The logic here looks wrong: https://github.com/openshift/console/blob/master/frontend/public/components/namespace.jsx#L843 We're only looking for kubernetes.io/dockerconfigjson and not kubernetes.io/dockercfg. But to use the image in a pod, you'd need to add it to the default service account. We should show the secrets referenced in the service account on this page. https://docs.openshift.com/container-platform/4.7/openshift_images/managing_images/using-image-pull-secrets.html#images-allow-pods-to-reference-images-from-secure-registries_using-image-pull-secrets
Checked on ocp 4.9 cluster with payload 4.9.0-0.nightly-2021-07-29-103526. 1.Create a project, check the default pull secret on project detail page, it displays "default-dockercfg-xczwx"; 2.Create a image pull secret in the project, and add the secret in default sa in the project, then check default pull secret on the project detail page again, the new image pull secret is also shown. 3.Create a role "example1" with view project/namespace permission but no permission to view secret in project: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: example1 uid: 785f7296-20fd-4f1a-8105-30be19f92539 resourceVersion: '470509' creationTimestamp: '2021-07-30T10:31:43Z' managedFields: - manager: Mozilla operation: Update apiVersion: rbac.authorization.k8s.io/v1 time: '2021-07-30T10:31:43Z' fieldsType: FieldsV1 fieldsV1: 'f:rules': {} rules: - verbs: - get - watch - list apiGroups: - '' resources: - projects - verbs: - get apiGroups: - '' resources: - namespaces 4. Grant normal user the "example1" role to the project. 5. Login with normal user, check on the project detail page, now the default pull secret field displays: "Error loading default pull Secrets" The bug is fixed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759