-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.14, 4.15
-
Important
-
None
-
False
-
Description of problem:
In OCP 4.15, if the Image Registry is set to `removed`, the automatically created serviceAccount token secrets are deleted. While those should be only used to access the internal Image Registry, there are several customers using them for custom workloads, causing them issues and outages after upgrading from 4.14 to 4.15 with the Image Registry removed
Version-Release number of selected component (if applicable):
Upgrades from 4.14 to 4.15
How reproducible:
Always
Steps to Reproduce:
1. Install a 4.14 cluster.
2. Use any of the automatically generated "token-xxxx" secrets for any puropose
3. Set the Image Registry as `removed`.
4. Upgrade the cluster to 4.15, and anything using the above token will fail.
Actual results:
Anything using the secrets created in 4.14 will fail.
Expected results:
If the Image Registry is `removed` in the cluster, an ACK similar to the ones for the API removals should be added, to require customers with the Image Registry `removed` to check if they are using the any of the `secrets` that are going to be removed with the upgrade to 4.15.
Additional info:
Only if the Image Registry is `removed` in the cluster.
- is blocked by
-
IR-487 Impact statement request for OCPBUGS-41524 Add an ACK requirement for upgrading from 4.14 to 4.15 due to the removal of the serviceAccount token secrets
-
- Closed
-
- is related to
-
-
- ASSIGNED
-
- relates to
-
-
- New
-
- links to
