Description of problem: On gcp worker-user-data secret couldn't be synced up from openshift-mahcine-api to openshift-cluster-api Version-Release number of selected component (if applicable): 4.11.0-0.nightly-2022-06-23-153912 How reproducible: Always Steps to Reproduce: 1. Enable CAPI by featuregate 2. $ oc delete secret worker-user-data -n openshift-cluster-api 3. $ oc patch secret worker-user-data -p '{"data":{"username":"Zmlyc3QtdXNlcm5hbWUtdXBkYXRlCg=="}}' -n openshift-machine-api 4. Check if the secret content in openshift-machine-api and openshift-cluster-api are equal $ oc describe secret worker-user-data -n openshift-machine-api $ oc describe secret worker-user-data -n openshift-cluster-api Actual results: The secret content in openshift-machine-api and openshift-cluster-api are not equal, log report "source and target secrets are equal, no sync needed" $ oc describe secret worker-user-data -n openshift-machine-api Name: worker-user-data Namespace: openshift-machine-api Labels: <none> Annotations: <none> Type: Opaque Data ==== disableTemplating: 5 bytes userData: 1745 bytes username: 22 bytes $ oc describe secret worker-user-data -n openshift-cluster-api Name: worker-user-data Namespace: openshift-cluster-api Labels: <none> Annotations: <none> Type: Opaque Data ==== value: 1745 bytes 624 13:17:03.971737 1 secret_sync_controller.go:42] controller/secret/SecretSyncController "msg"="reconciling worker user data secret" "name"="worker-user-data" "namespace"="openshift-cluster-api" "reconciler group"="" "reconciler kind"="Secret" I0624 13:17:03.971758 1 kubeconfig.go:87] controller/secret/KubeconfigController "msg"="Reconciling kubeconfig secret" "name"="cluster-capi-operator-secret" "namespace"="openshift-cluster-api" "reconciler group"="" "reconciler kind"="Secret" I0624 13:17:03.972019 1 secret_sync_controller.go:72] controller/secret/SecretSyncController "msg"="source and target secrets are equal, no sync needed" "name"="worker-user-data" "namespace"="openshift-cluster-api" "reconciler group"="" "reconciler kind"="Secret" I0624 13:17:03.972196 1 secret_sync_controller.go:158] controller/secret "msg"="user Data Secret Controller is available" "name"="worker-user-data" "namespace"="openshift-cluster-api" "reconciler group"="" "reconciler kind"="Secret" I0624 13:17:03.982128 1 kubeconfig.go:87] controller/secret/KubeconfigController "msg"="Reconciling kubeconfig secret" "name"="cluster-capi-operator-secret" "namespace"="openshift-cluster-api" "reconciler group"="" "reconciler kind"="Secret" Expected results: The secret content in openshift-machine-api and openshift-cluster-api are equal. Additional info:
The logic only syncs a single key within the secret which this test isn't executing, we are going to improve the log messages to make sure it tells the user which keys it is syncing
Move to verified, the log has been improved. 4.12.0-0.nightly-2022-08-22-201543 I0823 05:29:30.129349 1 secret_sync_controller.go:72] controller/secret/SecretSyncController "msg"="user data in source and target secrets is the same, no sync needed" "name"="worker-user-data" "namespace"="openshift-machine-api" "reconciler group"="" "reconciler kind"="Secret" I0823 05:29:30.129405 1 secret_sync_controller.go:158] controller/secret "msg"="user Data Secret Controller is available" "name"="worker-user-data" "namespace"="openshift-machine-api" "reconciler group"="" "reconciler kind"="Secret"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399