Copying assets/controllers/cluster-policy-controller/namespace-security-allocation-controller-clusterrolebinding.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/namespace-security-allocation-controller-clusterrolebinding.yaml +2024-08-15 04:12:29,587 DEBUG Copying assets/controllers/cluster-policy-controller/podsecurity-admission-label-syncer-controller-clusterrole.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/podsecurity-admission-label-syncer-controller-clusterrole.yaml +2024-08-15 04:12:29,587 DEBUG Copying assets/controllers/cluster-policy-controller/podsecurity-admission-label-syncer-controller-clusterrolebinding.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/podsecurity-admission-label-syncer-controller-clusterrolebinding.yaml +2024-08-15 04:12:29,588 DEBUG Copying assets/controllers/cluster-policy-controller/podsecurity-admission-label-privileged-namespaces-syncer-controller-clusterrole.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/podsecurity-admission-label-privileged-namespaces-syncer-controller-clusterrole.yaml +2024-08-15 04:12:29,588 DEBUG Copying assets/controllers/cluster-policy-controller/podsecurity-admission-label-privileged-namespaces-syncer-controller-clusterrolebinding.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/podsecurity-admission-label-privileged-namespaces-syncer-controller-clusterrolebinding.yaml +2024-08-15 04:12:29,589 INFO Clearing directory assets/controllers/kube-apiserver/ +2024-08-15 04:12:29,589 DEBUG Copying assets/controllers/kube-apiserver/config-overrides.yaml <- _output/staging/cluster-kube-apiserver-operator/bindata/assets/config/config-overrides.yaml +2024-08-15 04:12:29,590 DEBUG Copying assets/controllers/kube-apiserver/defaultconfig.yaml <- _output/staging/cluster-kube-apiserver-operator/bindata/assets/config/defaultconfig.yaml +2024-08-15 04:12:29,590 INFO Clearing directory assets/controllers/kube-controller-manager/ +2024-08-15 04:12:29,591 DEBUG Copying assets/controllers/kube-controller-manager/defaultconfig.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/../config/defaultconfig.yaml +2024-08-15 04:12:29,591 DEBUG Copying assets/controllers/kube-controller-manager/csr_approver_clusterrole.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/csr_approver_clusterrole.yaml +2024-08-15 04:12:29,592 DEBUG Copying assets/controllers/kube-controller-manager/csr_approver_clusterrolebinding.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/csr_approver_clusterrolebinding.yaml +2024-08-15 04:12:29,592 DEBUG Copying assets/controllers/kube-controller-manager/namespace-openshift-kube-controller-manager.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/ns.yaml +2024-08-15 04:12:29,593 INFO Clearing directory assets/controllers/openshift-default-scc-manager/ +2024-08-15 04:12:29,594 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-anyuid.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-anyuid.yaml +2024-08-15 04:12:29,594 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-hostaccess.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-hostaccess.yaml +2024-08-15 04:12:29,595 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-hostmount-anyuid.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-hostmount-anyuid.yaml +2024-08-15 04:12:29,595 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-hostnetwork-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-hostnetwork-v2.yaml +2024-08-15 04:12:29,596 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-hostnetwork.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-hostnetwork.yaml +2024-08-15 04:12:29,596 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-nonroot-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-nonroot-v2.yaml +2024-08-15 04:12:29,597 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-nonroot.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-nonroot.yaml +2024-08-15 04:12:29,597 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-privileged.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-privileged.yaml +2024-08-15 04:12:29,598 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-restricted-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-restricted-v2.yaml +2024-08-15 04:12:29,598 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-restricted.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-restricted.yaml +2024-08-15 04:12:29,599 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_crb-systemauthenticated-scc-restricted-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_crb-systemauthenticated-scc-restricted-v2.yaml +2024-08-15 04:12:29,599 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-anyuid.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-anyuid.yaml +2024-08-15 04:12:29,600 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-hostaccess.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-hostaccess.yaml +2024-08-15 04:12:29,600 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-hostmount-anyuid.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-hostmount-anyuid.yaml +2024-08-15 04:12:29,601 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-hostnetwork-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-hostnetwork-v2.yaml +2024-08-15 04:12:29,601 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-hostnetwork.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-hostnetwork.yaml +2024-08-15 04:12:29,602 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-nonroot-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-nonroot-v2.yaml +2024-08-15 04:12:29,602 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-nonroot.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-nonroot.yaml +2024-08-15 04:12:29,603 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-privileged.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-privileged.yaml +2024-08-15 04:12:29,603 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-restricted-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-restricted-v2.yaml +2024-08-15 04:12:29,604 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-restricted.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-restricted.yaml +2024-08-15 04:12:29,604 INFO Clearing directory assets/controllers/route-controller-manager/ +2024-08-15 04:12:29,605 DEBUG Copying assets/controllers/route-controller-manager/ns.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/ns.yaml +2024-08-15 04:12:29,605 DEBUG Copying assets/controllers/route-controller-manager/sa.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/sa.yaml +2024-08-15 04:12:29,607 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-clusterrole.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-clusterrole.yaml +2024-08-15 04:12:29,608 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-clusterrolebinding.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-clusterrolebinding.yaml +2024-08-15 04:12:29,608 DEBUG Copying assets/controllers/route-controller-manager/informer-clusterrolebinding.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/informer-clusterrolebinding.yaml +2024-08-15 04:12:29,609 DEBUG Copying assets/controllers/route-controller-manager/informer-clusterrole.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/informer-clusterrole.yaml +2024-08-15 04:12:29,609 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrolebinding.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrolebinding.yaml +2024-08-15 04:12:29,610 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrole.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrole.yaml +2024-08-15 04:12:29,610 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-ns.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-ns.yaml +2024-08-15 04:12:29,611 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-sa.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-sa.yaml +2024-08-15 04:12:29,611 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-separate-sa-rolebinding.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-separate-sa-rolebinding.yaml +2024-08-15 04:12:29,612 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-separate-sa-role.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-separate-sa-role.yaml +2024-08-15 04:12:29,612 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-tokenreview-clusterrolebinding.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-tokenreview-clusterrolebinding.yaml +2024-08-15 04:12:29,613 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-tokenreview-clusterrole.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-tokenreview-clusterrole.yaml +2024-08-15 04:12:29,613 INFO Restoring assets/controllers/route-controller-manager/route-controller-manager-authentication-reader-rolebinding.yaml +2024-08-15 04:12:29,613 DEBUG Executing 'git restore assets/controllers/route-controller-manager/route-controller-manager-authentication-reader-rolebinding.yaml' +2024-08-15 04:12:29,631 INFO Not clearing dir core/ +2024-08-15 04:12:29,631 DEBUG Copying assets/core/0000_50_cluster-openshift-controller-manager_00_namespace.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/ns.yaml +2024-08-15 04:12:29,631 DEBUG Copying assets/core/namespace-openshift-infra.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/namespace-openshift-infra.yaml +2024-08-15 04:12:29,632 WARNING Ignoring core/priority-class-openshift-user-critical.yaml because it's a priority class needed for oc debug node command - not available in any repo that rebase is using +2024-08-15 04:12:29,632 WARNING Ignoring core/securityv1-local-apiservice.yaml because it's a local API service for security API group, needed if OpenShift API server is not present +2024-08-15 04:12:29,632 DEBUG Copying assets/core/kubelet.yaml <- _output/staging/machine-config-operator/templates/master/01-master-kubelet/_base/files/kubelet.yaml +2024-08-15 04:12:29,632 INFO Clearing directory assets/crd/ +2024-08-15 04:12:29,633 DEBUG Copying assets/crd/0000_03_config-operator_01_securitycontextconstraints.crd.yaml <- _output/staging/release-manifests/0000_03_config-operator_01_securitycontextconstraints.crd.yaml +2024-08-15 04:12:29,634 DEBUG Copying assets/crd/0000_03_config-operator_02_rangeallocations.crd.yaml <- _output/staging/release-manifests/0000_03_config-operator_02_rangeallocations.crd.yaml +2024-08-15 04:12:29,634 DEBUG Copying assets/crd/storage_version_migration.crd.yaml <- _output/staging/release-manifests/0000_50_cluster-kube-storage-version-migrator-operator_01_storage_migration_crd.yaml +2024-08-15 04:12:29,635 DEBUG Copying assets/crd/route.crd.yaml <- _output/staging/api/route/v1/zz_generated.crd-manifests/routes-Default.crd.yaml +2024-08-15 04:12:29,636 WARNING Ignoring release/ because it contains files generated during rebase procedure +2024-08-15 04:12:29,636 INFO Not clearing dir version/ +2024-08-15 04:12:29,636 WARNING Ignoring version/microshift-version.yaml because it's a template for ConfigMap processed during runtime +2024-08-15 04:12:29,636 WARNING Ignoring embed.go because it's a MicroShift specific Go file that embeds into a binary +2024-08-15 04:12:29,636 INFO Clearing directory assets/optional/operator-lifecycle-manager/ +2024-08-15 04:12:29,637 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_00-catalogsources.crd.