Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-25350

Missing automatically generated secrets for WICD service account

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Critical Critical
    • 4.15.0
    • 4.15.0
    • Windows Containers
    • None
    • Critical
    • No
    • 0
    • WINC - Sprint 248
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      *Cause*: Missing secret for WICD service account prevents Windows nodes configuration
      *Consequence*: kube controller manager not generating secrets for service accounts automatically in Nutanix
      *Fix*: WMCO creates a long-live token secret for a WICD service account
      *Result*: WMCO is able to configure a Windows node.
      Show
      *Cause*: Missing secret for WICD service account prevents Windows nodes configuration *Consequence*: kube controller manager not generating secrets for service accounts automatically in Nutanix *Fix*: WMCO creates a long-live token secret for a WICD service account *Result*: WMCO is able to configure a Windows node.
    • Bug Fix
    • In Progress

      This is a clone of issue OCPBUGS-22680. The following is the description of the original issue:

      WMCO depends on the automatically generated secret with prefix name `windows-instance-config-daemon-token-` to setup the kube credentials for WICD.

      The Nutanix e2e jobs started failing due to the missing secret for the `windows-instance-config-daemon` service account. 

      Version-Release number of selected component (if applicable):
{code:none}
- 4.15, started seeing this sometime after Oct 19
- not seen all in 4.14 or in prior 4.15 builds

      How reproducible:

      Always

      Steps to Reproduce:

      - Trigger the nutanix e2e job on any PR agains master, WMCO test fails to config the nodes due to secret with 'windows-instance-config-daemon-token-' prefix not found

 or

- Also seeing in vpshere cluster using ci image 4.15.0-0.ci-2023-10-28-073151, no secret automatically generated service accounts

      Actual results:

      - WMCO fails with
2023-10-24T00:07:44Z ERROR Reconciler error {"controller": "machine", "controllerGroup": "machine.openshift.io", "controllerKind": "Machine", "Machine": {"name":"ci-op-i70fxg69-5c595-trj7j-e2e-wm-684m7","namespace":"openshift-machine-api"}, "namespace": "openshift-machine-api", "name": "ci-op-i70fxg69-5c595-trj7j-e2e-wm-684m7", "reconcileID": "1e1705a5-9ffc-44b9-9cf6-e0b09334d38e", "error": "unable to configure instance 1cd3aee1-1aa7-4320-8bb7-111e1ba439f8: expected 1 secret with 'windows-instance-config-daemon-token-' prefix, found 0"}

      Expected results:

      WMCO is able to configure Windows nodes

      Additional info:

      Link to Slack triage conversation.

            jvaldes@redhat.com Jose Valdes
            openshift-crt-jira-prow OpenShift Prow Bot
            Aharon Rasouli Aharon Rasouli
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: