There is an issue with the Builds on OpenShift when the dockercfg secret is not provided, but the "Opaque" secret is provided instead.
Related to bug, but this is more about not having the dockercfg secrets and not having internal registry.
https://issues.redhat.com/browse/OCPBUGS-31213

Customer has a BuildConfig with a strategy to push the built image into the external registry. The BC has a secret mounted to allow the push, but it is type Opaque.

They run the builds on the cluster where image registry is set to Removed.

The problem seems that the BC requires the SA to have image secrets "dockercfg" or "dockerconfigjson" linked to the service account.
If the "Opaque" or any other type of secret is linked to the SA as image pull secret (pull) the BC will show not start with error "New (CannotRetrieveServiceAccount)". 

Note, that the Opaque secret contains the data as file ".dockerconfigjson".

The desired solution should be that the BC will start normally. How the BC should work if the imageRegistry.state=Removed and there are no dockercfg secrets? 

    

OpenShift 4.16
    

- set the image registry to the Removed state 
- create a BC with strategy to push to the external registry (e.g quay)
- create the pull secret for the external registry as type "kubernetes.io/dockerconfigjson" and "Opaque".
- link the 1st secret to the builder SA for mount
- start build
- cancel build and redo with 2nd secret
    

- the build fails with "CannotRetrieveServiceAccount"
    

- the build should progress normally