Bug 1798946 - authentication operator does not redeploy on kubeadmin secret deletion
Summary: authentication operator does not redeploy on kubeadmin secret deletion
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: apiserver-auth
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.4.0
Assignee: Standa Laznicka
QA Contact: scheng
Depends On:
TreeView+ depends on / blocked
Reported: 2020-02-06 11:30 UTC by Standa Laznicka
Modified: 2020-05-13 21:56 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2020-05-13 21:56:23 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Github openshift cluster-authentication-operator pull 249 None closed Bug 1798946: react to changes of the kube-system/kubeadmin secret 2020-04-21 08:28:23 UTC
Red Hat Product Errata RHBA-2020:0581 None None None 2020-05-13 21:56:25 UTC

Description Standa Laznicka 2020-02-06 11:30:01 UTC
Description of problem:
In 4.3, we made the cluster-authentication-operator redeploy oauth-server pods when the kubeadmin user gets disabled in order to be able to advertise the token endpoint in case only login flows are available. This redeploy does not take place immediately though, as it should.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. $ watch oc pods -n openshift-authentication
2. $ oc delete secret -n kube-system kubeadmin

Actual results:
Pods are not redeployed immediately, it can take several minutes for the operator to notice 

Expected results:
Pods get redeployed immediately once the secret is deleted

Comment 5 errata-xmlrpc 2020-05-13 21:56:23 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.