Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-55019

SSCSI can't get the secret from aws in the disconnected aws cluster

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • 5
    • Important
    • None
    • None
    • Rejected
    • OAPE Sprint 270
    • 1
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      The sscsi can't search the secret from the aws secretManager in the disconnected aws cluster . 
          

      Version-Release number of selected component (if applicable):

      SSCSI: 4.18.0
      cluster:4.18.0-0.nightly-2025-04-13-142946
          

      How reproducible:

      always
          

      Steps to Reproduce:

          1. install one disconnected aws cluster
          2. install the operator and test through case: https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-66032 
          3.check the secret
          

      Actual results:

      The app can't mount the external secret from aws. The pod can't mount the secret since the provider error that can't search the secret.
          

      Expected results:

      The app in cluster can get the secret from aws.
          

      Additional info:

      The disconnected aws cluster installation template: 
      functionality-testing/aos-4_19/ipi-on-aws/versioned-installer-customer_vpc-disconnected_private_cluster-sts-private-s3-custom_endpoints-ci
          

      The log from provider:

      I0412 00:50:27.892803       1 auth.go:89] Using IAM Roles for Service Accounts for authentication in namespace: test3-proj, service account: aws-provider
      I0412 00:50:27.895863       1 irsa_credential_provider.go:121] Role ARN for test3-proj:aws-provider is arn:aws:iam::301721915996:role/test3-test3-proj-aws-creds
      W0412 00:52:27.876843       1 secrets_manager_provider.go:84] us-east-2: Failed fetching secret test3Secret: RequestCanceled: request context canceled
      caused by: context canceled
      E0412 00:52:27.876943       1 server.go:163] Failure getting secret values from provider type secretsmanager: Failed to fetch secret from all regions: test3Secret
      I0412 00:54:29.974591       1 server.go:126] Servicing mount request for pod hello-openshift-6578d76b6c-z72mj in namespace test3-proj using service account aws-provider with region(s) us-east-2
      I0412 00:54:29.974673       1 auth.go:89] Using IAM Roles for Service Accounts for authentication in namespace: test3-proj, service account: aws-provider
      I0412 00:54:29.976398       1 irsa_credential_provider.go:121] Role ARN for test3-proj:aws-provider is arn:aws:iam::301721915996:role/test3-test3-proj-aws-creds
      W0412 00:56:29.961202       1 secrets_manager_provider.go:84] us-east-2: Failed fetching secret test3Secret: RequestCanceled: request context canceled
      caused by: context canceled
      E0412 00:56:29.961231       1 server.go:163] Failure getting secret values from provider type secretsmanager: Failed to fetch secret from all regions: test3Secret
      I0412 00:57:27.200318       1 server.go:126] Servicing mount request for pod hello-openshift-6578d76b6c-p2wc4 in namespace test3-proj using service account aws-provider with region(s) us-east-2
      I0412 00:57:27.200499       1 auth.go:89] Using IAM Roles for Service Accounts for authentication in namespace: test3-proj, service account: aws-provider
      I0412 00:57:27.203553       1 irsa_credential_provider.go:121] Role ARN for test3-proj:aws-provider is arn:aws:iam::301721915996:role/test3-test3-proj-aws-creds
      

      The describe information about mount pods:

      33m         Normal    Scheduled           pod/hello-openshift-6578d76b6c-z72mj    Successfully assigned test3-proj/hello-openshift-6578d76b6c-z72mj to ip-10-0-49-136.us-east-2.compute.internal
      92s         Warning   FailedMount         pod/hello-openshift-6578d76b6c-z72mj    MountVolume.SetUp failed for volume "secrets-store-inline" : rpc error: code = DeadlineExceeded desc = context deadline exceeded
      

              rh-ee-smuley Shivprakash Muley
              rhn-support-jfan Jia Fan
              None
              None
              Jia Fan Jia Fan
              None
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: