Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-3268

[Operator] Authentication secret not used during deployment

XMLWordPrintable

    • Workaround Exists
    • Hide

      Patch the Deployment causing a rolling update, or delete the pod:

      sleep 5 && oc patch deployment amq-broker-operator --type json -p \
        "[{'op':'add', 'path':'/spec/template/metadata/labels/reload', 'value':'$(date +%s)'}]"
      Show
      Patch the Deployment causing a rolling update, or delete the pod: sleep 5 && oc patch deployment amq-broker- operator --type json -p \ "[{ 'op' : 'add' , 'path' : '/spec/template/metadata/labels/reload' , 'value' : '$(date +%s)' }]"

      There seems to be a K8s issue where the Deployment reconciler does not reschedule the pod when service account secrets change. So the pod keeps using the same pull secret until a deletion happens, that triggers a reschedule and the creation of a new pod with the updated secrets. This only affect users on OCP 3.x because with 4.x the operator installation is fully delegated to OLM.

      Now, I see this exact behavior using the new AMQ operator on OCP 3.11, specifically when linking the registry authentication secret to the service account, which happens after deployment.

              rhn-support-rkieley Roderick Kieley
              rhn-support-fvaleri Federico Valeri
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: