Bug 1798946

Summary: authentication operator does not redeploy on kubeadmin secret deletion
Product: OpenShift Container Platform Reporter: Standa Laznicka <slaznick>
Component: apiserver-authAssignee: Standa Laznicka <slaznick>
Status: CLOSED ERRATA QA Contact: scheng
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.3.0CC: aos-bugs, mfojtik
Target Milestone: ---   
Target Release: 4.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-13 21:56:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Standa Laznicka 2020-02-06 11:30:01 UTC 
Description of problem:
In 4.3, we made the cluster-authentication-operator redeploy oauth-server pods when the kubeadmin user gets disabled in order to be able to advertise the token endpoint in case only login flows are available. This redeploy does not take place immediately though, as it should.

Version-Release number of selected component (if applicable):
4.3

How reproducible:
Always

Steps to Reproduce:
1. $ watch oc pods -n openshift-authentication
2. $ oc delete secret -n kube-system kubeadmin

Actual results:
Pods are not redeployed immediately, it can take several minutes for the operator to notice 

Expected results:
Pods get redeployed immediately once the secret is deleted
Comment 5 errata-xmlrpc 2020-05-13 21:56:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581