Bug 1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials
Summary: Could not provision gcp volume if delete secret gcp-pd-cloud-credentials
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Storage
Version: 4.7
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.7.0
Assignee: Fabio Bertinatto
QA Contact: Chao Yang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-12-24 02:13 UTC by Chao Yang
Modified: 2021-02-24 15:49 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-24 15:48:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift gcp-pd-csi-driver-operator pull 9 0 None open Bug 1910459: redeploy CSI Controller Deployment when secret changes 2021-01-13 21:14:59 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:49:18 UTC

Description Chao Yang 2020-12-24 02:13:31 UTC 
Description of problem:
Could not provision gcp volume if delete gcp-pd-cloud-credentials

Version-Release number of selected component (if applicable):
4.7.0-0.nightly-2020-12-20-031835

How reproducible:
Always

Steps to Reproduce:
1.Delete secret gcp-pd-cloud-credentials in namespace openshift-cluster-csi-drivers
2.New gcp-pd-cloud-credentials is created
3.Create pvc/pod
oc describe pvc
Name:          pvc1
Namespace:     test
StorageClass:  standard-csi
Status:        Pending
Volume:        
Labels:        <none>
Annotations:   volume.beta.kubernetes.io/storage-provisioner: pd.csi.storage.gke.io
               volume.kubernetes.io/selected-node: qe-chaoyang-1221-nnmhj-worker-a-866lh.c.openshift-qe.internal
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      
Access Modes:  
VolumeMode:    Filesystem
Mounted By:    pod1
Events:
  Type     Reason                Age                   From                                                                                                                Message
  ----     ------                ----                  ----                                                                                                                -------
  Normal   WaitForFirstConsumer  98s (x21 over 6m13s)  persistentvolume-controller                                                                                         waiting for first consumer to be created before binding
  Normal   ExternalProvisioning  53s (x5 over 86s)     persistentvolume-controller                                                                                         waiting for a volume to be created, either by external provisioner "pd.csi.storage.gke.io" or manually created by system administrator
  Normal   Provisioning          23s (x7 over 86s)     pd.csi.storage.gke.io_qe-chaoyang-1221-nnmhj-master-1.c.openshift-qe.internal_c201ee25-3746-46aa-805c-4f3d5a9002b7  External provisioner is provisioning volume for claim "test/pvc1"
  Warning  ProvisioningFailed    23s (x7 over 86s)     pd.csi.storage.gke.io_qe-chaoyang-1221-nnmhj-master-1.c.openshift-qe.internal_c201ee25-3746-46aa-805c-4f3d5a9002b7  failed to provision volume with StorageClass "standard-csi": rpc error: code = Internal desc = CreateVolume unknown get disk error when validating: Get "https://compute.googleapis.com/compute/v1/projects/openshift-qe/zones/us-central1-a/disks/pvc-4af50427-1ed5-4c3a-a2e3-1bd073de3415?alt=json&prettyPrint=false": oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}
Actual results:


Expected results:
PV should be provisioned by gcp csi driver.

Master Log:

Node Log (of failed PODs):

PV Dump:

PVC Dump:

StorageClass Dump (if StorageClass used by PV/PVC):

Additional info:
Comment 2 Chao Yang 2021-01-15 08:52:44 UTC 
Passed on 4.7.0-0.nightly-2021-01-14-211319
After delete gcp-pd-cloud-credentials, gcp-pd-cloud-credentials will be re-created and volume can be provisioned.
Comment 5 errata-xmlrpc 2021-02-24 15:48:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633
Note You need to log in before you can comment on or make changes to this bug.