Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: CNV v4.14.5
Affects Version/s: CNV v4.14.0
Component/s: CNV Infrastructure
Labels:
None

Story Points:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
Improve usability of vm-console-proxy
Regression:
No
[QE] How to address?:
---
[QE] Why QE missed?:
---
Market:

Sprint:
CNV Infra 252

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Description of problem:

Secret files dockercfg & vnc-access-token are not deleted even when we delete VM

Version-Release number of selected component (if applicable):

4.15

How reproducible:

always

Steps to Reproduce:

1. Start a VM under a service account
2. Delete VM and make sure the secret is also deleted
3.

Actual results:

[cloud-user@ocp-psi-executor-xl cnv-tests]$ oc delete vm rhel-vm-console-proxy-1709216019-1540508 -n vm-console-proxy-test-vm-console-prox
virtualmachine.kubevirt.io "rhel-vm-console-proxy-1709216019-1540508" deleted

[cloud-user@ocp-psi-executor-xl cnv-tests]$ oc get secrets -n vm-console-proxy-test-vm-console-prox --sort-by=.metadata.creationTimestamp
NAME                                                              TYPE                                  DATA   AGE
builder-dockercfg-wnqvx                                           kubernetes.io/dockercfg               1      21h
builder-token-mvpp4                                               kubernetes.io/service-account-token   4      21h
default-dockercfg-sg87l                                           kubernetes.io/dockercfg               1      21h
default-token-8wjpt                                               kubernetes.io/service-account-token   4      21h
deployer-dockercfg-pps44                                          kubernetes.io/dockercfg               1      21h
deployer-token-5qqqq                                              kubernetes.io/service-account-token   4      21h
vm-console-proxy-user1-dockercfg-fv2fc                            kubernetes.io/dockercfg               1      21h
vm-console-proxy-user1-token-wjqhv                                kubernetes.io/service-account-token   4      21h
rhel-vm-console-proxy-1709216019-15405-41a52d67-dockercfg-2wg8w   kubernetes.io/dockercfg               1      9s
rhel-vm-console-proxy-1709216019-1540508-vnc-access-token-slfz8   kubernetes.io/service-account-token   4      9s

[cloud-user@ocp-psi-executor-xl cnv-tests]$ oc get vm -A
NAMESPACE   NAME                           AGE   STATUS    READY
default     rhel-9-harlequin-iguana-64     18d   Stopped   False
default     rhel-9-sapphire-dragonfly-23   25d   Running   True
[cloud-user@ocp-psi-executor-xl cnv-tests]$ oc get secrets -n vm-console-proxy-test-vm-console-prox --sort-by=.metadata.creationTimestamp
NAME                                                              TYPE                                  DATA   AGE
builder-dockercfg-wnqvx                                           kubernetes.io/dockercfg               1      22h
builder-token-mvpp4                                               kubernetes.io/service-account-token   4      22h
default-dockercfg-sg87l                                           kubernetes.io/dockercfg               1      22h
default-token-8wjpt                                               kubernetes.io/service-account-token   4      22h
deployer-dockercfg-pps44                                          kubernetes.io/dockercfg               1      22h
deployer-token-5qqqq                                              kubernetes.io/service-account-token   4      22h
vm-console-proxy-user1-dockercfg-fv2fc                            kubernetes.io/dockercfg               1      22h
vm-console-proxy-user1-token-wjqhv                                kubernetes.io/service-account-token   4      22h
rhel-vm-console-proxy-1709216019-15405-41a52d67-dockercfg-2wg8w   kubernetes.io/dockercfg               1      40m
rhel-vm-console-proxy-1709216019-1540508-vnc-access-token-slfz8   kubernetes.io/service-account-token   4      40m

Expected results:

Secrets should be removed too

Additional info:

This is encountered while testing VM console proxy

rhel-vm-console-proxy-1709216019-1540508-vnc-access-token gets created when we use curl --header "Authorization: Bearer ${KUBERNETES_USER_TOKEN}" \
     "https://${K8S_API_URL}/apis/token.kubevirt.io/v1alpha1/namespaces/${VMI_NAMESPACE}/virtualmachines/${VMI_NAME}/vnc?duration=${DURATION}" and token used for authorization is created by " oc create token -n {namespace} {service_account} --duration={duration}""

clones

CNV-38845 secret persists even after the deletion of the virtual machine

Closed

links to

Pull Request

Pull Request - Backport to 4.14

Pull Request - Backport to 4.15

RHEA-2024:129223 OpenShift Virtualization 4.14.5 Images

mentioned on

Merge request - Updated US source to: 0ba1457 Merge pull request #101 from akrejcir/fix-cleanup

(2 mentioned on)

Assignee:: Andrej Krejcir

Reporter:: Geetika Kapoor

QA Contact:: Geetika Kapoor

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/04/04 11:07 AM

Updated:: 2024/04/25 12:15 PM

Resolved:: 2024/04/25 12:15 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Hide