Description of problem: TemplateInstance object in OCP 3.11 is not taking values defined in secret passed in spec.secret.name and therefore the objects defined in the template are not getting instantiated Version-Release number of selected component (if applicable): OCP 3.11 How reproducible: Always Steps to Reproduce: 1. oc new-project mycloudpoc 2. Create service account: $ oc create sa mycloudadmin $ oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:template-instance-controller $ oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:resourcequota-controller $ oc create clusterrolebinding mycloudamdin --clusterrole cluster-admin --serviceaccount=mycloudpoc:mycloudadmin 3. Create template file: $ oc create -f template.json 4. Create a secret "secrettest": curl -k \ -X POST \ -d @- \ -H "Authorization: Bearer $TOKEN" \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ https://openshift.xxx.redhat.com:443/api/v1/namespaces/mycloudpoc/secrets <<EOF { "kind": "Secret", "apiVersion": "v1", "metadata": { "name": "secrettest" }, "stringData": { [...] "MEM": "4Gi", "PROJECT_ADMIN_USER": "foo-admin", "PROJECT_NAME": "openshift-proj011", "REQUESTER": "foo", "RITM": "xyz", [...] } } EOF 5. Instantiate previous created template directly through an API call like this: curl -k \ -X POST \ -d @- \ -H "Authorization: Bearer $TOKEN" \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ https://openshift.xxx.redhat.com:443/apis/template.openshift.io/v1/namespaces/mycloudpoc/templateinstances <<EOF { "kind": "TemplateInstance", "apiVersion": "template.openshift.io/v1", "metadata": { "name": "secrettest" }, "spec": { "secret": { "name": "secrettest" }, "template": $(curl -k \ -H "Authorization: Bearer $TOKEN" \ -H 'Accept: application/json' \ https://openshift.xxx.redhat.com:443/apis/template.openshift.io/v1/namespaces/mycloudpoc/templates/odenprojcreation) } } EOF Actual results: Objects defined into the template are not created. Expected results: Objects should be created. Additional info: Same procedure with OCP 3.7 works without issue.
PR https://github.com/openshift/origin/pull/23107 up for 3.11 release
PR has merged
XiuJuan - can you provide the precise steps you took in trying to verify the bug? Would it be possible for me to get access to the cluster you are attempting to verify against?
Verified this in cluster: # oc version oc v3.11.125 kubernetes v1.11.0+d4cacc0 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://ip-172-18-1-156.ec2.internal:8443 openshift v3.11.125 kubernetes v1.11.0+d4cacc0 # oc get ns openshift-proj011 -o yaml apiVersion: v1 kind: Namespace metadata: annotations: openshift.io/description: Openshift Project delivered via Hybrid Cloud openshift.io/display-name: openshift-proj011 openshift.io/node-selector: slabasic=true openshift.io/sa.scc.mcs: s0:c17,c14 openshift.io/sa.scc.supplemental-groups: 1000300000/10000 openshift.io/sa.scc.uid-range: 1000300000/10000 creationTimestamp: 2019-07-02T02:34:10Z labels: apmid: OS assignmentcode: VY02RJ crq: SRTest013 deliverymanager: vishwa requester: tin2933 ritm: openritm013 serviceruntimemanager: vishwa sla: basic sz: VolvoCI technicalcontact: tin2933 template.openshift.io/template-instance-owner: df2a2e3e-9c71-11e9-8353-0e01018c1f1c name: openshift-proj011 resourceVersion: "8469" selfLink: /api/v1/namespaces/openshift-proj011 uid: df3fafcf-9c71-11e9-8353-0e01018c1f1c spec: finalizers: - kubernetes status: phase: Active
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:1753