+++ This bug was initially created as a clone of Bug #1838718 +++ Description of problem: After removing the root cloud credentials secret (eg kube-system/aws-creds), when the cloud-credential-operator goes to re-reconcile the read-only creds (cloud-credential-operator-iam-ro), it fails b/c it cannot find the root credentials (which of course were previously deleted). Version-Release number of selected component (if applicable): 4.4.4 How reproducible: 100% Steps to Reproduce: 1. Install OpenShift 4.4.4 on AWS 2. Delete the secret kube-system/aws-creds 3. Wait for CCO to reconcile the read-only CR Actual results: CCO will fail to reconcile the read-only credentials. Expected results: CCO doesn't enter an error state (where not all credentials have been successfully reconciled) when the root creds are removed. Additional info:
This was bumped to high because this is blocking a customer deployment.
The bug has been fixed. The test payload is 4.4.0-0.nightly-2020-06-07-075345 The result is as below: 1.Install OpenShift on AWS 2.wait for cco reconcile (it is about 6 hours) 3.The cco successes to reconcile the read-only credentials and don't Degraded $ oc get co cloud-credential NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE cloud-credential 4.4.0-0.nightly-2020-06-07-075345 True False False 8h
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2445