-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
4.16.0
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
Customer is observing below error, while they are creating the new project dockercfg secrets are not getting generated.
now projects don't have any dockerconfig secrets created automatically and build processes in existing namespaces fail to push images due to authentication errors, such as the following: Registry server Address: Registry server User Name: <token> Registry server Email: Registry server Password: <<non-empty>> error: build error: Failed to push image: trying to reuse ...h token: invalid username/password: authentication required
Version-Release number of selected component (if applicable):
How reproducible:
Yes
Steps to Reproduce:
This only starts after modifying the image registry config and setting the value of spec.ManagementState from Managed to Removed then back to Managed.
I tried to create a new project and still seem the same issue of the dockerconfig secrets not being created.
on ⛵ 172-31-9-26:31103 in (default) ~ via 🐍 v3.9.18
❯ oc new-project test-dockercfg
Now using project "test-dockercfg" on server "https://172.x.x.26:31103".
You can add applications to this project with the 'new-app' command. For example, try:
oc new-app rails-postgresql-example
to build a new example application in Ruby. Or use kubectl to deploy a simple Kubernetes application:
kubectl create deployment hello-node --image=registry.k8s.io/e2e-test-images/agnhost:2.43 -- /agnhost serve-hostname
on ⛵ 172-31-9-26:31103 in (test-dockercfg) ~ via 🐍 v3.9.18
❯ oc get secrets
No resources found in test-dockercfg namespace.
on ⛵ 172-31-9-26:31103 in (test-dockercfg) ~ via 🐍 v3.9.18
❯ oc delete sa builder default deployer
serviceaccount "builder" deleted
serviceaccount "default" deleted
serviceaccount "deployer" deleted
on ⛵ 172-31-9-26:31103 in (test-dockercfg) ~ via 🐍 v3.9.18
❯ oc create sa builder
error: failed to create serviceaccount: serviceaccounts "builder" already exists
on ⛵ 172-31-9-26:31103 in (test-dockercfg) ~ via 🐍 v3.9.18
❯ oc get secrets
No resources found in test-dockercfg namespace.
Actual results:
When we created the new project the dockercfg secrets is not getting automatically created.
Expected results:
The dockercfg secrets should automatically got created.
Additional info:
They have tried deleting the service accounts as well.Earlier the image-registry was degraded but now image registry is also fine. KCM and OCM pods are also tried to restart.
I have seen controller is enabled:
oc get configmap openshift-controller-manager-config -o yaml
<cropped>
controllers:
- '*'
- -openshift.io/serviceaccount-pull-secrets
<cropped>
All capabilities are there in the HCP config.
$ oc get hostedcontrolplane -n clusters-<hosted-cluster-name> -o yaml
spec:
autoscaling: {}
capabilities: {}
In Image Registry is also in managed state.
$ oc get configs.imageregistry.operator.openshift.io/cluster -ojson | jq '.spec.managementState' "Managed"
what else can be checked? In KCM and OCM I am not seeing any specific error which points towards the dockercfg.
- duplicates
-
-
- Closed
-
