Bug 1821648 - [4.3] Multiple credential sources being provided to oc client during prune
Summary: [4.3] Multiple credential sources being provided to oc client during prune
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.3.z
Assignee: Ricardo Maraschini
QA Contact: zhou ying
URL:
Whiteboard:
Depends On: 1790978
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-07 10:03 UTC by Ricardo Maraschini
Modified: 2023-09-07 22:42 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1790978
Environment:
Last Closed: 2020-04-14 16:18:55 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift oc pull 376 0 None closed Bug 1821648: Zeroing BearerTokenFile for prune 2020-07-20 14:50:07 UTC
Red Hat Product Errata RHBA-2020:1393 0 None None None 2020-04-14 16:18:57 UTC

Comment 3 zhou ying 2020-04-10 06:46:30 UTC
Confirmed with latest oc client, the issue has fixed:
[root@dhcp-140-138 roottest]# oc version -o yaml 
clientVersion:
  buildDate: "2020-04-04T06:05:10Z"
  compiler: gc
  gitCommit: 081196cac40a01e541152175cc4da92d3a5ab07d
  gitTreeState: clean
  gitVersion: 4.3.11-202004040552-081196c
  goVersion: go1.12.12
  major: ""
  minor: ""
  platform: linux/amd64
openshiftVersion: 4.3.12
serverVersion:
  buildDate: "2020-04-09T20:15:09Z"
  compiler: gc
  gitCommit: 65ad866
  gitTreeState: clean
  gitVersion: v1.16.2
  goVersion: go1.12.12
  major: "1"
  minor: 16+
  platform: linux/amd64

Bind the default account with role system:image-pruner
[root@dhcp-140-138 roottest]# cat /tmp/role.yaml 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: testzy
subjects:
- kind: ServiceAccount
  namespace: testzy
  name: default
roleRef:
  kind: ClusterRole
  name: system:image-pruner

create the pod:
[root@dhcp-140-138 roottest]# cat /tmp/ccci.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: cli
  labels:
    name: cli
spec:
  containers:
  - name: cli
    image: docker.io/zhouying7780/cli
    command: [ "oc" ]
    args: 
      - "adm"
      - "prune"
      - "images"
      - "--force-insecure=true"
      - "--prune-registry=false"
      - "--confirm"


[root@dhcp-140-138 roottest]# oc logs -f po/cli
Only API objects will be removed.  No modifications to the image registry will be made.
Deleted 0 objects.

Comment 5 errata-xmlrpc 2020-04-14 16:18:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1393


Note You need to log in before you can comment on or make changes to this bug.