Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-11437

MCO keeps the pull secret to .orig file once it replaced


      Description of problem:

      If we replace the cluster global pull secret with a empty one then MCO keeps the original secret file in `/etc/machine-config-daemon/orig/var/lib/kubelet/config.json.mcdorig` location.

      Version-Release number of selected component (if applicable):


      Steps to Reproduce:

      1. create a sno cluster using cluster-bot
      - launch 4.12.9 aws,single-node 
      2. Replace the pull secret
      $ cat <<EOF | oc replace -f -
      apiVersion: v1
        .dockerconfigjson: e30K
      kind: Secret
        name: pull-secret
        namespace: openshift-config
      type: kubernetes.io/dockerconfigjson
      3. Wait for cluster to conciliated
      $ oc get mc
      NAME                                               GENERATEDBYCONTROLLER                      IGNITIONVERSION   AGE
      00-master                                          f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             56m
      00-worker                                          f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             56m
      01-master-container-runtime                        f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             56m
      01-master-kubelet                                  f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             56m
      01-worker-container-runtime                        f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             56m
      01-worker-kubelet                                  f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             56m
      99-master-generated-kubelet                        f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             56m
      99-master-generated-registries                     f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             56m
      99-master-ssh                                                                                 3.2.0             60m
      99-worker-generated-registries                     f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             56m
      99-worker-ssh                                                                                 3.2.0             60m
      rendered-master-50d505c46c5e1dae8f1d91c81b2e0d1e   f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             56m
      rendered-master-619b2780e8787c88c3acb0c68de45a9f   f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             36m
      rendered-master-801d3c549c0fb3267cafc7e48968a8ac   f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             56m
      rendered-worker-86690adc0446e7f7feb68f9b9690632d   f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             36m
      rendered-worker-d7e635328a14333ed6ad27603fe5b5db   f6c21976e39cf6cb9e2ca71141478d5e612fb53f   3.2.0             56m
      4. debug to the node and check the file
      $ cat /etc/machine-config-daemon/orig/var/lib/kubelet/config.json.mcdorig

      Actual results:

      orig file have actual pull secretes which was used in initial cluster provision.

      Expected results:

      There shouldn't be any file with this info

      Additional info:


            rh-ee-iqian Ines Qian
            prkumar@redhat.com Praveen Kumar
            Rio Liu Rio Liu
            0 Vote for this issue
            5 Start watching this issue