From 4b59baa8cb32055714909f0795b4e345d71c1a7e Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Thu, 2 Apr 2026 05:10:16 -0700 Subject: [PATCH] *: Shift ClusterResourceQuotas CRD from 0000_03 to 0000_00_fast_... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [1] describes this constraint: ... the ClusterResourceQuota CRD must be applied in the first 30s after startup (the timeout of the rbac/bootstrap-roles post-start hook). This is a problem because of a dependency in kube-apiserver: 1. ClusterResourceQuota admission plugin tries to sync informers on startup 2. Informer LIST fails because CRD doesn't exist yet 3. Plugin blocks ALL namespaced resource requests for 10s waiting for sync 4. ServiceAccounts get created BEFORE the CRD (alphabetical ordering) 5. Requests blocked → 10s timeout → failures → liveness check fails → pod killed and points out that recent cluster-version operator changes in the 0000_00-cluster-version-opreator_... space have slowed the CRD too much, and it trips off that liveness-check cycle. With this pull, I'm moving the critical, bootstrap-time CRD up to 0000_00_fast_... to sort before 0000_00_cluster-version-operator_... That should reliably address the kube-apiserver liveness check. It will also means that failures reconciling the CRD will block the new CVO from rolling out during updates, which could make things sticky (e.g. requiring manual work to unstick CVO bugs in CRD application, because we'd need to successfully apply this CRD before we got to the update's new CVO). But CRD-application issues don't crop up too often, and the kube-apiserver liveness issue is cropping up today in CI. [1]: https://redhat.atlassian.net/browse/OCPBUGS-81627 --- ...as.crd.yaml => 0000_00_fast_01_clusterresourcequotas.crd.yaml} | 0 ...as.crd.yaml => 0000_00_fast_01_clusterresourcequotas.crd.yaml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename payload-manifests/crds/{0000_03_config-operator_01_clusterresourcequotas.crd.yaml => 0000_00_fast_01_clusterresourcequotas.crd.yaml} (100%) rename quota/v1/zz_generated.crd-manifests/{0000_03_config-operator_01_clusterresourcequotas.crd.yaml => 0000_00_fast_01_clusterresourcequotas.crd.yaml} (100%) diff --git a/payload-manifests/crds/0000_03_config-operator_01_clusterresourcequotas.crd.yaml b/payload-manifests/crds/0000_00_fast_01_clusterresourcequotas.crd.yaml similarity index 100% rename from payload-manifests/crds/0000_03_config-operator_01_clusterresourcequotas.crd.yaml rename to payload-manifests/crds/0000_00_fast_01_clusterresourcequotas.crd.yaml diff --git a/quota/v1/zz_generated.crd-manifests/0000_03_config-operator_01_clusterresourcequotas.crd.yaml b/quota/v1/zz_generated.crd-manifests/0000_00_fast_01_clusterresourcequotas.crd.yaml similarity index 100% rename from quota/v1/zz_generated.crd-manifests/0000_03_config-operator_01_clusterresourcequotas.crd.yaml rename to quota/v1/zz_generated.crd-manifests/0000_00_fast_01_clusterresourcequotas.crd.yaml