From e63c0d574066cae6bee919ded70d87eeb47caa35 Mon Sep 17 00:00:00 2001 From: Zane Bitter Date: Tue, 7 Apr 2026 15:31:50 +1200 Subject: [PATCH] OCPBUGS-81627: Load ClusterResourceQuota CRD before CVO manifests The CRD ClusterResourceQuota is required by kube-apiserver in order to access any namespaced resource. Therefore, during bootstrapping it must be applied prior to serveral of the resource manifests that are contributed by the Cluster Version Operator, which (creates a Deployment and several related resources in the cluster-version-operator namespace). This can result in the apiserver failing its startup checks before the ClusterResourceQuota is applied, and going into a failure loop from which it never recovers. Therefore rename the manifest file from 0000_03_config-operator_... to 0000_00_apiserver_... to ensure that it sorts before the 0000_00_cluster-version-operator_* manifests. --- hack/update-payload-crds.sh | 2 +- ...ml => 0000_00_apiserver_01_clusterresourcequotas.crd.yaml} | 0 quota/v1/generated.proto | 2 +- quota/v1/types.go | 2 +- ...ml => 0000_00_apiserver_01_clusterresourcequotas.crd.yaml} | 0 quota/v1/zz_generated.featuregated-crd-manifests.yaml | 4 ++-- .../clusterresourcequotas.quota.openshift.io/AAA_ungated.yaml | 4 ++-- 7 files changed, 7 insertions(+), 7 deletions(-) rename payload-manifests/crds/{0000_03_config-operator_01_clusterresourcequotas.crd.yaml => 0000_00_apiserver_01_clusterresourcequotas.crd.yaml} (100%) rename quota/v1/zz_generated.crd-manifests/{0000_03_config-operator_01_clusterresourcequotas.crd.yaml => 0000_00_apiserver_01_clusterresourcequotas.crd.yaml} (100%) diff --git a/hack/update-payload-crds.sh b/hack/update-payload-crds.sh index 3a8f34dda13..37345ec072c 100755 --- a/hack/update-payload-crds.sh +++ b/hack/update-payload-crds.sh @@ -9,7 +9,7 @@ crd_globs="\ machine/v1/zz_generated.crd-manifests/*.crd*yaml\ operator/v1/zz_generated.crd-manifests//*_config-operator_*.crd*yaml\ operator/v1alpha1/zz_generated.crd-manifests//*_config-operator_*.crd*yaml\ - quota/v1/zz_generated.crd-manifests/*_config-operator_*.crd*yaml\ + quota/v1/zz_generated.crd-manifests/*.crd.yaml\ security/v1/zz_generated.crd-manifests/*_config-operator_*.crd*yaml\ securityinternal/v1/zz_generated.crd-manifests/*_config-operator_*.crd*yaml operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications*.crd.yaml diff --git a/payload-manifests/crds/0000_03_config-operator_01_clusterresourcequotas.crd.yaml b/payload-manifests/crds/0000_00_apiserver_01_clusterresourcequotas.crd.yaml similarity index 100% rename from payload-manifests/crds/0000_03_config-operator_01_clusterresourcequotas.crd.yaml rename to payload-manifests/crds/0000_00_apiserver_01_clusterresourcequotas.crd.yaml diff --git a/quota/v1/generated.proto b/quota/v1/generated.proto index fb7fed242a8..998c594732b 100644 --- a/quota/v1/generated.proto +++ b/quota/v1/generated.proto @@ -51,7 +51,7 @@ message AppliedClusterResourceQuotaList { // +kubebuilder:resource:path=clusterresourcequotas,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 +// +openshift:file-pattern=cvoRunLevel=0000_00,operatorName=apiserver,operatorOrdering=01 // +openshift:compatibility-gen:level=1 // +kubebuilder:metadata:annotations=release.openshift.io/bootstrap-required=true message ClusterResourceQuota { diff --git a/quota/v1/types.go b/quota/v1/types.go index 0cfb85f87e4..9f609621467 100644 --- a/quota/v1/types.go +++ b/quota/v1/types.go @@ -17,7 +17,7 @@ import ( // +kubebuilder:resource:path=clusterresourcequotas,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 +// +openshift:file-pattern=cvoRunLevel=0000_00,operatorName=apiserver,operatorOrdering=01 // +openshift:compatibility-gen:level=1 // +kubebuilder:metadata:annotations=release.openshift.io/bootstrap-required=true type ClusterResourceQuota struct { diff --git a/quota/v1/zz_generated.crd-manifests/0000_03_config-operator_01_clusterresourcequotas.crd.yaml b/quota/v1/zz_generated.crd-manifests/0000_00_apiserver_01_clusterresourcequotas.crd.yaml similarity index 100% rename from quota/v1/zz_generated.crd-manifests/0000_03_config-operator_01_clusterresourcequotas.crd.yaml rename to quota/v1/zz_generated.crd-manifests/0000_00_apiserver_01_clusterresourcequotas.crd.yaml diff --git a/quota/v1/zz_generated.featuregated-crd-manifests.yaml b/quota/v1/zz_generated.featuregated-crd-manifests.yaml index b0fae46f7d4..1a56a512d73 100644 --- a/quota/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/quota/v1/zz_generated.featuregated-crd-manifests.yaml @@ -6,9 +6,9 @@ clusterresourcequotas.quota.openshift.io: Capability: "" Category: "" FeatureGates: [] - FilenameOperatorName: config-operator + FilenameOperatorName: apiserver FilenameOperatorOrdering: "01" - FilenameRunLevel: "0000_03" + FilenameRunLevel: "0000_00" GroupName: quota.openshift.io HasStatus: true KindName: ClusterResourceQuota diff --git a/quota/v1/zz_generated.featuregated-crd-manifests/clusterresourcequotas.quota.openshift.io/AAA_ungated.yaml b/quota/v1/zz_generated.featuregated-crd-manifests/clusterresourcequotas.quota.openshift.io/AAA_ungated.yaml index e001fa0133f..14480300265 100644 --- a/quota/v1/zz_generated.featuregated-crd-manifests/clusterresourcequotas.quota.openshift.io/AAA_ungated.yaml +++ b/quota/v1/zz_generated.featuregated-crd-manifests/clusterresourcequotas.quota.openshift.io/AAA_ungated.yaml @@ -3,8 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/filename-cvo-runlevel: "0000_03" - api.openshift.io/filename-operator: config-operator + api.openshift.io/filename-cvo-runlevel: "0000_00" + api.openshift.io/filename-operator: apiserver api.openshift.io/filename-ordering: "01" feature-gate.release.openshift.io/: "true" release.openshift.io/bootstrap-required: "true"