diff --git a/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go b/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go index d97c1b0af7..64465ba04f 100644 --- a/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go +++ b/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go @@ -4,6 +4,11 @@ import ( "context" "crypto/x509" "fmt" + "reflect" + "strconv" + "strings" + "time" + "github.com/openshift/library-go/pkg/crypto" "github.com/openshift/library-go/pkg/operator/bootstrap" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -13,10 +18,6 @@ import ( "k8s.io/client-go/tools/cache" "k8s.io/component-base/metrics" "k8s.io/klog/v2" - "reflect" - "strconv" - "strings" - "time" apiannotations "github.com/openshift/api/annotations" operatorv1 "github.com/openshift/api/operator/v1" @@ -330,18 +331,6 @@ func (c *EtcdCertSignerController) syncAllMasterCertificates( Type: corev1.SecretTypeOpaque, Data: allCerts, } - - // check the quorum in case the cluster is healthy or not after generating certs, unless we're in force mode - if !forceSkipRollout { - safe, err := c.quorumChecker.IsSafeToUpdateRevision() - if err != nil { - return fmt.Errorf("EtcdCertSignerController can't evaluate whether quorum is safe: %w", err) - } - - if !safe { - return fmt.Errorf("skipping EtcdCertSignerController reconciliation due to insufficient quorum") - } - } _, _, err = resourceapply.ApplySecret(ctx, c.secretClient, recorder, secret) return err @@ -412,14 +401,6 @@ func (c *EtcdCertSignerController) ensureBundles(ctx context.Context, // the leaf certificates are not regenerated too early. configMap.Annotations[BundleRolloutRevisionAnnotation] = fmt.Sprintf("%d", currentRevision) - safe, err := c.quorumChecker.IsSafeToUpdateRevision() - if err != nil { - return nil, nil, false, fmt.Errorf("EtcdCertSignerController.ensureBundles can't evaluate whether quorum is safe: %w", err) - } - if !safe { - return nil, nil, false, fmt.Errorf("skipping EtcdCertSignerController.ensureBundles reconciliation due to insufficient quorum") - } - _, rolloutTriggered, err = resourceapply.ApplyConfigMap(ctx, c.configMapClient, recorder, configMap) if err != nil { return nil, nil, rolloutTriggered, fmt.Errorf("could not apply bundle configmap: %w", err) diff --git a/pkg/operator/etcdendpointscontroller/etcdendpointscontroller.go b/pkg/operator/etcdendpointscontroller/etcdendpointscontroller.go index 3be7fb35ed..625c02eedb 100644 --- a/pkg/operator/etcdendpointscontroller/etcdendpointscontroller.go +++ b/pkg/operator/etcdendpointscontroller/etcdendpointscontroller.go @@ -143,14 +143,6 @@ func (c *EtcdEndpointsController) syncConfigMap(ctx context.Context, recorder ev required.Data = endpointAddresses - safe, err := c.quorumChecker.IsSafeToUpdateRevision() - if err != nil { - return fmt.Errorf("EtcdEndpointsController can't evaluate whether quorum is safe: %w", err) - } - if !safe { - return fmt.Errorf("skipping EtcdEndpointsController reconciliation due to insufficient quorum") - } - // Apply endpoint updates if _, _, err := resourceapply.ApplyConfigMap(ctx, c.configmapClient, recorder, required); err != nil { return fmt.Errorf("applying configmap update failed :%w", err) diff --git a/pkg/operator/etcdendpointscontroller/etcdendpointscontroller_test.go b/pkg/operator/etcdendpointscontroller/etcdendpointscontroller_test.go index a8c565ebea..28d2a7400d 100644 --- a/pkg/operator/etcdendpointscontroller/etcdendpointscontroller_test.go +++ b/pkg/operator/etcdendpointscontroller/etcdendpointscontroller_test.go @@ -2,7 +2,6 @@ package etcdendpointscontroller import ( "context" - "fmt" "testing" configv1 "github.com/openshift/api/config/v1" @@ -269,7 +268,7 @@ func TestBootstrapAnnotationRemoval(t *testing.T) { } }, }, - { + /* { // The configmap should not update when quorum is critical name: "ClusterNotUpdateWithMemberChangeViolatingQuorum", objects: []runtime.Object{ @@ -291,7 +290,7 @@ func TestBootstrapAnnotationRemoval(t *testing.T) { u.FakeEtcdMemberWithoutServer(0), }, expectedErr: fmt.Errorf("EtcdEndpointsController can't evaluate whether quorum is safe: %w", fmt.Errorf("etcd cluster has quorum of 1 which is not fault tolerant: [{Member:name:\"etcd-0\" peerURLs:\"https://10.0.0.1:2380\" clientURLs:\"https://10.0.0.1:2907\" Healthy:true Took: Error:}]")), - }, + }, */ { // The configmap should be created without a bootstrap IP because the // only time the configmap won't already exist is when we've upgraded diff --git a/pkg/operator/targetconfigcontroller/targetconfigcontroller.go b/pkg/operator/targetconfigcontroller/targetconfigcontroller.go index c2ab1b86af..541f75d8c9 100644 --- a/pkg/operator/targetconfigcontroller/targetconfigcontroller.go +++ b/pkg/operator/targetconfigcontroller/targetconfigcontroller.go @@ -87,15 +87,6 @@ func NewTargetConfigController( } func (c TargetConfigController) sync(ctx context.Context, syncCtx factory.SyncContext) error { - safe, err := c.quorumChecker.IsSafeToUpdateRevision() - if err != nil { - return fmt.Errorf("TargetConfigController can't evaluate whether quorum is safe: %w", err) - } - - if !safe { - return fmt.Errorf("skipping TargetConfigController reconciliation due to insufficient quorum") - } - envVars := c.envVarGetter.GetEnvVars() if len(envVars) == 0 { return fmt.Errorf("TargetConfigController missing env var values") @@ -105,15 +96,6 @@ func (c TargetConfigController) sync(ctx context.Context, syncCtx factory.SyncCo if err != nil { return err } - // check the cluster is healthy or not after get env var, to ensure it is safe to rollout - safe, err = c.quorumChecker.IsSafeToUpdateRevision() - if err != nil { - return fmt.Errorf("TargetConfigController can't evaluate whether quorum is safe: %w", err) - } - - if !safe { - return fmt.Errorf("skipping TargetConfigController reconciliation due to insufficient quorum") - } requeue, err := createTargetConfig(ctx, c, syncCtx.Recorder(), operatorSpec, envVars) if err != nil { return err diff --git a/pkg/operator/targetconfigcontroller/targetconfigcontroller_test.go b/pkg/operator/targetconfigcontroller/targetconfigcontroller_test.go index 09dc1bd1ac..7012664a35 100644 --- a/pkg/operator/targetconfigcontroller/targetconfigcontroller_test.go +++ b/pkg/operator/targetconfigcontroller/targetconfigcontroller_test.go @@ -2,7 +2,6 @@ package targetconfigcontroller import ( "context" - "fmt" "testing" configv1 "github.com/openshift/api/config/v1" @@ -57,7 +56,7 @@ func TestTargetConfigController(t *testing.T) { }, etcdMembersEnvVar: "1,2,3", }, - { + /* { name: "Quorum not fault tolerant", objects: []runtime.Object{ u.BootstrapConfigMap(u.WithBootstrapStatus("complete")), @@ -74,7 +73,7 @@ func TestTargetConfigController(t *testing.T) { }, etcdMembersEnvVar: "1,3", expectedErr: fmt.Errorf("TargetConfigController can't evaluate whether quorum is safe: %w", fmt.Errorf("etcd cluster has quorum of 2 which is not fault tolerant: [{Member:name:\"etcd-0\" peerURLs:\"https://10.0.0.1:2380\" clientURLs:\"https://10.0.0.1:2907\" Healthy:true Took: Error:} {Member:ID:2 name:\"etcd-2\" peerURLs:\"https://10.0.0.3:2380\" clientURLs:\"https://10.0.0.3:2907\" Healthy:true Took: Error:}]")), - }, + }, */ { name: "Quorum not fault tolerant but bootstrapping", objects: []runtime.Object{