Bug 1769030

I should note this is a potential problem with systems that have many operator updates such as development environments.  In our non-prod environments we have seen in the order of 1000's of extra secrets for individual operators.  Over time this will have an impact on etcd performance.

Possibly related:  https://bugzilla.redhat.com/show_bug.cgi?id=1666991

Change the version to 4.4 since we have already bug 1776521 for 4.3.

Hi 

follow this step:

Step 1:
# install version 0.0.1
git clone https://github.com/jewzaam/example-operator.git

Step2:
#change the apiVersion on file 08_operatorgroup.yaml

vi install/openshift-4.1/08_operatorgroup.yaml -->  from apiVersion: operators.coreos.com/v1alpha2 to --> to: apiVersion: operators.coreos.com/v1

Step3

cd example-operator
oc create -R -f install/openshift-4.1/


[scolange@scolange example-operator]$ oc create -R -f install/openshift-4.1/
namespace/example-operator created
catalogsource.operators.coreos.com/example-operator-registry created
operatorgroup.operators.coreos.com/example-operators created
subscription.operators.coreos.com/example-operator created


Step 4:
# wait for it to start the operator pod
oc -n example-operator get pods -l name=example-operator --no-headers


Step 3:
# check secrets for the SA
oc -n example-operator get secrets | grep example-operator

[scolange@scolange example-operator]$ oc -n example-operator get secrets | grep example-operator
example-operator-dockercfg-8f57b   kubernetes.io/dockercfg               1      4m4s
example-operator-token-5mtln       kubernetes.io/service-account-token   4      4m5s
example-operator-token-dqpgc       kubernetes.io/service-account-token   4      4m5s


# update to 0.0.2
oc -n example-operator get catalogsource example-operator-registry -o json | jq -r '.spec.image = "quay.io/nmalik/example-operator-registry:0.0.2"' | oc replace -f -

[scolange@scolange example-operator]$ oc -n example-operator get catalogsource example-operator-registry -o json | jq -r '.spec.image = "quay.io/nmalik/example-operator-registry:0.0.2"' | oc replace -f -
catalogsource.operators.coreos.com/example-operator-registry replaced


# wait for it upgrade the operator pod
oc -n example-operator get pods -l name=example-operator --no-headers

[scolange@scolange example-operator]$ oc -n example-operator get pods -l name=example-operator --no-headers
example-operator-66dc694b6c-wwnk4   1/1   Running   0     71s


# check secrets for the SA
oc -n example-operator get secrets | grep example-operator


[scolange@scolange example-operator]$ oc -n example-operator get secrets | grep example-operator
example-operator-dockercfg-8f57b   kubernetes.io/dockercfg               1      4m57s
example-operator-token-5mtln       kubernetes.io/service-account-token   4      4m58s
example-operator-token-dqpgc       kubernetes.io/service-account-token   4      4m58s


The secret are not duplicated

Just for add the version of cluster:


[scolange@scolange example-operator]$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.4.0-0.nightly-2020-01-29-012724   True        False         93m     Cluster version is 4.4.0-0.nightly-2020-01-29-012724

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581