Bug 1716600 - Tuned service account secrets are created every 10min and old ones never get removed.
Summary: Tuned service account secrets are created every 10min and old ones never get ...
Keywords:
Status: CLOSED DUPLICATE of bug 1714484
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Node Tuning Operator
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Jiří Mencák
QA Contact: Mike Fiedler
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-06-03 18:05 UTC by Ryan Howe
Modified: 2019-06-04 02:17 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-04 02:17:49 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Ryan Howe 2019-06-03 18:05:48 UTC 
Description of problem:

Secrets for the tuned service account get created every 10mins with the old ones never getting removed. 


Version-Release number of selected component (if applicable):
# oc get clusterversion
NAME      VERSION      AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.1.0-rc.9   True        False         19m     Cluster version is 4.1.0-rc.9


# openshift-install version
openshift-install v4.1.0-201905212232-dirty
built from commit 71d8978039726046929729ad15302973e3da18ce
release image quay.io/openshift-release-dev/ocp-release@sha256:49c4b6bf70061e522e3525aed534d087c9abfba7c39cbcbdd1bd770ab096bf9e


# oc version
Client Version: version.Info{Major:"4", Minor:"1+", GitVersion:"v4.1.0-201905171742+ddefebb-dirty", GitCommit:"ddefebb", GitTreeState:"dirty", BuildDate:"2019-05-18T00:33:46Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"13+", GitVersion:"v1.13.4+838b4fa", GitCommit:"838b4fa", GitTreeState:"clean", BuildDate:"2019-05-19T23:51:04Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}


Actual results:
  Many new secrets created evey 10 mins. 

Expected results:
  Secrets to get cleaned up if new ones are created for SA. 

Additional info:

Cluster has been up for about 30mins 

$ oc get -n openshift-cluster-node-tuning-operator secret,sa
NAME                                                  TYPE                                  DATA   AGE
secret/builder-dockercfg-tbn88                        kubernetes.io/dockercfg               1      22m
...
...
...
secret/deployer-dockercfg-mpwp2                       kubernetes.io/dockercfg               1      22m
secret/deployer-token-82z4z                           kubernetes.io/service-account-token   4      23m
secret/deployer-token-wqf22                           kubernetes.io/service-account-token   4      25m
secret/tuned-dockercfg-5cls4                          kubernetes.io/dockercfg               1      21m
secret/tuned-dockercfg-8h27j                          kubernetes.io/dockercfg               1      14m
secret/tuned-dockercfg-bqznq                          kubernetes.io/dockercfg               1      21m
secret/tuned-dockercfg-c94pk                          kubernetes.io/dockercfg               1      14m
secret/tuned-dockercfg-jzqdf                          kubernetes.io/dockercfg               1      4m28s
secret/tuned-dockercfg-rs8n6                          kubernetes.io/dockercfg               1      22m
secret/tuned-token-2pw6x                              kubernetes.io/service-account-token   4      21m
secret/tuned-token-4bjr4                              kubernetes.io/service-account-token   4      24m
          ...
          20 lines removed
          ...
secret/tuned-token-r9lh9                              kubernetes.io/service-account-token   4      24m
secret/tuned-token-rsflk                              kubernetes.io/service-account-token   4      24m
secret/tuned-token-tbgn4                              kubernetes.io/service-account-token   4      4m28s
secret/tuned-token-tw8cd                              kubernetes.io/service-account-token   4      21m
secret/tuned-token-vdmjk                              kubernetes.io/service-account-token   4      21m
secret/tuned-token-xpmq4                              kubernetes.io/service-account-token   4      24m

NAME                                          SECRETS   AGE
serviceaccount/builder                        2         25m
serviceaccount/cluster-node-tuning-operator   2         29m
serviceaccount/default                        2         29m
serviceaccount/deployer                       2         25m
serviceaccount/tuned                          2         24m


Logs 
oc logs cluster-node-tuning-operator-688b969bd6-5hg79 

..


..
I0603 17:44:40.597050       1 tuned_controller.go:319] Reconciling Tuned openshift-cluster-node-tuning-operator/default
I0603 17:44:40.597100       1 status.go:25] syncOperatorStatus()
I0603 17:44:40.602036       1 tuned_controller.go:103] syncServiceAccount()
I0603 17:44:40.607527       1 tuned_controller.go:134] syncClusterRole()
I0603 17:44:40.636329       1 tuned_controller.go:165] syncClusterRoleBinding()
I0603 17:44:40.664341       1 tuned_controller.go:196] syncClusterConfigMap()
I0603 17:44:40.668800       1 tuned_controller.go:196] syncClusterConfigMap()
I0603 17:44:40.672488       1 tuned_controller.go:234] syncDaemonSet()
W0603 17:50:12.895448       1 reflector.go:270] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:196: watch of *v1.ConfigMap ended with: too old resource version: 15696 (17205)
I0603 17:54:40.677868       1 tuned_controller.go:319] Reconciling Tuned openshift-cluster-node-tuning-operator/default
I0603 17:54:40.677935       1 status.go:25] syncOperatorStatus()
I0603 17:54:40.684551       1 tuned_controller.go:103] syncServiceAccount()
I0603 17:54:40.689114       1 tuned_controller.go:134] syncClusterRole()
I0603 17:54:40.719304       1 tuned_controller.go:165] syncClusterRoleBinding()
I0603 17:54:40.754727       1 tuned_controller.go:196] syncClusterConfigMap()
I0603 17:54:40.759501       1 tuned_controller.go:196] syncClusterConfigMap()
I0603 17:54:40.764184       1 tuned_controller.go:234] syncDaemonSet()
W0603 17:56:00.901170       1 reflector.go:270] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:196: watch of *v1.ConfigMap ended with: too old resource version: 17340 (18619)
Comment 1 Ryan Howe 2019-06-04 02:17:49 UTC 
https://github.com/openshift/cluster-node-tuning-operator/commit/991e19b4833d9e05f476acb23e97a3563581ef6d#diff-ce84be76bcb45292f271bc6bc968b8b7

Dup of: https://bugzilla.redhat.com/show_bug.cgi?id=1714484

*** This bug has been marked as a duplicate of bug 1714484 ***
Note You need to log in before you can comment on or make changes to this bug.