SSO (single sign-on) is being reconfigured. Maintenance started Jul 16 2:20PM UTC and will last 1 hour. Password-enabled login should still work.
Bug 1776521 - Replacing (updating) operator creates duplicate secrets for the operator's ServiceAccount
Summary: Replacing (updating) operator creates duplicate secrets for the operator's Se...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: OLM
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.3.0
Assignee: Bowen Song
QA Contact: Jian Zhang
URL:
Whiteboard:
Depends On: 1769030
Blocks: 1769561
TreeView+ depends on / blocked
 
Reported: 2019-11-25 21:38 UTC by Bowen Song
Modified: 2020-01-23 11:14 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1769030
Environment:
Last Closed: 2020-01-23 11:14:14 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github operator-framework operator-lifecycle-manager pull 1160 'None' closed [release-4.3] Bug 1776521: Replacing operator creates duplicate secrets 2020-07-02 08:51:28 UTC
Red Hat Product Errata RHBA-2020:0062 None None None 2020-01-23 11:14:31 UTC

Comment 2 Jian Zhang 2019-12-04 09:23:03 UTC
Steps as below:
Cluster version is 4.3.0-0.nightly-2019-12-04-054458
mac:~ jianzhang$ oc exec catalog-operator-c6694c8bf-c5tg6 -- olm --version
OLM version: 0.13.0
git commit: ceec83c8e02496f09943db75d125c3b50a6a5556


mac:example-operator jianzhang$ oc create -R -f install/openshift-4.1/
namespace/example-operator created
catalogsource.operators.coreos.com/example-operator-registry created
operatorgroup.operators.coreos.com/example-operators created
subscription.operators.coreos.com/example-operator created
mac:example-operator jianzhang$ oc get sub -A
NAMESPACE          NAME               PACKAGE            SOURCE                      CHANNEL
example-operator   example-operator   example-operator   example-operator-registry   alpha
mac:example-operator jianzhang$ oc -n example-operator get pods -l name=example-operator --no-headers
example-operator-75f6bf5586-zgfpd   1/1   Running   0     41s
mac:example-operator jianzhang$ oc -n example-operator get secrets | grep example-operator
example-operator-dockercfg-x8j48   kubernetes.io/dockercfg               1      2m12s
example-operator-token-7rz2c       kubernetes.io/service-account-token   4      2m12s
example-operator-token-hwvm2       kubernetes.io/service-account-token   4      2m12s

mac:example-operator jianzhang$ oc -n example-operator get catalogsource example-operator-registry -o json | jq -r '.spec.image = "quay.io/nmalik/example-operator-registry:0.0.2"' | oc replace -f -
catalogsource.operators.coreos.com/example-operator-registry replaced
mac:example-operator jianzhang$ oc -n example-operator get pods -l name=example-operator --no-headers
example-operator-75f6bf5586-zgfpd   1/1   Running             0     3m2s
example-operator-7f5c69848f-cxp6l   0/1   ContainerCreating   0     15s
mac:example-operator jianzhang$ oc -n example-operator get pods -l name=example-operator --no-headers
example-operator-7f5c69848f-cxp6l   1/1   Running   0     46s

After update, no extra secrets generated. LGTM, verify it.
mac:example-operator jianzhang$ oc -n example-operator get secrets | grep example-operator
example-operator-dockercfg-x8j48   kubernetes.io/dockercfg               1      4m15s
example-operator-token-7rz2c       kubernetes.io/service-account-token   4      4m15s
example-operator-token-hwvm2       kubernetes.io/service-account-token   4      4m15s

Comment 4 errata-xmlrpc 2020-01-23 11:14:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0062


Note You need to log in before you can comment on or make changes to this bug.