Bug 1481251 - [3.6] Regression or change in how kubelet pull credentials are defined?
Summary: [3.6] Regression or change in how kubelet pull credentials are defined?
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Node
Version: 3.6.0
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ---
: 3.6.z
Assignee: Seth Jennings
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On:
Blocks: 1316341 1484063 1484068 1500642
TreeView+ depends on / blocked
 
Reported: 2017-08-14 12:43 UTC by Scott Dodson
Modified: 2020-06-11 13:56 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1316341
Environment:
Last Closed: 2017-09-08 03:15:23 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2642 normal SHIPPED_LIVE OpenShift Container Platform 3.6.1 bug fix and enhancement update 2017-09-08 07:14:52 UTC

Comment 1 Scott Dodson 2017-08-14 12:45:17 UTC
According to QE, the .docker/config.json is no longer read by the kubelet to specify pull credentials.

Comment 4 Seth Jennings 2017-08-21 16:18:03 UTC
tl;dr switching to the dockershim client for the CRI changed this behavior

Upstream issue:
https://github.com/kubernetes/kubernetes/issues/45738

And fix (for kube 1.7);
https://github.com/kubernetes/kubernetes/pull/46236

Origin 1.6 PR
https://github.com/openshift/origin/pull/15880

Comment 11 Johnny Liu 2017-09-06 10:40:49 UTC
Verified this bug with atomic-openshift-3.6.173.0.27-1.git.0.c1ae33f.el7.x86_64, and PASS.

In my previous verification - comment 6, the failure is because I saved docker registry creds in /var/lib/origin/, but not /var/lib/origin/.docker, after move it to /var/lib/origin/.docker, it works (though it also worked when docker registry creds is saved in /var/lib/origin/ before this regression was introduced, now user have to save docker registry creds in /var/lib/origin/).

Comment 12 Johnny Liu 2017-09-06 11:11:37 UTC
Also run the same testing with atomic-openshift-3.6.173.0.21-1.git.0.f95b0e7.el7.x86_64, also PASS.

Comment 14 errata-xmlrpc 2017-09-08 03:15:23 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2642


Note You need to log in before you can comment on or make changes to this bug.