-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
4.16
-
None
-
No
-
False
-
Description of problem:
After migrating an OpenShift Cluster to Azure AD Workload Identity, image-registry co is not ready, caused by AuthorizationFailed.
Version-Release number of selected component (if applicable):
4.16
How reproducible:
Always
Steps to Reproduce:
1.Prepare an Azure cluster.
2.Follow the steps to do a migration of the cluster. https://github.com/openshift/cloud-credential-operator/blob/master/docs/azure_workload_identity.md#steps-to-in-place-migrate-an-openshift-cluster-to-azure-ad-workload-identity
3.When the migration is finished, the image-registry co will degrade.
Actual results:
[hmx@fedora CCO]$ oc get pods -n openshift-image-registry NAME READY STATUS RESTARTS AGE azure-path-fix-2p6g9 0/1 Error 0 64m azure-path-fix-8rlbx 0/1 Error 0 60m azure-path-fix-95pp6 0/1 Error 0 62m azure-path-fix-c9wf4 0/1 Error 0 54m azure-path-fix-fv62d 0/1 Error 0 65m azure-path-fix-l2k26 0/1 Error 0 65m azure-path-fix-qpp66 0/1 Error 0 65m cluster-image-registry-operator-7fbdd97bf6-d547g 1/1 Running 0 79m image-registry-7c5747ff78-wp6m4 1/1 Running 0 85m image-registry-99d594879-6p9q4 0/1 CrashLoopBackOff 21 (3m8s ago) 65m image-registry-99d594879-rhvzh 0/1 CrashLoopBackOff 21 (2m12s ago) 65m node-ca-6n4zb 1/1 Running 1 114m node-ca-bgdgz 1/1 Running 1 114m node-ca-fpwnx 1/1 Running 1 114m node-ca-fzsld 1/1 Running 1 114m node-ca-gpqr8 1/1 Running 1 114m node-ca-vztwj 1/1 Running 1 114m
Expected results:
Additional info:
https://redhat-internal.slack.com/archives/C04TMSTHUHK/p1713944355183449
https://redhat-internal.slack.com/archives/C013VBYBJQH/p1713944644356079
