Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-29630

openshift-ansible needs to install ose-aws-ecr-image-credential-provider

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Critical Critical
    • None
    • 4.14.z, 4.15.0, 4.16.0
    • Installer / openshift-ansible
    • None
    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, an Amazon Web Services (AWS) code that provided image credentials was removed from the kubelet in {product-title} {product-version}. Consequently, pulling images from Amazon Elastic Container Registry (ECR) failed without a specified pull secret, because the kubelet could no longer authenticate itself and pass credentials to the container runtime. With this update, a separate credential provider has been configured, which is now responsible for providing ECR credentials for the kubelet. As a result, the kubelet can now pull private images from ECR. (link:https://issues.redhat.com/browse/OCPBUGS-29630[*OCPBUGS-29630*])
      Show
      Previously, an Amazon Web Services (AWS) code that provided image credentials was removed from the kubelet in {product-title} {product-version}. Consequently, pulling images from Amazon Elastic Container Registry (ECR) failed without a specified pull secret, because the kubelet could no longer authenticate itself and pass credentials to the container runtime. With this update, a separate credential provider has been configured, which is now responsible for providing ECR credentials for the kubelet. As a result, the kubelet can now pull private images from ECR. (link: https://issues.redhat.com/browse/OCPBUGS-29630 [* OCPBUGS-29630 *])
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-29561. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-29527. The following is the description of the original issue:

      Description of problem:

      As CCMs went out of tree a new credential provider package needs to be installed alongside the kubelet. This change was made in RHCOS but not openshift-ansible.

      Version-Release number of selected component (if applicable):

          4.14.11+, 4.15, 4.16

      How reproducible:

      Steps to Reproduce:

          1. Install 4.14 w/ RHEL worker nodes in a 4.14.11+ cluster
    2.
    3.

      Actual results:

          Kubelet fails to start due to missing cred provider package

      Expected results:

          Kubelet starts

      Additional info:

          See https://issues.redhat.com/browse/OCPBUGS-25662 for where this came about in 4.14. There are additional providers coming in 4.16. Since that's a dev branch we can just track that as part of the feature work to enable these providers.

            Unassigned Unassigned
            openshift-crt-jira-prow OpenShift Prow Bot
            Gaoyun Pei Gaoyun Pei
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: