1348319 – Lack of default secrets after creating new project

Bug 1348319 - Lack of default secrets after creating new project

Summary: Lack of default secrets after creating new project

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Master
Sub Component:
Version:	3.2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Jordan Liggitt
QA Contact:	weiwei jiang
Docs Contact:
URL:
Whiteboard:
Depends On:	1346777
Blocks:	1387755
TreeView+	depends on / blocked

Reported:	2016-06-20 19:36 UTC by Scott Dodson
Modified:	2021-08-30 12:27 UTC (History)
CC List:	9 users (show)
Fixed In Version:	atomic-openshift-3.2.1.3-1.git.0.dfa4ad6.el7
Doc Type:	Bug Fix
Doc Text:	A race condition could have prevented default secrets from being created when a project was initialized. Secret creation has been converted to a queue ensuring proper creation.
Clone Of:	1346777
Clones:	1387755 (view as bug list)
Environment:
Last Closed:	2016-07-05 16:53:45 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	2881641	0	None	None	None	2017-01-20 01:23:51 UTC
Red Hat Product Errata	RHBA-2016:1383	0	normal	SHIPPED_LIVE	Red Hat OpenShift Enterprise 3.2.1.4 bug fix update	2016-07-05 20:53:01 UTC

Comment 2 weiwei jiang 2016-06-21 07:13:56 UTC

Checked with atomic-openshift-3.2.1.3-1.git.0.dfa4ad6.el7, and all the secrets is ready soon after project is ready.

$ for i in {1..10}; do oc new-project project$i;oc get sa; done
Now using project "project1" on server "https://openshift-141.lab.eng.nay.redhat.com:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    $ oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git

to build a new hello-world application in Ruby.
NAME       SECRETS   AGE
builder    2         52s
default    2         52s
deployer   2         52s
Now using project "project2" on server "https://openshift-141.lab.eng.nay.redhat.com:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    $ oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git

to build a new hello-world application in Ruby.
NAME       SECRETS   AGE
builder    2         51s
default    2         51s
deployer   2         51s
Now using project "project3" on server "https://openshift-141.lab.eng.nay.redhat.com:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    $ oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git

to build a new hello-world application in Ruby.
NAME       SECRETS   AGE
builder    2         51s
default    2         51s
deployer   2         51s
Now using project "project4" on server "https://openshift-141.lab.eng.nay.redhat.com:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    $ oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git

to build a new hello-world application in Ruby.
NAME       SECRETS   AGE
builder    2         51s
default    2         51s
deployer   2         51s
Now using project "project5" on server "https://openshift-141.lab.eng.nay.redhat.com:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    $ oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git

to build a new hello-world application in Ruby.
NAME       SECRETS   AGE
builder    2         51s
default    2         52s
deployer   2         51s
Now using project "project6" on server "https://openshift-141.lab.eng.nay.redhat.com:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    $ oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git

to build a new hello-world application in Ruby.
NAME       SECRETS   AGE
builder    2         51s
default    2         51s
deployer   2         51s
Now using project "project7" on server "https://openshift-141.lab.eng.nay.redhat.com:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    $ oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git

to build a new hello-world application in Ruby.
NAME       SECRETS   AGE
builder    2         52s
default    2         52s
deployer   2         52s
Now using project "project8" on server "https://openshift-141.lab.eng.nay.redhat.com:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    $ oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git

to build a new hello-world application in Ruby.
NAME       SECRETS   AGE
builder    2         51s
default    2         51s
deployer   2         51s
Now using project "project9" on server "https://openshift-141.lab.eng.nay.redhat.com:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    $ oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git

to build a new hello-world application in Ruby.
NAME       SECRETS   AGE
builder    2         51s
default    2         51s
deployer   2         51s
Now using project "project10" on server "https://openshift-141.lab.eng.nay.redhat.com:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    $ oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git

to build a new hello-world application in Ruby.
NAME       SECRETS   AGE
builder    2         51s
default    2         51s
deployer   2         51s

Comment 3 weiwei jiang 2016-06-21 07:51:01 UTC

Also checked with sa created by manual,
$ for i in {1..50}; do oc create serviceaccount sa$i > /dev/null &  done 

$ oc get secrets|grep -i token | awk '{print $1}'|awk -F- '{print $1}'|uniq -c|awk '{print $1}' |uniq -c
     53 2
$ oc get secrets|grep -i dockercfg | awk '{print $1}'|awk -F- '{print $1}'|uniq -c|awk '{print $1}' |uniq -c
     53 1


And delete secrets to check if the secrets will be come back.
for i in `oc get secrets --no-headers|awk '{print $1}'`; do oc delete secrets $i > /dev/null & done

$ oc get secrets|grep -i token | awk '{print $1}'|awk -F- '{print $1}'|uniq -c|awk '{print $1}' |uniq -c
     53 2
$ oc get secrets|grep -i dockercfg | awk '{print $1}'|awk -F- '{print $1}'|uniq -c|awk '{print $1}' |uniq -c
     53 1

Comment 5 errata-xmlrpc 2016-07-05 16:53:45 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1383

Note You need to log in before you can comment on or make changes to this bug.