Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-3268

[Operator] Authentication secret not used during deployment

    XMLWordPrintable

Details

    • Workaround Exists
    • Hide

      Patch the Deployment causing a rolling update, or delete the pod:

      sleep 5 && oc patch deployment amq-broker-operator --type json -p \
        "[{'op':'add', 'path':'/spec/template/metadata/labels/reload', 'value':'$(date +%s)'}]"
      Show
      Patch the Deployment causing a rolling update, or delete the pod: sleep 5 && oc patch deployment amq-broker- operator --type json -p \ "[{ 'op' : 'add' , 'path' : '/spec/template/metadata/labels/reload' , 'value' : '$(date +%s)' }]"

    Description

      There seems to be a K8s issue where the Deployment reconciler does not reschedule the pod when service account secrets change. So the pod keeps using the same pull secret until a deletion happens, that triggers a reschedule and the creation of a new pod with the updated secrets. This only affect users on OCP 3.x because with 4.x the operator installation is fully delegated to OLM.

      Now, I see this exact behavior using the new AMQ operator on OCP 3.11, specifically when linking the registry authentication secret to the service account, which happens after deployment.

      Attachments

        Activity

          People

            rhn-support-rkieley Roderick Kieley
            rhn-support-fvaleri Federico Valeri
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: