1970395 – [4.8.0] SNO with AI/operator - kubeconfig secret is not created until the spoke is deployed

Bug 1970395 - [4.8.0] SNO with AI/operator - kubeconfig secret is not created until the spoke is deployed

Summary: [4.8.0] SNO with AI/operator - kubeconfig secret is not created until the spo...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	assisted-installer
Sub Component:
Version:	4.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.8.0
Assignee:	Fred Rolland
QA Contact:	Alexander Chuzhoy
Docs Contact:
URL:
Whiteboard:	AI-Team-Hive KNI-EDGE-4.8
Depends On:	1969547
Blocks:
TreeView+	depends on / blocked

Reported:	2021-06-10 12:11 UTC by Michael Filanov
Modified:	2021-07-27 23:12 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:	1969547
Environment:
Last Closed:	2021-07-27 23:12:27 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift assisted-service pull 2072	0	None	open	Bug 1970395: Create KubeConfig Secret when install starts (#2041)	2021-06-23 11:37:40 UTC
Red Hat Bugzilla	1969547	1	medium	CLOSED	[master] SNO with AI/operator - kubeconfig secret is not created until the spoke is deployed	2021-10-18 17:33:36 UTC
Red Hat Product Errata	RHSA-2021:2438	0	None	None	None	2021-07-27 23:12:42 UTC

Description Michael Filanov 2021-06-10 12:11:35 UTC

+++ This bug was initially created as a clone of Bug #1969547 +++

Version:
4.8.0-fc.7

The <clusterdeployment name>-admin-kubeconfig secret doesn't get created until the spoke cluster is successfully deployed.
Ths makes it harder to debug issues during deployment


Steps to reproduce: attempt to deploy a spoke cluster with AI/operator.
Try to retrieve the secret with kubeconfig:
oc get secret `oc get cd -o custom-columns=:.metadata.name`-admin-kubeconfig  -o json|jq -r ".data.kubeconfig"|base64 -d



result:

Error from server (NotFound): secrets "<clusterdeployment>-admin-kubeconfig" not found                                                                               


Expected result:
we should get the secret sooner in order to debug possible issues.

--- Additional comment from mfilanov on 20210610T12:04:42

Need to upload the secret twice, once when the installation stars, that will upload the kubeconfig without ingress CA and once again when the installation finish.

Comment 5 Alexander Chuzhoy 2021-06-28 21:21:49 UTC

FailedQA.

Version:
quay.io/acm-d/acm-custom-registry:2.3.0-DOWNSTREAM-2021-06-28-15-34-59

HUB:
4.8.0-0.nightly-2021-06-25-182927
spoke: 4.8.0-fc.9-x86_64

oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version             False       True          16m     Working towards 4.8.0-fc.9: 577 of 676 done (85% complete)

oc get secret
NAME                                TYPE                                  DATA   AGE
builder-dockercfg-8f6t9             kubernetes.io/dockercfg               1      24m
builder-token-h9btw                 kubernetes.io/service-account-token   4      24m
builder-token-qn97r                 kubernetes.io/service-account-token   4      24m
cluster-installer-dockercfg-r4k5f   kubernetes.io/dockercfg               1      23m
cluster-installer-token-4h9ck       kubernetes.io/service-account-token   4      23m
cluster-installer-token-9hnng       kubernetes.io/service-account-token   4      23m
default-dockercfg-2j8zt             kubernetes.io/dockercfg               1      24m
default-token-5jrm5                 kubernetes.io/service-account-token   4      24m
default-token-7l4mp                 kubernetes.io/service-account-token   4      24m
deployer-dockercfg-g4hrt            kubernetes.io/dockercfg               1      24m
deployer-token-m2grs                kubernetes.io/service-account-token   4      24m
deployer-token-nz7qs                kubernetes.io/service-account-token   4      24m
elvis-merged-pull-secret            kubernetes.io/dockerconfigjson        1      23m
pull-secret                         kubernetes.io/dockerconfigjson        1      23m
sno-bmc-secret                      Opaque                                2      23m



oc get  AgentClusterInstall -n elvis  -o=custom-columns='STATUS:status.conditions[-3].message'
STATUS
The installation is in progress: Finalizing cluster installation

oc get secret
NAME                                TYPE                                  DATA   AGE
builder-dockercfg-8f6t9             kubernetes.io/dockercfg               1      24m
builder-token-h9btw                 kubernetes.io/service-account-token   4      24m
builder-token-qn97r                 kubernetes.io/service-account-token   4      24m
cluster-installer-dockercfg-r4k5f   kubernetes.io/dockercfg               1      24m
cluster-installer-token-4h9ck       kubernetes.io/service-account-token   4      24m
cluster-installer-token-9hnng       kubernetes.io/service-account-token   4      24m
default-dockercfg-2j8zt             kubernetes.io/dockercfg               1      24m
default-token-5jrm5                 kubernetes.io/service-account-token   4      24m
default-token-7l4mp                 kubernetes.io/service-account-token   4      24m
deployer-dockercfg-g4hrt            kubernetes.io/dockercfg               1      24m
deployer-token-m2grs                kubernetes.io/service-account-token   4      24m
deployer-token-nz7qs                kubernetes.io/service-account-token   4      24m
elvis-merged-pull-secret            kubernetes.io/dockerconfigjson        1      24m
pull-secret                         kubernetes.io/dockerconfigjson        1      24m
sno-bmc-secret                      Opaque                                2      23m



#only after the cluster is installed we see the secret created

oc get  AgentClusterInstall -n elvis  -o=custom-columns='STATUS:status.conditions[-3].message'
STATUS
The installation has completed: Cluster is installed


oc get secret|grep kubeconfig
elvis-admin-kubeconfig               Opaque                                2      85s

Comment 7 Michael Filanov 2021-06-29 11:56:32 UTC

This ticket was not released in downstream yet.
QE should follow the releases in https://github.com/open-cluster-management/backlog

Comment 11 nshidlin 2021-07-05 13:35:21 UTC

Verified with 2.3.0-DOWNSTREAM-2021-07-02-22-02-33

kubeconfig secret is created while the cluster is installing

oc get AgentClusterInstall -n sno-0  -o=custom-columns='STATUS:status.conditions[-3].message'
STATUS
The installation is in progress: Installation in progress

oc get secret -n sno-0 |grep kubeconfig
sno-0-admin-kubeconfig              Opaque                                1      12m

Comment 13 errata-xmlrpc 2021-07-27 23:12:27 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438

Note You need to log in before you can comment on or make changes to this bug.