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_00-catalogsources.crd.yaml +2024-08-15 04:12:29,638 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_00-clusterserviceversions.crd.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_00-clusterserviceversions.crd.yaml +2024-08-15 04:12:29,638 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_00-installplans.crd.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_00-installplans.crd.yaml +2024-08-15 04:12:29,638 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_00-namespace.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_00-namespace.yaml +2024-08-15 04:12:29,639 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_00-olmconfigs.crd.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_00-olmconfigs.crd.yaml +2024-08-15 04:12:29,639 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_00-operatorconditions.crd.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_00-operatorconditions.crd.yaml +2024-08-15 04:12:29,639 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_00-operatorgroups.crd.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_00-operatorgroups.crd.yaml +2024-08-15 04:12:29,639 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_00-operators.crd.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_00-operators.crd.yaml +2024-08-15 04:12:29,639 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_00-packageserver.pdb.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_00-packageserver.pdb.yaml +2024-08-15 04:12:29,640 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_00-pprof-config.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_00-pprof-config.yaml +2024-08-15 04:12:29,640 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_00-pprof-rbac.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_00-pprof-rbac.yaml +2024-08-15 04:12:29,640 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_00-pprof-secret.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_00-pprof-secret.yaml +2024-08-15 04:12:29,640 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_00-subscriptions.crd.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_00-subscriptions.crd.yaml +2024-08-15 04:12:29,641 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_01-olm-operator.serviceaccount.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_01-olm-operator.serviceaccount.yaml +2024-08-15 04:12:29,641 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_02-olmconfig.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_02-olmconfig.yaml +2024-08-15 04:12:29,641 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_02-services.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_02-services.yaml +2024-08-15 04:12:29,641 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_07-olm-operator.deployment.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_07-olm-operator.deployment.yaml +2024-08-15 04:12:29,641 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_08-catalog-operator.deployment.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_08-catalog-operator.deployment.yaml +2024-08-15 04:12:29,641 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_09-aggregated.clusterrole.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_09-aggregated.clusterrole.yaml +2024-08-15 04:12:29,642 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_13-operatorgroup-default.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_13-operatorgroup-default.yaml +2024-08-15 04:12:29,642 DEBUG Copying assets/optional/operator-lifecycle-manager/0000_50_olm_15-csv-viewer.rbac.yaml <- _output/staging/operator-framework-olm/microshift-manifests/0000_50_olm_15-csv-viewer.rbac.yaml +2024-08-15 04:12:29,642 DEBUG Copying assets/optional/operator-lifecycle-manager/image-references <- _output/staging/operator-framework-olm/microshift-manifests/image-references +2024-08-15 04:12:29,642 DEBUG Copying assets/optional/operator-lifecycle-manager/kustomization.yaml <- _output/staging/operator-framework-olm/microshift-manifests/kustomization.yaml +2024-08-15 04:12:29,642 WARNING Ignoring optional/operator-lifecycle-manager/kustomization.x86_64.yaml because gets generated during image rebase +2024-08-15 04:12:29,642 WARNING Ignoring optional/operator-lifecycle-manager/kustomization.aarch64.yaml because gets generated during image rebase +2024-08-15 04:12:29,642 WARNING Ignoring optional/operator-lifecycle-manager/release-olm-aarch64.json because gets generated during image rebase +2024-08-15 04:12:29,642 WARNING Ignoring optional/operator-lifecycle-manager/release-olm-x86_64.json because gets generated during image rebase +2024-08-15 04:12:29,642 WARNING Ignoring optional/multus/ because they don't exist in upstream repository - only in microshift +Modifying OpenShift manifests +Error: bad file '/go/src/github.com/openshift/microshift/assets/core/kubelet.yaml': yaml: line 28: did not find expected node content