Description of problem: Azure disk csi dirver operator doesn't use the credential created by CCO Version-Release number of selected component (if applicable): 4.8.0-0.nightly-2021-04-22-182303 How reproducible: Always Steps to Reproduce: 1. Check the credentialrequst, no credential request fore azure disk csi driver operator. $ oc get credentialsrequests.cloudcredential.openshift.io -A NAMESPACE NAME AGE openshift-cloud-credential-operator aws-ebs-csi-driver-operator 10h openshift-cloud-credential-operator cloud-credential-operator-gcp-ro-creds 10h openshift-cloud-credential-operator cloud-credential-operator-iam-ro 10h openshift-cloud-credential-operator manila-csi-driver-operator 10h openshift-cloud-credential-operator openshift-cluster-csi-drivers 10h openshift-cloud-credential-operator openshift-gcp-pd-csi-driver-operator 10h openshift-cloud-credential-operator openshift-image-registry 10h openshift-cloud-credential-operator openshift-image-registry-azure 10h openshift-cloud-credential-operator openshift-image-registry-gcs 10h openshift-cloud-credential-operator openshift-image-registry-openstack 10h openshift-cloud-credential-operator openshift-ingress 10h openshift-cloud-credential-operator openshift-ingress-azure 10h openshift-cloud-credential-operator openshift-ingress-gcp 10h openshift-cloud-credential-operator openshift-machine-api-aws 10h openshift-cloud-credential-operator openshift-machine-api-azure 10h openshift-cloud-credential-operator openshift-machine-api-gcp 10h openshift-cloud-credential-operator openshift-machine-api-kubevirt 10h openshift-cloud-credential-operator openshift-machine-api-openstack 10h openshift-cloud-credential-operator openshift-machine-api-ovirt 10h openshift-cloud-credential-operator openshift-machine-api-vsphere 10h openshift-cloud-credential-operator openshift-network 10h openshift-cloud-credential-operator openshift-vmware-vsphere-csi-driver-operator 10h openshift-cloud-credential-operator openshift-vsphere-problem-detector 10h openshift-cloud-credential-operator ovirt-csi-driver-operator 10h 2. Check controller pod 2021-04-23T05:25:44.210777148Z W0423 05:25:44.210709 1 azure_config.go:51] Failed to get cloud-config from secret: failed to get secret azure-cloud-provider: secrets "azure-cloud-provider" not found, skip initializing from secret 3. Check driver node pod 2021-04-23T03:18:32.191494431Z W0423 03:18:32.191401 1 azure_config.go:51] Failed to get cloud-config from secret: failed to get secret azure-cloud-provider: secrets "azure-cloud-provider" is forbidden: User "system:serviceaccount:openshift-cluster-csi-drivers:azure-disk-csi-driver-node-sa" cannot get resource "secrets" in API group "" in the namespace "kube-system", skip initializing from secret Actual results: Expected results: Master Log: Node Log (of failed PODs): PV Dump: PVC Dump: StorageClass Dump (if StorageClass used by PV/PVC): Additional info:
The team discussed this and agreed that the current behavior is OK for Tech Preview (4.8). We'll revisit this before the driver & operator moves to GA.
For reference, this is the Jira card: https://issues.redhat.com/browse/STOR-569
*** Bug 1994690 has been marked as a duplicate of this bug. ***
I'm fixing it as part of Azure Stack Hub fixes in https://bugzilla.redhat.com/show_bug.cgi?id=1992875
Putting to ON_QA, fix for bug #1992875 has been merged to OCP 4.9. The fix is the same for this BZ, but keeping this BZ open for re-test on a regular Azure Cloud cluster.
Verified pass on 4.9.0-0.nightly-2021-09-07-201519 $ oc get credentialsrequests.cloudcredential.openshift.io -n openshift-cloud-credential-operator azure-disk-csi-driver-operator -o yaml apiVersion: cloudcredential.openshift.io/v1 kind: CredentialsRequest metadata: ... name: azure-disk-csi-driver-operator namespace: openshift-cloud-credential-operator ... spec: ... secretRef: name: azure-disk-credentials namespace: openshift-cluster-csi-drivers
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759