Bug 2052097 - global pull secret not working in OCP4.7.4+ for additional private registries
Summary: global pull secret not working in OCP4.7.4+ for additional private registries
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: ImageStreams
Version: 4.7
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.8.z
Assignee: Nichita Gutu
QA Contact: XiuJuan Wang
URL:
Whiteboard:
Depends On: 2047331
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-02-08 17:22 UTC by OpenShift BugZilla Robot
Modified: 2022-10-12 02:56 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-04-11 20:04:53 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-openshift-apiserver-operator pull 493 0 None open [release-4.8] [release-4.9] Bug 2052097: global pull secret not working in OCP4.7.4+ for additio… 2022-02-08 17:22:42 UTC
Red Hat Knowledge Base (Solution) 6476871 0 None None None 2022-04-19 09:58:17 UTC
Red Hat Product Errata RHSA-2022:1154 0 None None None 2022-04-11 20:05:18 UTC

Comment 1 XiuJuan Wang 2022-02-10 06:38:26 UTC
1. export the current secret 
$ oc get secret/pull-secret -n openshift-config --template='{{index .data ".dockerconfigjson" | base64decode}}' >pullsecret.orig
2. $ cp pullsecret.orig pull.json
3. Modify registry+secret to pull.json
4. reimport the secret
$ oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=./pull.json
5. wait for roll out and veryfy, e.g. via 
$ for node in `oc get no |awk -F " " '/Ready/ {print $1}'`; do oc debug node/$node -- chroot /host cat /var/lib/kubelet/config.json;done
6. Diff the secret, the secret are same
$ oc -n openshift-apiserver rsh apiserver-XXXXnnnn-xxxx cat /var/lib/kubelet/config.json | jq '.auths."registry.redhat.io".auth'  > apipod-pullsecret
$ diff pull.json apipod-pullsecret
Import a image from the private registry, imported successfully.

Verified on 4.8 ci version

Comment 9 errata-xmlrpc 2022-04-11 20:04:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.8.36 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1154


Note You need to log in before you can comment on or make changes to this bug.