Bug 1910459
| Summary: | Could not provision gcp volume if delete secret gcp-pd-cloud-credentials | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Chao Yang <chaoyang> |
| Component: | Storage | Assignee: | Fabio Bertinatto <fbertina> |
| Storage sub component: | Kubernetes External Components | QA Contact: | Chao Yang <chaoyang> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | high | ||
| Priority: | unspecified | CC: | aos-bugs, jsafrane |
| Version: | 4.7 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-02-24 15:48:24 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Passed on 4.7.0-0.nightly-2021-01-14-211319 After delete gcp-pd-cloud-credentials, gcp-pd-cloud-credentials will be re-created and volume can be provisioned. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633 |
Description of problem: Could not provision gcp volume if delete gcp-pd-cloud-credentials Version-Release number of selected component (if applicable): 4.7.0-0.nightly-2020-12-20-031835 How reproducible: Always Steps to Reproduce: 1.Delete secret gcp-pd-cloud-credentials in namespace openshift-cluster-csi-drivers 2.New gcp-pd-cloud-credentials is created 3.Create pvc/pod oc describe pvc Name: pvc1 Namespace: test StorageClass: standard-csi Status: Pending Volume: Labels: <none> Annotations: volume.beta.kubernetes.io/storage-provisioner: pd.csi.storage.gke.io volume.kubernetes.io/selected-node: qe-chaoyang-1221-nnmhj-worker-a-866lh.c.openshift-qe.internal Finalizers: [kubernetes.io/pvc-protection] Capacity: Access Modes: VolumeMode: Filesystem Mounted By: pod1 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal WaitForFirstConsumer 98s (x21 over 6m13s) persistentvolume-controller waiting for first consumer to be created before binding Normal ExternalProvisioning 53s (x5 over 86s) persistentvolume-controller waiting for a volume to be created, either by external provisioner "pd.csi.storage.gke.io" or manually created by system administrator Normal Provisioning 23s (x7 over 86s) pd.csi.storage.gke.io_qe-chaoyang-1221-nnmhj-master-1.c.openshift-qe.internal_c201ee25-3746-46aa-805c-4f3d5a9002b7 External provisioner is provisioning volume for claim "test/pvc1" Warning ProvisioningFailed 23s (x7 over 86s) pd.csi.storage.gke.io_qe-chaoyang-1221-nnmhj-master-1.c.openshift-qe.internal_c201ee25-3746-46aa-805c-4f3d5a9002b7 failed to provision volume with StorageClass "standard-csi": rpc error: code = Internal desc = CreateVolume unknown get disk error when validating: Get "https://compute.googleapis.com/compute/v1/projects/openshift-qe/zones/us-central1-a/disks/pvc-4af50427-1ed5-4c3a-a2e3-1bd073de3415?alt=json&prettyPrint=false": oauth2: cannot fetch token: 400 Bad Request Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."} Actual results: Expected results: PV should be provisioned by gcp csi driver. Master Log: Node Log (of failed PODs): PV Dump: PVC Dump: StorageClass Dump (if StorageClass used by PV/PVC): Additional info: