Loading...

XML

Word

Printable

Type: Bug
Resolution: Not a Bug
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.11
Component/s: kube-apiserver
Labels:
- api

Severity:
Moderate
Regression:
No
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Customer Impact:

Customer Escalated

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:
PX Priority Data:

Description of problem:

In namespace openshift-kube-apiserver there are around 69 secrets copy maintained with name "encryption-config". 
~~~
$ oc get secrets  |grep -i encryption-config | wc -l
69
~~~

If i check yaml of any old secret then found it's having the finalizers - deletion protection$ omc get secret encryption-config-14 -o yaml
  deletionGracePeriodSeconds: 0
  deletionTimestamp: "2023-01-13T20:09:38Z"
  finalizers:
  - encryption.apiserver.operator.openshift.io/deletion-protection

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

1.
2.
3.

Actual results:

Expected results:

Additional info:

Slack discussion - https://redhat-internal.slack.com/archives/CB48XQ4KZ/p1676050606623079

is incorporated by

API-1711 Allow users to customize the encryption-config secrets TTL

API-1712 Prevent revision controller from attempting to delete some revisioned resources

links to

[KCS] openshift-kube-apiserver maintain multiple copied of encryption-config secret

Assignee:: Damien Grisonnet

Reporter:: Bikash Shaw

QA Contact:: Ke Wang

Votes:: 5 Vote for this issue

Watchers:: 17 Start watching this issue

Created:: 2023/02/16 3:34 PM

Updated:: 2024/05/17 8:02 AM

Resolved:: 2024/03/07 12:58 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates