-
Bug
-
Resolution: Done-Errata
-
Critical
-
4.14
-
Important
-
No
-
Rejected
-
False
-
-
-
Bug Fix
-
Done
This is a clone of issue OCPBUGS-20478. The following is the description of the original issue:
—
Description of problem:
The secret/vmware-vsphere-cloud-credentials in ns/openshift-cluster-csi-drivers is not synced correctly when updating secret/vsphere-creds in ns/kube-system
Version-Release number of selected component (if applicable):
4.14.0-0.nightly-2023-10-10-084534
How reproducible:
Always
Steps to Reproduce:
- Before updating the secret
$ oc -n kube-system get secret vsphere-creds -o yaml
apiVersion: v1
data:
vcenter.devqe.ibmc.devcluster.openshift.com.password: xxx
vcenter.devqe.ibmc.devcluster.openshift.com.username: xxx
kind: Secret
metadata:
annotations:
cloudcredential.openshift.io/mode: passthrough
...
Same for the secret/vmware-vsphere-cloud-credentials in ns/openshift-cluster-csi-drivers
$ oc -n openshift-cluster-csi-drivers get secret vmware-vsphere-cloud-credentials -o yaml
apiVersion: v1
data:
vcenter.devqe.ibmc.devcluster.openshift.com.password: xxx
vcenter.devqe.ibmc.devcluster.openshift.com.username: xxx
kind: Secret
metadata:
annotations:
cloudcredential.openshift.io/credentials-request: openshift-cloud-credential-operator/openshift-vmware-vsphere-csi-driver-operator
…
- replace secret/vsphere-creds to use new vcenter (just for test)
$ oc -n kube-system get secret vsphere-creds -o yaml apiVersion: v1 data: vcsa2-qe.vmware.devcluster.openshift.com.password: xxx vcsa2-qe.vmware.devcluster.openshift.com.username: xxx (Updated to vcsa2-qe)
There are two vcenter info in vmware-vsphere-cloud-credentials:
$ oc -n openshift-cluster-csi-drivers get secret vmware-vsphere-cloud-credentials -o yaml apiVersion: v1 data: vcenter.devqe.ibmc.devcluster.openshift.com.password: xxx vcenter.devqe.ibmc.devcluster.openshift.com.username: xxx vcsa2-qe.vmware.devcluster.openshift.com.password: xxx vcsa2-qe.vmware.devcluster.openshift.com.username: xxx (devqe and vcsa2-qe)
- restore secret/vsphere-creds
$ oc -n kube-system get secret vsphere-creds -o yaml apiVersion: v1 data: vcenter.devqe.ibmc.devcluster.openshift.com.password: xxx vcenter.devqe.ibmc.devcluster.openshift.com.username: xxx (Updated to devqe)
Still two vcenter info in vmware-vsphere-cloud-credentials:
$ oc -n openshift-cluster-csi-drivers get secret vmware-vsphere-cloud-credentials -o yaml apiVersion: v1 data: vcenter.devqe.ibmc.devcluster.openshift.com.password: xxx vcenter.devqe.ibmc.devcluster.openshift.com.username: xxx vcsa2-qe.vmware.devcluster.openshift.com.password: xxx vcsa2-qe.vmware.devcluster.openshift.com.username: xxx (devqe and vcsa2-qe)
Actual results:
The secret/vmware-vsphere-cloud-credentials is not synced well
Expected results:
The secret/vmware-vsphere-cloud-credentials should be synced well
Additional info:
Storage vSphere csi driver controller pods are crash looping.
- clones
-
-
- Closed
-
- is blocked by
-
-
- Closed
-
- links to
-
RHBA-2023:7599
OpenShift Container Platform 4.14.z bug fix update