Documentation states that "the legacy service account API token secret is no longer generated for each service account." and doesn't clarify that all non core secrets tokens will be deleted. 

Even so there is a KCS(https://access.redhat.com/solutions/7088515)  with a workaround to apply but seems it's not working at 100%.

Customer has a big fleet of clusters and 40 out of ~200 has been upgraded from EUS 4.14 to 4.16 with the workaround applied and realized that it is not working for all the secrets token, some secrets tokens are still deleted even if the annotation has been removed.  3 cluster admins has complained because external providers has not been able to perform the usual workload and now the upgrade process to 4.16 is freeze until this get clarified. 

So customer is requesting if there is another option in order to continue with the upgrade task.

Image Registry is in Removed state but even in Managed state at 4.16, secrets token will be deleted.

This issue is open to get help customer with a workaround that works 100%. 

 
 

    4.16

    Upgrade from 4.14 to 4.16

    token secrets deleted

    keep the token secrets from 4.14 to 4.16