From https://github.com/openshift/origin/pull/4767 Backwards compatibility without policy updates is broken without this fix. Without this fix, old registry images against new openshift servers running with old policy (before oadm policy reconcile-cluster-roles), will suddenly start failing. This is mitigated by running `oadm policy reconcile-cluster-roles` and reconciling differences.
I am not sure these steps. please correct me if i am wrong. 1. yum update openshift-master 2. systemctl restart openshift-master 3 After that, oc start-build failed with 'docker push'; 'oc deploy' failed with binding. 1) oc start build failed as following F0924 23:00:32.936764 1 builder.go:54] Build error: Failed to push image: Error pushing to registry: Authentication is required. 2) oc deploy failed as following Events: FirstSeen LastSeen Count From SubobjectPath Reason Message 19s 19s 1 {scheduler } failedScheduling Binding rejected: binding "cakephp-mysql-example-3-deploy" cannot be updated: pod cakephp-mysql-example-3-deploy 3) replicationcontrollers start pod failed as following. Events: FirstSeen LastSeen Count From SubobjectPath Reason Message 19s 19s 1 {scheduler } failedScheduling Binding rejected: binding "cakephp-mysql-example-3-deploy" cannot be updated: pod cakephp-mysql-example-3-deploy
Sorry, I failed to merge in the fix. Updated the build.
Can't create deploymentconfig before apply new policy. [anli@openshift-111 ~]$ oc new-app --template=cakephp-example [anli@openshift-111 ~]$ oc get events FIRSTSEEN LASTSEEN COUNT NAME KIND SUBOBJECT REASON SOURCE MESSAGE 4m 4m 1 cakephp-example-1-build Pod scheduled {scheduler } Successfully assigned cakephp-example-1-build to openshift-112.lab.sjc.redhat.com 6m 39s 4 cakephp-example DeploymentConfig failedCreate {deployer } Couldn't create initial deployment: DeploymentConfig "cakephp-example" is invalid: triggers[0].imageChange.tag: invalid value 'latest', Details: no image recorded for u4p2/cakephp-example:latest
Please ignore the comment 5. it is a Environment error. and it can't be reproducable. I did more test again both from v3.0.0.1 to v3.0.2.0 and from v3.0.1.0 to v3.0.2.0. all the following task works well. With old policy: The app can be access via router The app can be access via service The delete pod can be started by rc The app can be redeployed. The app can be rebuilds New app can be created/build and deployed. After deploy policy and finished the upgrade. the above task also works well. So move bugs to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2015:1854