Bug 1779282
| Summary: | [4.3.0] Dockercfg secret is not cleaned up when token deleted | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Adam Kaplan <adam.kaplan> |
| Component: | openshift-controller-manager | Assignee: | Adam Kaplan <adam.kaplan> |
| Status: | CLOSED ERRATA | QA Contact: | wewang <wewang> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.3.0 | CC: | adam.kaplan, anusaxen, aos-bugs, bparees, ccoleman, lsm5, maszulik, mfojtik, nagrawal, obulatov, pmuller, rmarasch, santiago, surbania, weliang, wewang, wking |
| Target Milestone: | --- | ||
| Target Release: | 4.3.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | devex | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: pull secrets for the internal registry sometimes would not be deleted when their associated token was deleted
Consequence: stale pull secrets for the internal registry would remain associated with kubernetes service accounts
Fix: owner references were established between the internal registry pull secret and its associated token secret
Result: pull secrets are always deleted if the associated token is deleted
|
Story Points: | --- |
| Clone Of: | 1765294 | Environment: | |
| Last Closed: | 2020-04-08 07:39:51 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1806792 | ||
| Bug Blocks: | 1752313 | ||
|
Description
Adam Kaplan
2019-12-03 16:36:39 UTC
all attached PRs are only about gathering additional information. Switching back to ASSIGNED FYI: sometimes passed in ci:https://prow.svc.ci.openshift.org/view/gcs/origin-ci-test/logs/release-openshift-ocp-installer-e2e-gcp-4.3/531 but failed in: https://prow.svc.ci.openshift.org/view/gcs/origin-ci-test/logs/release-openshift-origin-installer-e2e-gcp-4.3/977 *** Bug 1814453 has been marked as a duplicate of this bug. *** From [1]: > The backport to 4.3.z is on hold until 4.4.0 goes GA. Also [2]. But the 4.4 bug 1806792 is VERIFIED, we run a lot of 4.4 CI, and we have 4.4 RCs out in the wild. Can we declare "soaked enough" at some point before 4.4.0 and land this backport to address the most common cause of 4.3 CI failures (which is what this bug was yesterday, although today other failure modes have pulled ahead ;). [1]: https://bugzilla.redhat.com/show_bug.cgi?id=1814453#c2 [2]: https://github.com/openshift/openshift-controller-manager/pull/72#pullrequestreview-371497080 Checked in version: 4.3.0-0.ci-2020-03-26-003534 [Feature:OpenShiftControllerManager] TestDockercfgTokenDeletedController [Suite:openshift/conformance/parallel] passed in job: https://prow.svc.ci.openshift.org/view/gcs/origin-ci-test/logs/release-openshift-origin-installer-e2e-gcp-4.3/1670 Reopening. This likely caused the regression in https://bugzilla.redhat.com/show_bug.cgi?id=1785023. Moving back to VERIFIED - fix for regression is being tracked in https://bugzilla.redhat.com/show_bug.cgi?id=1785023 and its dependent BZs. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1262 |