Bug 1692290

Summary: After adding many IPDs to oauth/cluster at one time,the pods in openshift-authentication ns restarting constantly
Product: OpenShift Container Platform Reporter: scheng
Component: apiserver-authAssignee: Standa Laznicka <slaznick>
Status: CLOSED ERRATA QA Contact: scheng
Severity: urgent Docs Contact:
Priority: urgent    
Version: 4.1.0CC: aos-bugs, evb, nagrawal, slaznick
Target Milestone: ---Keywords: BetaBlocker
Target Release: 4.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-04 10:46:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Erica von Buelow 2019-04-15 14:36:58 UTC 
We've made some changes to the cluster-authentication-operator. Can you check this issue still occurs as described?
Comment 2 scheng 2019-04-16 05:16:12 UTC 
I have test this again with ci build images(there is no successful nightly build images recently),this issue still occurs.
Comment 3 Erica von Buelow 2019-04-16 14:08:09 UTC 
Assigning to mrogers (auth-frontline this week) to look into
Comment 4 Erica von Buelow 2019-04-23 13:12:07 UTC 
Assigning to sally (auth-frontline this week) to look into
Comment 5 Erica von Buelow 2019-04-25 18:04:16 UTC 
I replicated this using multiple htpasswd configurations. At first I thought it was just making unnecessary updates to the deployment as the secrets were copied from openshift-config but would eventually settle. However, I'm not seeing it stabilize at all and continues to redeploy. I suspect something is wrong in how we compute the hashes for triggering redeployment. Will continue to investigate.
Comment 7 Mo 2019-04-29 13:07:17 UTC 
https://github.com/openshift/cluster-authentication-operator/pull/120
Comment 9 scheng 2019-04-30 07:56:22 UTC 
Verified.

# oc get co authentication
NAME             VERSION                             AVAILABLE   PROGRESSING   DEGRADED   SINCE
authentication   4.1.0-0.nightly-2019-04-29-232817   True        False         False      21m
Comment 11 errata-xmlrpc 2019-06-04 10:46:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758