Description of problem:

In web-UI, if previous migration was completed successfully, we need to remove conversion pod because only one can exist in a time. But the first migration after deleting the conversion pod failed on:

"No API token found for service account "kubevirt-v2v-conversion-9mvxb", retry after the token is automatically created and added to the service account"


Version-Release number of selected component (if applicable):
HCO_BUNDLE_REGISTRY_TAG: v2.0.0-24


How reproducible:
Almost every time. Depends on the time passed between the deleting of the pod and the next VM creation   


Steps to Reproduce:
1. Migrate VM from VMware to CNV
2. Delete conversion pod
3. Migrate VM from VMware to CNV


Actual results:
Step 3 fails


Expected results:


Additional info:

Marek's mail:

Hi,

the issue is most probably caused by sequential dependency between creation of serviceaccount and the conversion pod.
Once ServiceAccount object is created, a controller creates API tokens (as secrets) for it.
When a pod is being created, API checks whether referenced ServiceAccount has these tokens created. If not, the reported error is returned.
In web-ui, the ServiceAccount and conversion pod are created nearly at the same time, so this issue can non-deterministically appear.

I suggest to open a bug and discuss its targeting considering wider context.

Possible workarounds:
- use "shared" service for all conversion pod instances within a single namespace
- postpone conversion pod creation till the serviceaccount has >0 secrets assigned (with timeout)
- restart conversion create if it fails (with delay, limit retry count)

I think the first option is the best one.

Please note, in 4.2 timeframe this logic will be moved from UI layer to brand new specialized operator.
This issue will be taken into consideration when implementing it.

Marek