+++ This bug was initially created as a clone of Bug #1838718 +++
Description of problem:
After removing the root cloud credentials secret (eg kube-system/aws-creds), when the cloud-credential-operator goes to re-reconcile the read-only creds (cloud-credential-operator-iam-ro), it fails b/c it cannot find the root credentials (which of course were previously deleted).
Version-Release number of selected component (if applicable):
How reproducible: 100%
Steps to Reproduce:
1. Install OpenShift 4.4.4 on AWS
2. Delete the secret kube-system/aws-creds
3. Wait for CCO to reconcile the read-only CR
CCO will fail to reconcile the read-only credentials.
CCO doesn't enter an error state (where not all credentials have been successfully reconciled) when the root creds are removed.
This was bumped to high because this is blocking a customer deployment.
The bug has been fixed.
The test payload is 4.4.0-0.nightly-2020-06-07-075345
The result is as below:
1.Install OpenShift on AWS
2.wait for cco reconcile (it is about 6 hours)
3.The cco successes to reconcile the read-only credentials and don't Degraded
$ oc get co cloud-credential
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE
cloud-credential 4.4.0-0.nightly-2020-06-07-075345 True False False 8h
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.