Bug 1898045
Summary: | AWS EBS CSI Driver can not get updated cloud credential secret automatically | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Qin Ping <piqin> | |
Component: | Storage | Assignee: | Fabio Bertinatto <fbertina> | |
Storage sub component: | Operators | QA Contact: | Qin Ping <piqin> | |
Status: | CLOSED ERRATA | Docs Contact: | ||
Severity: | high | |||
Priority: | medium | CC: | aos-bugs, hekumar, jsafrane, lwan, rsandu | |
Version: | 4.7 | |||
Target Milestone: | --- | |||
Target Release: | 4.7.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | No Doc Update | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1915467 (view as bug list) | Environment: | ||
Last Closed: | 2021-02-24 15:33:27 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1915467 |
Description
Qin Ping
2020-11-16 09:12:34 UTC
What I noticed other operators to do (e.g. openshift-apiserver-operator), they hash the secret content into the operand Deployment / DaemonSet pod annotations: template: metadata: annotations: operator.openshift.io/dep-openshift-apiserver.config.configmap: TsndwQ== operator.openshift.io/dep-openshift-apiserver.etcd-client.secret: XX2UTw== operator.openshift.io/dep-openshift-apiserver.etcd-serving-ca.configmap: 3uGrWw== ... Whenever a Secret / ConfigMap changes, the operator will calculate a new hash and update the Deployment, which triggers redeployment (i.e. restart) of all pods. There should be some support for it in library-go. Verified with: 4.7.0-0.nightly-2021-01-17-211555 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633 |