I don't think it is a block issue for ocp3.7 GA. You can change target to 3.8 if you think so.
I am able to reproduce this. When running step 7, the automatic re-deploy of mediawiki fails with this error: "Error: secrets "dh-postgresql-apb-h2gql-credentials-i5r30" not found" It seems that when a secret gets deleted, something needs to remove it from a DeploymentConfig it had previously been added to. I'm not sure who/what should be responsible for that. Right now, there's a big "Add to Application" button in the UI for a secret that adds it to a DeploymentConfig. Perhaps that's a starting point for thinking about the lifecycle of a secret's relationship to a binding.
@John After our discussion https://www.redhat.com/archives/ansible-service-broker/2018-January/msg00000.html we determined that this most likely belongs to the web console folks. As there already exists a method to "Add to Application", a "Remove from Application" (or similar) should also exist to remove the secret from the deploymentconfig.
This is working as intended. Your deployment references a secret that no longer exists, which *should* block the rollout. It is up to the user to remove the secret from the deployment environment tab. Since adding the secret is a manual step, I don't think it's unreasonable to ask the user to remove the secret. You should see a warning on the deployment page if your deployment references a missing secret as well as an event in the notification drawer (the bell icon in the masthead). As a developer, I'd want the rollout to fail to tell me something is wrong and the secret won't be added. A "Remove from Application" button won't work here since the secret is deleted and there is no longer a page to add the button to, but it's still possible to remove the secret from the deployment.
Thank you Sam for the explanation, based on which I'm closing this as "not a bug". I'm also changing the component to "management console" in case there are any follow-up questions.
Micheal & Samuel, I think that is OKay base on your explanation. Should we highlight these info in user guide(or some docs)? We can continue to use this bug for tracing or open another one if need. Thanks.
I'm re-opening this bug, only for make sure everything can be traced well. You can close it if don't think it no longer need to trace. Thanks.
We could add a comment about this to https://docs.openshift.org/latest/architecture/service_catalog/index.html#service-catalog-deleting-resources
moving to the docs component to track
Docs PR: https://github.com/openshift/openshift-docs/pull/8372
@Vikram , since this issue still exist in v3.7, is this pr will also be merged in v3.7
@Brandi, 'you must also remove the secret from the deployment environment tab' it's better to figure out that the secret reference should be removed from deployment config , and currently we can not remove it from UI. thanks.
Thank you for the clarification. The wording on the PR has been updated. Please take another look. We can update 3.7 as well. Thanks again!
the update LGTM. @Brandi, about 3.7 update, will you open another PR or open another bug to trace it ?
Thanks, Zihan! I will cherrypick to 3.7 and 3.9 from PR8372, so no need for a second bug.
Verified based on comment 16 & comment 17
Commits pushed to master at https://github.com/openshift/openshift-docs https://github.com/openshift/openshift-docs/commit/06329dfbacc3a525e0825ffa45ee8100efc88317 Bug 1511760 Add note to remove secret https://github.com/openshift/openshift-docs/commit/f5c7ca9d92b323792f53874f771dce80c95c95f8 Merge pull request #8372 from bmcelvee/BZ1511760 Bug 1511760 Add note to remove secret
Link to documentation on the Customer Portal: https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html-single/architecture/#service-catalog-design