Bug 1845188

Summary: service-ca.cert file not mounted on cluster pods [reverting bug 1813894]
Product: OpenShift Container Platform Reporter: Ohad <omitrani>
Component: service-caAssignee: Maru Newby <mnewby>
Status: CLOSED ERRATA QA Contact: scheng
Severity: urgent Docs Contact:
Priority: urgent    
Version: 4.5CC: aos-bugs, ebenahar, eparis, mbukatov, mfojtik, mmahoney, mnewby, ocs-bugs, xxia
Target Milestone: ---Keywords: DeliveryBlocker
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-13 17:43:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ohad 2020-06-08 15:35:34 UTC 
Description of problem:

noobaa-operator (a component in the OpenShift Container Storage product) is relying on the existence of the service-ca.cert file on its containers in order to function properly.
As of OCP 4.5.0 this file is not mounted anymore at  var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt or at any other place

A search on previous versions documentation (4.4 and 4.3) does not mention this feature as being deprecated.

Version-Release number of selected component (if applicable):


How reproducible:
Every time

Steps to Reproduce:
1. Deploy an OCS cluster
2. use "oc -n openshift-storage rsh $(oc -n openshift-storage get pod -o name -l noobaa-operator)" to open a remote session to a noobaa-operator container.
3. use "ls -l var/run/secrets/kubernetes.io/serviceaccount" to verify that the file does not exist.

Actual results:
The file does not exist in the mentioned location

Expected results:
The file should be mounted at that location


Additional info:
Comment 6 Xingxing Xia 2020-06-10 01:16:05 UTC 
Why reverting? If reverting, then one of this bug and another bug 1813894 will be NOTA.
Comment 7 Xingxing Xia 2020-06-10 01:18:07 UTC 
Ah, got it in bug 1813894#c12 . Let me hold on the 4.5 release note https://github.com/openshift/openshift-docs/issues/19847#issuecomment-641007166
Comment 9 Maru Newby 2020-06-10 15:02:15 UTC 
Given that this bz represents an unreleased regression, no doc text is required.
Comment 10 Maru Newby 2020-06-15 20:28:40 UTC 
*** Bug 1847174 has been marked as a duplicate of this bug. ***
Comment 11 errata-xmlrpc 2020-07-13 17:43:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409