Bug 1718842

Summary: Need to clean up extraneous secrets in node tuning operator namespace
Product: OpenShift Container Platform Reporter: Mike Fiedler <mifiedle>
Component: Node Tuning OperatorAssignee: Jiří Mencák <jmencak>
Status: CLOSED ERRATA QA Contact: Simon <skordas>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.1.zCC: jupierce, nkim, sejug, sponnaga
Target Milestone: ---   
Target Release: 4.1.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: 4.1.4
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: The node-tuning-operator in OCP 4.1.0 unnecessarily updated tuned service account which caused extraneous secrets in the openshift-cluster-node-tuning-operator namespace. Consequence: Extraneous secrets in openshift-cluster-node-tuning-operator namespace. Fix: OCP 4.1.1 fixed the problem, but did not clean the extraneous secrets. Result: Cleanup of extraneous secrets.
 Story Points: ---
Clone Of:
: 1723569 (view as bug list) Environment:
Last Closed: 2019-07-04 09:01:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1723569    

Description Mike Fiedler 2019-06-10 11:32:47 UTC 
Description of problem:

Inhttps://bugzilla.redhat.com/show_bug.cgi?id=1714484 there was an issue with the node tuning operator creating extraneous secrets during the reconciliation loop.   That is fixed, but customers who installed 4.1.0 GA may be in a state where they have a large number of unneeded secrets in the operators namespace

We should help clean up the secrets automatically.   Cleaning them up manually could be time consuming and have some degree of risk.


Version-Release number of selected component (if applicable):  4.1.1

How reproducible: Always
Comment 1 Jiří Mencák 2019-06-10 11:45:34 UTC 
Upstream PR: https://github.com/openshift/cluster-node-tuning-operator/pull/63
Comment 10 Jiří Mencák 2019-06-21 13:29:43 UTC 
*** Bug 1722604 has been marked as a duplicate of this bug. ***
Comment 11 Mike Fiedler 2019-06-25 12:51:46 UTC 
This bz is for the 4.1.z cherrypick of this fix.   The correct PR is  https://github.com/openshift/cluster-node-tuning-operator/pull/65 which is open
Comment 14 Simon 2019-06-26 14:11:08 UTC 
Verification: POSITIVE
Started with quay.io/openshift-release-dev/ocp-release:4.1.0

oc get clusterversions.config.openshift.io 
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.1.0     True        False         24m     Cluster version is 4.1.0

Node tuning operator created extraneous secrets.

After upgrading to upstream:

oc get clusterversions.config.openshift.io 
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.1.0-0.nightly-2019-06-26-044128   True        False         14m     Cluster version is 4.1.0-0.nightly-2019-06-26-044128

oc get clusteroperator node-tuning
NAME          VERSION                             AVAILABLE   PROGRESSING   DEGRADED   SINCE
node-tuning   4.1.0-0.nightly-2019-06-26-044128   True        False         False      45m

All extraneous secrets were deleted and no new extraneous secrets were created.
Comment 16 errata-xmlrpc 2019-07-04 09:01:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1635