This is a clone of issue OCPBUGS-34079. The following is the description of the original issue:
—
Description of problem:

If a cluster admin creates a new MachineOSConfig that references a legacy pull secret, the canonicalized version of this secret that gets created is not updated whenever the original pull secret changes.

How reproducible:

Always

Steps to Reproduce:

1. Create a new legacy-style Docker pull secret in the MCO namespace. Specifically, one which follows the pattern of {"hostname.com": {"username": ""...}

   .

2. Create a MachineOSConfig that references this legacy pull secret. The MachineOSConfig will get updated with a different secret name with the suffix -canonical.
3. Change the original legacy-style Docker pull secret that was created to a different secret.

Actual results:

The canonicalized version of the pull secret is never updated with the contents of the legacy-style pull secret.

Expected results:

Ideally, the canonicalized version of the pull secret should be updated since BuildController created it.

Additional info:

This occurs because when the legacy pull secret is initially detected, BuildController canonicalizes it and then updates the MachineOSConfig with the name of the canonicalized secret. The next time this secret is referenced, the original secret does not get read.