Bug 1692290

Summary:	After adding many IPDs to oauth/cluster at one time,the pods in openshift-authentication ns restarting constantly
Product:	OpenShift Container Platform	Reporter:	scheng
Component:	Auth	Assignee:	Standa Laznicka <slaznick>
Status:	CLOSED ERRATA	QA Contact:	scheng
Severity:	urgent	Docs Contact:
Priority:	urgent
Version:	4.1.0	CC:	aos-bugs, evb, nagrawal, slaznick
Target Milestone:	---	Keywords:	BetaBlocker
Target Release:	4.1.0
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	No Doc Update
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2019-06-04 10:46:25 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Comment 1 Erica von Buelow 2019-04-15 14:36:58 UTC

We've made some changes to the cluster-authentication-operator. Can you check this issue still occurs as described?

Comment 2 scheng 2019-04-16 05:16:12 UTC

I have test this again with ci build images(there is no successful nightly build images recently),this issue still occurs.

Comment 3 Erica von Buelow 2019-04-16 14:08:09 UTC

Assigning to mrogers (auth-frontline this week) to look into

Comment 4 Erica von Buelow 2019-04-23 13:12:07 UTC

Assigning to sally (auth-frontline this week) to look into

Comment 5 Erica von Buelow 2019-04-25 18:04:16 UTC

I replicated this using multiple htpasswd configurations. At first I thought it was just making unnecessary updates to the deployment as the secrets were copied from openshift-config but would eventually settle. However, I'm not seeing it stabilize at all and continues to redeploy. I suspect something is wrong in how we compute the hashes for triggering redeployment. Will continue to investigate.

Comment 7 Mo 2019-04-29 13:07:17 UTC

https://github.com/openshift/cluster-authentication-operator/pull/120

Comment 9 scheng 2019-04-30 07:56:22 UTC

Verified.

# oc get co authentication
NAME             VERSION                             AVAILABLE   PROGRESSING   DEGRADED   SINCE
authentication   4.1.0-0.nightly-2019-04-29-232817   True        False         False      21m

Comment 11 errata-xmlrpc 2019-06-04 10:46:25 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758