Red Hat Bugzilla – Bug 1278294
Deployment hook is not compatible with ImagePullSecrets which is in old dockercfg scheme
Last modified: 2016-10-30 18:54:38 EDT
Description of problem:
Deployment hook pull image will fail with old dockercfg scheme:
But succeed with new dockercfg scheme:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create template app via https://raw.githubusercontent.com/openshift/origin/master/examples/sample-app/application-template-stibuild.json
2.Generate a secret via `oc secrets new-dockercfg`
oc secrets new-dockercfg docker --docker-username=wjiang --docker-password=qqqqqqq --firstname.lastname@example.org
3.Modify the deploymentConfig frontend to use dockerhub private repo with both ImagePullSecrets and hooks
- name: CUSTOM_VAR2
- name: CUSTOM_VAR1
- containerPort: 8080
- name: hubwjiang
- type: ConfigChange
4. Try to deploy frontend if not trigger automatically
5. Replace old dockercfg scheme with new
6. Repeat step 4
4. Pull private image failed
6. Pull private image succeeded
4. Pull private image succeeded
I've proven that the kubelet respects imagePullSecrets specified on the pod in both the old and the new format using: https://gist.github.com/deads2k/919cafb99e1dffcac95e . It relies on https://github.com/openshift/origin/pull/5744 to have a sane way to create the secret.
I'm still in the process of completing the entire deployment hook process.
I had to get the latest deployer image to pick up https://github.com/openshift/origin/pull/5688, but this works for me.
Can you confirm you are using the latest images? If so, please provide an `oc export` of your secrets, deployment configs, and pods.
Also, you can see a helper command (not merge for 3.1) and my test case here: https://github.com/openshift/origin/pull/5744
(In reply to David Eads from comment #2)
> I had to get the latest deployer image to pick up
> https://github.com/openshift/origin/pull/5688, but this works for me.
> Can you confirm you are using the latest images? If so, please provide an
> `oc export` of your secrets, deployment configs, and pods.
Rechecked with devenv-rhel7_2643, and after modify the imageConfig.latest to true of node-config file, finally work as expected.
Confirmed with devenv-rhel7_2672, the issue fixed.