Bug 1592546

Summary:	[online-int][free-int] rhdm70 templates serviceaccount not found
Product:	OpenShift Online	Reporter:	Stefanie Forrester <dakini>
Component:	Templates	Assignee:	Vu Dinh <vdinh>
Status:	CLOSED NOTABUG	QA Contact:	XiuJuan Wang <xiuwang>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	unspecified	CC:	aos-bugs, bparees, dakini, jokerman, mmccomas
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-07-12 20:07:54 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Stefanie Forrester 2018-06-18 19:26:57 UTC

Description of problem:

When creating an app using the template 'rhdm70-full-persistent' or 'rhdm70-kieserver-https-s2i', a service account is missing, so the pod fails to start.

Here is the output of 'oc get pods' and 'oc get events' for two new applications using the templates 'rhdm70-full-persistent' and 'rhdm70-kieserver-https-s2i'.

==== rhdm70-full-persistent ====
NAME                       READY     STATUS    RESTARTS   AGE
myapp-kieserver-1-deploy   0/1       Error     0          40m
myapp-rhdmcentr-1-deploy   0/1       Error     0          40m

==== rhdm70-kieserver-https-s2i ====
NAME                       READY     STATUS      RESTARTS   AGE
myapp-kieserver-1-build    0/1       Completed   0          40m
myapp-kieserver-1-deploy   0/1       Error       0          39m

==== rhdm70-full-persistent ====
31m         31m          1         myapp-rhdmcentr.153955904a480506            DeploymentConfig                                      Warning   FailedCreate                  myapp-rhdmcentr-1-deploy                 Error creating: pods "myapp-rhdmcentr-1-" is forbidden: error looking up service account dakinitest-rhdm70-full-persistent-20180618/decisioncentral-service-account: serviceaccount "decisioncentral-service-account" not found

==== rhdm70-kieserver-https-s2i ====
30m         30m          1         myapp-kieserver.153955a0efe1cd31            DeploymentConfig                                                 Warning   FailedCreate                  myapp-kieserver-1-deploy                 Error creating: pods "myapp-kieserver-1-" is forbidden: error looking up service account dakinitest-rhdm70-kieserver-https-s2i-20180618/kieserver-service-account: serviceaccount "kieserver-service-account" not found



Version-Release number of selected component (if applicable):

oc v3.10.0-0.66.0 and oc v3.9.14

How reproducible:
Always.

Steps to Reproduce:
1. oc new-project test1; oc new-project test2
2. oc new-app rhdm70-full-persistent -n test1;
   oc new-app rhdm70-kieserver-https-s2i -n test2
3. oc get events test1; oc get events test2

Actual results:

The pods will fail to start, because of "serviceaccount not found" errors.

Expected results:

Pods should enter 'Running' state.

Additional info:

Comment 1 Ben Parees 2018-07-10 18:19:38 UTC

I think these templates have been updated, is this still broken?

Comment 2 Stefanie Forrester 2018-07-12 20:07:54 UTC

I just tested and got errors for "secret not found" using both templates. But that's because I didn't realize these secrets and service accounts have to be created before the template is used [1]. So this is not actually a bug.

[1] https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhdm70-full.yaml#L17-L18