Bug 1596333

Summary: OpenShift changing Registry URL on kubernetes.io/dockercfg secrets
Product: OpenShift Container Platform Reporter: Ryan Howe <rhowe>
Component: MasterAssignee: Michal Fojtik <mfojtik>
Status: CLOSED DUPLICATE QA Contact: Xingxing Xia <xxia>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.9.0CC: aos-bugs, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-28 18:10:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ryan Howe 2018-06-28 15:58:39 UTC 
Description of problem:

  OpenShift is changing Registry URL on kubernetes.io/dockercfg secrets, to the Internal registry IP and Service URL. 
  
  This is happening for all kubernetes.io/dockercfg secrets with any URL. 

Version-Release number of selected component (if applicable):
3.9 

How reproducible:
Still trying to reproduce this locally
Comment 2 Ryan Howe 2018-06-28 17:15:54 UTC 
Adding the following to my master-config.yaml 


 admissionConfig:
  pluginConfig:
    RunOnceDuration:
      configuration:
        activeDeadlineSecondsOverride: 64800     #18hr but I changed to 30s
        apiVersion: v1
        kind: RunOnceDurationConfig


pluginConfig:
  RunOnceDuration:
    configuration:
      activeDeadlineSecondsOverride: 64800       #18hr but I changed to 30s
      apiVersion: v1
      kind: RunOnceDurationConfig
Comment 3 Ryan Howe 2018-06-28 17:40:55 UTC 
Correction issue only happened when the master-controller is restarted. The plugin config has nothing to do with this. 

# openshift version 
openshift v3.9.31
kubernetes v1.9.1+a0ce1bc657
etcd 3.2.16

atomic-openshift-3.9.31-1.git.0.ef9737b.el7.x86_64



1. Create secret 
~~~
#!/bin/bash 

oc delete secret docker-test

cat >.dockercfg <<EOF
{
    "docker-registry-default.test.com": {
        "username": "serviceaccount",
        "password": "dGVzdHBhc3MK",
        "email": "test",
        "auth": "dGVzdHVzZXI6dGVzdHBhc3MK"
}
}
EOF

oc create secret generic docker-test --from-file=./.dockercfg --type='kubernetes.io/dockercfg'

oc get secret docker-test --template='{{ index .data ".dockercfg"}}' |base64 -d
~~~

Output 
~~~
{
    "docker-registry-default.test.com": {
        "username": "serviceaccount",
        "password": "dGVzdHBhc3MK",
        "email": "test",
        "auth": "dGVzdHVzZXI6dGVzdHBhc3MK"
}
}
~~~



3. Restart controller  

# systemctl restart atomic-openshift-master-controllers

~~~
$ oc get secret docker-test --template='{{ index .data ".dockercfg"}}' | base64 -d 

{"172.30.207.78:5000":{"username":"serviceaccount","password":"testpass\n","email":"serviceaccount","auth":"c2VydmljZWFjY291bnQ6dGVzdHBhc3MK"},"docker-registry.default.svc:5000":{"username":"serviceaccount","password":"testpass\n","email":"serviceaccount","auth":"c2VydmljZWFjY291bnQ6dGVzdHBhc3MK"}}
~~~
Comment 4 Ryan Howe 2018-06-28 18:10:51 UTC 
https://bugzilla.redhat.com/show_bug.cgi?id=1591632

*** This bug has been marked as a duplicate of bug 1591632 ***