Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2087149

Summary:	Kubeconfig controller from Cluster CAPI operator doesn't reconcile its secret after creation
Product:	OpenShift Container Platform	Reporter:	Mike Fedosin <mfedosin>
Component:	Cloud Compute	Assignee:	Mike Fedosin <mfedosin>
Cloud Compute sub component:	Other Providers	QA Contact:	sunzhaohua <zhsun>
Status:	CLOSED DUPLICATE	Docs Contact:
Severity:	medium
Priority:	medium
Version:	4.11
Target Milestone:	---
Target Release:	4.11.0
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2022-05-26 13:33:19 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Mike Fedosin 2022-05-17 13:07:05 UTC

Description of problem:
Currently Kubeconfig controller from Cluster CAPI operator doesn't reconcile the secret with kubeconfig file after its creation. Additionally, if the token secret is modified, the controller doesn't regenerate the kubeconfig.

Version-Release number of selected component (if applicable):
4.11

How reproducible:
Always

Steps to Reproduce:
1. Deploy a cluster with enabled CAPI.
2. Make sure that "cluster-capi-operator-secret" has been created in "openshift-cluster-api" namespace.
3. Manually update or delete the secret.

Actual results:
The operator won't update or recreate the secret.

Expected results:
The secret is restored to the correct version by the operator.

Additional info:

Comment 3 sunzhaohua 2022-05-23 07:37:56 UTC

Verify failed. 
Delete the secret, the secret can be restored. Manually update secret cluster-capi-operator-secret, the secret coulndn't be restored. 
1. Deploy a cluster with enabled CAPI.
2. Make sure that "cluster-capi-operator-secret" has been created in "openshift-cluster-api" namespace.
3. Manually update the secret,  check if the secret can be restored 
$ oc patch secret/cluster-capi-operator-secret --type=merge -p '{"data": {"key":"dmFsdWU="}}'
secret/cluster-capi-operator-secret patched
About 1 hour later, check secret cluster-capi-operator-secret still have the new added key.
$ oc get secret cluster-capi-operator-secret -o yaml
  key: dmFsdWU=

After modifying the secret, the cluster-capi-operator log:
I0523 06:05:39.783578       1 kubeconfig.go:85] controller/secret/KubeconfigController "msg"="Reconciling kubeconfig secret" "name"="cluster-capi-operator-secret" "namespace"="openshift-cluster-api" "reconciler group"="" "reconciler kind"="Secret"

I0523 06:10:34.859111       1 cluster.go:76] controller/infrastructure/ClusterController "msg"="Reconciling infrastucture cluster" "name"="cluster" "namespace"="" "reconciler group"="config.openshift.io" "reconciler kind"="Infrastructure" "platformType"="AWS"
I0523 06:10:34.859111       1 clusteroperator_controller.go:49] controller/clusteroperator/ClusterOperatorController "msg"="reconciling Cluster API components for technical preview cluster" "name"="cluster-api" "namespace"="" "reconciler group"="config.openshift.io" "reconciler kind"="ClusterOperator"
I0523 06:10:34.859250       1 clusteroperator_controller.go:109] controller/clusteroperator "msg"="reconciling Core CAPI components" "name"="cluster-api" "namespace"="" "reconciler group"="config.openshift.io" "reconciler kind"="ClusterOperator"
I0523 06:10:34.860282       1 clusteroperator_controller.go:131] controller/clusteroperator "msg"="reconciling Infrastructure CAPI components" "name"="cluster-api" "namespace"="" "reconciler group"="config.openshift.io" "reconciler kind"="ClusterOperator"
I0523 06:10:34.876220       1 cluster.go:99] controller/infrastructure/ClusterController "msg"="Reconciling core cluster" "name"="cluster" "namespace"="" "reconciler group"="config.openshift.io" "reconciler kind"="Infrastructure"
I0523 06:10:39.877552       1 secret_sync_controller.go:42] controller/secret/SecretSyncController "msg"="reconciling worker user data secret" "name"="worker-user-data" "namespace"="openshift-machine-api" "reconciler group"="" "reconciler kind"="Secret"
I0523 06:10:39.877643       1 secret_sync_controller.go:72] controller/secret/SecretSyncController "msg"="source and target secrets are equal, no sync needed" "name"="worker-user-data" "namespace"="openshift-machine-api" "reconciler group"="" "reconciler kind"="Secret"
I0523 06:10:39.877683       1 secret_sync_controller.go:158] controller/secret "msg"="user Data Secret Controller is available" "name"="worker-user-data" "namespace"="openshift-machine-api" "reconciler group"="" "reconciler kind"="Secret"
I0523 06:11:10.183084       1 clusteroperator_controller.go:49] controller/clusteroperator/ClusterOperatorController "msg"="reconciling Cluster API components for technical preview cluster" "name"="cluster-api" "namespace"="" "reconciler group"="config.openshift.io" "reconciler kind"="ClusterOperator"
I0523 06:11:10.183161       1 clusteroperator_controller.go:109] controller/clusteroperator "msg"="reconciling Core CAPI components" "name"="cluster-api" "namespace"="" "reconciler group"="config.openshift.io" "reconciler kind"="ClusterOperator"
I0523 06:11:10.184084       1 clusteroperator_controller.go:131] controller/clusteroperator "msg"="reconciling Infrastructure CAPI components" "name"="cluster-api" "namespace"="" "reconciler group"="config.openshift.io" "reconciler kind"="ClusterOperator"
I0523 06:14:00.651040       1 secret_sync_controller.go:42] controller/secret/SecretSyncController "msg"="reconciling worker user data secret" "name"="worker-user-data" "namespace"="openshift-cluster-api" "reconciler group"="" "reconciler kind"="Secret"
I0523 06:14:00.651148       1 kubeconfig.go:85] controller/secret/KubeconfigController "msg"="Reconciling kubeconfig secret" "name"="cluster-capi-operator-secret" "namespace"="openshift-cluster-api" "reconciler group"="" "reconciler kind"="Secret"
I0523 06:14:00.651176       1 secret_sync_controller.go:72] controller/secret/SecretSyncController "msg"="source and target secrets are equal, no sync needed" "name"="worker-user-data" "namespace"="openshift-cluster-api" "reconciler group"="" "reconciler kind"="Secret"
I0523 06:14:00.651469       1 secret_sync_controller.go:158] controller/secret "msg"="user Data Secret Controller is available" "name"="worker-user-data" "namespace"="openshift-cluster-api" "reconciler group"="" "reconciler kind"="Secret"
I0523 06:14:00.658093       1 kubeconfig.go:85] controller/secret/KubeconfigController "msg"="Reconciling kubeconfig secret" "name"="cluster-capi-operator-secret" "namespace"="openshift-cluster-api" "reconciler group"="" "reconciler kind"="Secret"
I0523 06:20:20.772649       1 clusteroperator_controller.go:49] controller/clusteroperator/ClusterOperatorController "msg"="reconciling Cluster API components for technical preview cluster" "name"="cluster-api" "namespace"="" "reconciler group"="config.openshift.io" "reconciler kind"="ClusterOperator"

Comment 4 Joel Speed 2022-05-26 13:33:19 UTC


*** This bug has been marked as a duplicate of bug 2089254 ***