-
Bug
-
Resolution: Done
-
Normal
-
None
-
4.18
-
Quality / Stability / Reliability
-
False
-
-
5
-
Important
-
None
-
None
-
Rejected
-
OAPE Sprint 270
-
1
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
The sscsi can't search the secret from the aws secretManager in the disconnected aws cluster .
Version-Release number of selected component (if applicable):
SSCSI: 4.18.0 cluster:4.18.0-0.nightly-2025-04-13-142946
How reproducible:
always
Steps to Reproduce:
1. install one disconnected aws cluster 2. install the operator and test through case: https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-66032 3.check the secret
Actual results:
The app can't mount the external secret from aws. The pod can't mount the secret since the provider error that can't search the secret.
Expected results:
The app in cluster can get the secret from aws.
Additional info:
The disconnected aws cluster installation template: functionality-testing/aos-4_19/ipi-on-aws/versioned-installer-customer_vpc-disconnected_private_cluster-sts-private-s3-custom_endpoints-ci
The log from provider:
I0412 00:50:27.892803 1 auth.go:89] Using IAM Roles for Service Accounts for authentication in namespace: test3-proj, service account: aws-provider I0412 00:50:27.895863 1 irsa_credential_provider.go:121] Role ARN for test3-proj:aws-provider is arn:aws:iam::301721915996:role/test3-test3-proj-aws-creds W0412 00:52:27.876843 1 secrets_manager_provider.go:84] us-east-2: Failed fetching secret test3Secret: RequestCanceled: request context canceled caused by: context canceled E0412 00:52:27.876943 1 server.go:163] Failure getting secret values from provider type secretsmanager: Failed to fetch secret from all regions: test3Secret I0412 00:54:29.974591 1 server.go:126] Servicing mount request for pod hello-openshift-6578d76b6c-z72mj in namespace test3-proj using service account aws-provider with region(s) us-east-2 I0412 00:54:29.974673 1 auth.go:89] Using IAM Roles for Service Accounts for authentication in namespace: test3-proj, service account: aws-provider I0412 00:54:29.976398 1 irsa_credential_provider.go:121] Role ARN for test3-proj:aws-provider is arn:aws:iam::301721915996:role/test3-test3-proj-aws-creds W0412 00:56:29.961202 1 secrets_manager_provider.go:84] us-east-2: Failed fetching secret test3Secret: RequestCanceled: request context canceled caused by: context canceled E0412 00:56:29.961231 1 server.go:163] Failure getting secret values from provider type secretsmanager: Failed to fetch secret from all regions: test3Secret I0412 00:57:27.200318 1 server.go:126] Servicing mount request for pod hello-openshift-6578d76b6c-p2wc4 in namespace test3-proj using service account aws-provider with region(s) us-east-2 I0412 00:57:27.200499 1 auth.go:89] Using IAM Roles for Service Accounts for authentication in namespace: test3-proj, service account: aws-provider I0412 00:57:27.203553 1 irsa_credential_provider.go:121] Role ARN for test3-proj:aws-provider is arn:aws:iam::301721915996:role/test3-test3-proj-aws-creds
The describe information about mount pods:
33m Normal Scheduled pod/hello-openshift-6578d76b6c-z72mj Successfully assigned test3-proj/hello-openshift-6578d76b6c-z72mj to ip-10-0-49-136.us-east-2.compute.internal 92s Warning FailedMount pod/hello-openshift-6578d76b6c-z72mj MountVolume.SetUp failed for volume "secrets-store-inline" : rpc error: code = DeadlineExceeded desc = context deadline exceeded
- blocks
-
SSCSI-77 SSCSI use for disconnected AWS cluster
-
- Closed
-