Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: None
Affects Version/s: None
Labels:
- GCP

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None

Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

OCP 4.11.2

I've attached must-gather.tar.gz

We are installing on GCP using the cco utility and "manual" credentialsMode. After some time, the image-registry operator begins to crashloop, with the error:

controller.go:373] unable to sync: unable to sync storage configuration: Get "https://storage.googleapis.com/storage/v1/b/cahartma-0921cluster1-qcjgt-image-registry-us-east1-hqrjkdcwvy?alt=json&prettyPrint=false&projection=full": oauth2/google: unable to generate access token: Post "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/cahartma-092-openshift-i-wxvrd@openshift-observability.iam.gserviceaccount.com:generateAccessToken": oauth2/google: status code 400: {"error":"invalid_grant","error_description":"Unable to verify the ID Token signature."

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

must-gather.tar.gz
17.31 MB
2022/09/23 6:31 PM

is related to

CCO-123 Update openshift operators to consume new 'external_account' type credentials

Closed

relates to

OCPSTRAT-469 Install and upgrade OpenShift with GCP Workload Identity

Closed

links to

Slack thread

Assignee:: Unassigned

Reporter:: Casey Hartman

Need Info From:: None

Contributors:: None

Architect:: None

QA Contact:: None

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/09/23 6:31 PM

Updated:: 2025/07/30 11:35 AM

Resolved:: 2022/10/13 1:41 PM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates