Verified with https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1830329 and openshift-sync plugin ================== $ oc version Client Version: 4.4.0-0.ci-2020-02-26-215902 Server Version: 4.10.0-0.nightly-2021-12-14-083101 Kubernetes Version: v1.22.1+6859754 pkumari$ oc rsh jenkins-1-2km7f sh-4.4$ cat /var/lib/jenkins/plugins/openshift-sync/META-INF/MANIFEST.MF |grep Implementation-Version Implementation-Version: 1.0.51 sh-4.4$ exit exit ---------- Started a build with maven-pipeline pkumari$ oc get builds NAME TYPE FROM STATUS STARTED DURATION openshift-jee-sample-1 JenkinsPipeline Complete 11 minutes ago openshift-jee-sample-docker-1 Docker Binary Complete 10 minutes ago 1m19s openshift-jee-sample-3 JenkinsPipeline Complete 4 minutes ago openshift-jee-sample-4 JenkinsPipeline Complete 7 minutes ago openshift-jee-sample-docker-2 Docker Binary Complete 6 minutes ago 1m11s openshift-jee-sample-docker-3 Docker Binary Complete 3 minutes ago 1m1s
more Verification steps required
I have also created secrets before jenkins was brought up and the secrets being successfully synced into the jenkins credential. pkumari$ oc -n jenkins-test create secret docker-registry push-secret --docker-server=quay.io --docker-username=<username> --docker-password=<password> --docker-email=<email> secret/push-secret created pkumari$ oc label secret push-secret credential.sync.jenkins.openshift.io=true secret/push-secret labeled $ oc import-image --confirm jenkins-pkumari --from=quay.io/pkumari/jenkins_priti:latest imagestream.image.openshift.io/jenkins-pkumari imported [...] $ oc new-app jenkins-ephemeral -p NAMESPACE=$(oc project -q) -p JENKINS_IMAGE_STREAM_TAG=jenkins-pkumari:latest --> Deploying template "openshift/jenkins-ephemeral" to project jenkins-test [...] --> Success Access your application via route 'jenkins-jenkins-test.apps.ci-ln-3ctjj5k-76ef8.origin-ci-int-aws.dev.rhcloud.com' Run 'oc status' to view your app. $ oc get pods NAME READY STATUS RESTARTS AGE jenkins-1-deploy 0/1 Completed 0 2m3s jenkins-1-lkskx 1/1 Running 0 119s $ oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD jenkins jenkins-jenkins-test.apps.ci-ln-3ctjj5k-76ef8.origin-ci-int-aws.dev.rhcloud.com jenkins <all> edge/Redirect None $ oc rsh jenkins-1-lkskx sh-4.4$ cat /var/lib/jenkins/plugins/openshift-sync/META-INF/MANIFEST.MF |grep Implementation-Version Implementation-Version: 1.0.51 sh-4.4$ exit exit ----------------------------- I have also restarted the pod and checked the synced credential it was mapped successfully. Ran the pipeline as well to verify the build process and it works as expected. @gmontero @abenaiss @adkaplan could you please take a look once, if I have missed something.
Based also on our discussion on slack and the additional checks that you made in the logs, that looks ok to me.
jenkins logs for secret events pkumari$ oc get pods NAME READY STATUS RESTARTS AGE jenkins-1-9cn9f 1/1 Running 0 28m jenkins-1-deploy 0/1 Completed 0 75m openshift-jee-sample-1-deploy 0/1 Completed 0 36m openshift-jee-sample-2-deploy 0/1 Completed 0 20m openshift-jee-sample-2-q57vf 1/1 Running 0 20m openshift-jee-sample-docker-1-build 0/1 Completed 0 37m openshift-jee-sample-docker-2-build 0/1 Completed 0 21m $ oc logs pod/jenkins-1-9cn9f [...] 2021-12-20 10:08:57 INFO hudson.WebAppMain$3 run Jenkins is fully up and running 2021-12-20 10:09:09 INFO io.fabric8.jenkins.openshiftsync.BuildConfigInformer onAdd BuildConfig informer received add event for: {}openshift-jee-sample 2021-12-20 10:09:10 INFO io.fabric8.jenkins.openshiftsync.SecretInformer onAdd Secret informer received add event for: {}push-secret 2021-12-20 10:09:10 INFO io.fabric8.jenkins.openshiftsync.SecretManager insertOrUpdateCredentialFromSecret Upserting Secret with Uid 94acfb46-7590-4455-be28-1aff9803de45 with Name push-secret 2021-12-20 10:09:10 INFO io.fabric8.jenkins.openshiftsync.SecretManager validSecret Validating Secret with Uid 94acfb46-7590-4455-be28-1aff9803de45 with Name push-secret 2021-12-20 10:09:11 INFO io.fabric8.jenkins.openshiftsync.BuildInformer onAdd Build informer received add event for: {}openshift-jee-sample-1 2021-12-20 10:09:12 INFO io.fabric8.jenkins.openshiftsync.BuildInformer onAdd Build informer received add event for: {}openshift-jee-sample-docker-1 2021-12-20 10:09:12 INFO io.fabric8.jenkins.openshiftsync.CredentialsUtils insertOrUpdateCredentialsFromSecret Created credential jenkins-test-push-secret from Secret NamespaceName{jenkins-test:push-secret} with revision: 63093 [...] 2021-12-20 10:13:56 INFO io.fabric8.jenkins.openshiftsync.JobProcessor createOrUpdateJob Updated job jenkins-test-openshift-jee-sample from BuildConfig NamespaceName{jenkins-test:openshift-jee-sample} with revision: 65265 2021-12-20 10:13:56 INFO io.fabric8.jenkins.openshiftsync.SecretInformer onUpdate Secret informer received update event for: push-secret 2021-12-20 10:13:56 INFO io.fabric8.jenkins.openshiftsync.SecretManager updateCredential Modifying Secret with Uid 94acfb46-7590-4455-be28-1aff9803de45 with Name push-secret 2021-12-20 10:13:56 INFO io.fabric8.jenkins.openshiftsync.SecretManager validSecret Validating Secret with Uid 94acfb46-7590-4455-be28-1aff9803de45 with Name push-secret [...]
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056