Bug 1596333 - OpenShift changing Registry URL on kubernetes.io/dockercfg secrets
Summary: OpenShift changing Registry URL on kubernetes.io/dockercfg secrets
Keywords:
Status: CLOSED DUPLICATE of bug 1591632
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Master
Version: 3.9.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Michal Fojtik
QA Contact: Xingxing Xia
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-06-28 15:58 UTC by Ryan Howe
Modified: 2021-09-09 14:48 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-06-28 18:10:51 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Ryan Howe 2018-06-28 15:58:39 UTC 
Description of problem:

  OpenShift is changing Registry URL on kubernetes.io/dockercfg secrets, to the Internal registry IP and Service URL. 
  
  This is happening for all kubernetes.io/dockercfg secrets with any URL. 

Version-Release number of selected component (if applicable):
3.9 

How reproducible:
Still trying to reproduce this locally
Comment 2 Ryan Howe 2018-06-28 17:15:54 UTC 
Adding the following to my master-config.yaml 


 admissionConfig:
  pluginConfig:
    RunOnceDuration:
      configuration:
        activeDeadlineSecondsOverride: 64800     #18hr but I changed to 30s
        apiVersion: v1
        kind: RunOnceDurationConfig


pluginConfig:
  RunOnceDuration:
    configuration:
      activeDeadlineSecondsOverride: 64800       #18hr but I changed to 30s
      apiVersion: v1
      kind: RunOnceDurationConfig
Comment 3 Ryan Howe 2018-06-28 17:40:55 UTC 
Correction issue only happened when the master-controller is restarted. The plugin config has nothing to do with this. 

# openshift version 
openshift v3.9.31
kubernetes v1.9.1+a0ce1bc657
etcd 3.2.16

atomic-openshift-3.9.31-1.git.0.ef9737b.el7.x86_64



1. Create secret 
~~~
#!/bin/bash 

oc delete secret docker-test

cat >.dockercfg <<EOF
{
    "docker-registry-default.test.com": {
        "username": "serviceaccount",
        "password": "dGVzdHBhc3MK",
        "email": "test",
        "auth": "dGVzdHVzZXI6dGVzdHBhc3MK"
}
}
EOF

oc create secret generic docker-test --from-file=./.dockercfg --type='kubernetes.io/dockercfg'

oc get secret docker-test --template='{{ index .data ".dockercfg"}}' |base64 -d
~~~

Output 
~~~
{
    "docker-registry-default.test.com": {
        "username": "serviceaccount",
        "password": "dGVzdHBhc3MK",
        "email": "test",
        "auth": "dGVzdHVzZXI6dGVzdHBhc3MK"
}
}
~~~



3. Restart controller  

# systemctl restart atomic-openshift-master-controllers

~~~
$ oc get secret docker-test --template='{{ index .data ".dockercfg"}}' | base64 -d 

{"172.30.207.78:5000":{"username":"serviceaccount","password":"testpass\n","email":"serviceaccount","auth":"c2VydmljZWFjY291bnQ6dGVzdHBhc3MK"},"docker-registry.default.svc:5000":{"username":"serviceaccount","password":"testpass\n","email":"serviceaccount","auth":"c2VydmljZWFjY291bnQ6dGVzdHBhc3MK"}}
~~~
Comment 4 Ryan Howe 2018-06-28 18:10:51 UTC 
https://bugzilla.redhat.com/show_bug.cgi?id=1591632

*** This bug has been marked as a duplicate of bug 1591632 ***
Note You need to log in before you can comment on or make changes to this bug.