1481251 – [3.6] Regression or change in how kubelet pull credentials are defined?

Bug 1481251 - [3.6] Regression or change in how kubelet pull credentials are defined?

Summary: [3.6] Regression or change in how kubelet pull credentials are defined?

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Node
Sub Component:
Version:	3.6.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	3.6.z
Assignee:	Seth Jennings
QA Contact:	Johnny Liu
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1316341 1484063 1484068 1500642
TreeView+	depends on / blocked

Reported:	2017-08-14 12:43 UTC by Scott Dodson
Modified:	2020-06-11 13:56 UTC (History)
CC List:	16 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1316341
Environment:
Last Closed:	2017-09-08 03:15:23 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2017:2642	0	normal	SHIPPED_LIVE	OpenShift Container Platform 3.6.1 bug fix and enhancement update	2017-09-08 07:14:52 UTC

Comment 1 Scott Dodson 2017-08-14 12:45:17 UTC

According to QE, the .docker/config.json is no longer read by the kubelet to specify pull credentials.

Comment 4 Seth Jennings 2017-08-21 16:18:03 UTC

tl;dr switching to the dockershim client for the CRI changed this behavior

Upstream issue:
https://github.com/kubernetes/kubernetes/issues/45738

And fix (for kube 1.7);
https://github.com/kubernetes/kubernetes/pull/46236

Origin 1.6 PR
https://github.com/openshift/origin/pull/15880

Comment 11 Johnny Liu 2017-09-06 10:40:49 UTC

Verified this bug with atomic-openshift-3.6.173.0.27-1.git.0.c1ae33f.el7.x86_64, and PASS.

In my previous verification - comment 6, the failure is because I saved docker registry creds in /var/lib/origin/, but not /var/lib/origin/.docker, after move it to /var/lib/origin/.docker, it works (though it also worked when docker registry creds is saved in /var/lib/origin/ before this regression was introduced, now user have to save docker registry creds in /var/lib/origin/).

Comment 12 Johnny Liu 2017-09-06 11:11:37 UTC

Also run the same testing with atomic-openshift-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64, also PASS.

Comment 14 errata-xmlrpc 2017-09-08 03:15:23 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2642

Note You need to log in before you can comment on or make changes to this bug.