-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.16
-
None
-
None
-
False
-
-
None
-
None
-
None
-
+
-
Proposed
-
Bug Fix
-
On a cluster upgraded from pre-4.16, if the internal Image Registry is removed, there might be previously generated image pull secrets that cannot be deleted due to the presence of the `openshift.io/legacy-token` finalizer.
-
None
-
None
-
None
-
None
Description of problem:
Our docs state: `When the integrated OpenShift image registry is disabled on a cluster that previously had it enabled, the previously generated image pull secrets are deleted automatically.` However when the image regstiry is set to removed the `openshift.io/serviceaccount-pull-secrets` controller is disabled and the finalizers are stuck on all legacy pullsecrets.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. upgrade to 4.16
2. set registry operator to removed
3. attempt to delete any dockercfg secret with `openshift.io/legacy-token` finalizer.
Actual results:
hung secret deletion
Expected results:
secret should have been cleaned up during registry deletion. / the secret finalizers should not block namespace deletion when the registry is disabled.
Additional info:
- blocks
-
-
- POST
-
- is cloned by
-
-
- POST
-
- is duplicated by
-
-
- Closed
-
- links to
