Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4548

Uninstalling of QuayBridgeOperator or deletion of QuayIntegration object is not cleaning of the finalizers from non-openshift namespaces

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Normal
    • None
    • quay-3.7
    • quay-operator
    • False
    • None
    • False
    • Hide

      Here are the detailed steps to reproduce the issue:

      • Create a project qbo-secrets
      • checked the default secrets (6 secrets)
        ~~~~
        $ oc get secrets
        NAME TYPE DATA AGE
        builder-dockercfg-zkqlr kubernetes.io/dockercfg 1 10m
        builder-token-5p9w2 kubernetes.io/service-account-token 4 10m
        default-dockercfg-v7b92 kubernetes.io/dockercfg 1 10m
        default-token-6rdxp kubernetes.io/service-account-token 4 10m
        deployer-dockercfg-lj7kg kubernetes.io/dockercfg 1 10m
        deployer-token-htmhf kubernetes.io/service-account-token 4 10m
        ~~~
      • Installed Quay Bridge Operator (QBO)
      • Checked the secrets from qbo-secrets project and found same 6 secrets
      • Created QuayIntegration CRD
      • Checked the secrets in the same project qbo-secrets and noticed it created additional 3 secrets.
      • builder-quay-openshift
      • default-quay-openshift
      • deployer-quay-openshift
        ~~~~
        $ oc get secrets

      NAME TYPE DATA AGE
      builder-dockercfg-zkqlr kubernetes.io/dockercfg 1 12m
      builder-quay-openshift kubernetes.io/dockerconfigjson 1 33s <-----------
      builder-token-5p9w2 kubernetes.io/service-account-token 4 12m
      default-dockercfg-v7b92 kubernetes.io/dockercfg 1 12m
      default-quay-openshift kubernetes.io/dockerconfigjson 1 33s <--------------
      default-token-6rdxp kubernetes.io/service-account-token 4 12m
      deployer-dockercfg-lj7kg kubernetes.io/dockercfg 1 12m
      deployer-quay-openshift kubernetes.io/dockerconfigjson 1 33s <--------------
      deployer-token-htmhf kubernetes.io/service-account-token 4 12m
      ~~~~

      • created a new httpd application in the same project and it was running fine
      • Then deleted the QBO and checked the secrets and noticed the extra 3 secrets are not deleted
      • Then deleted QuayIntegration CRD and then checked the secerts again in the same project and noticed all the secrets are there, it did not delete 3 additional secerts
      • Also noticed QuayIntegration CRD added additional 3 secerts in all the projects named without "openshift-".
      Show
      Here are the detailed steps to reproduce the issue: Create a project qbo-secrets checked the default secrets (6 secrets) ~~~~ $ oc get secrets NAME TYPE DATA AGE builder-dockercfg-zkqlr kubernetes.io/dockercfg 1 10m builder-token-5p9w2 kubernetes.io/service-account-token 4 10m default-dockercfg-v7b92 kubernetes.io/dockercfg 1 10m default-token-6rdxp kubernetes.io/service-account-token 4 10m deployer-dockercfg-lj7kg kubernetes.io/dockercfg 1 10m deployer-token-htmhf kubernetes.io/service-account-token 4 10m ~~~ Installed Quay Bridge Operator (QBO) Checked the secrets from qbo-secrets project and found same 6 secrets Created QuayIntegration CRD Checked the secrets in the same project qbo-secrets and noticed it created additional 3 secrets. builder-quay-openshift default-quay-openshift deployer-quay-openshift ~~~~ $ oc get secrets NAME TYPE DATA AGE builder-dockercfg-zkqlr kubernetes.io/dockercfg 1 12m builder-quay-openshift kubernetes.io/dockerconfigjson 1 33s <----------- builder-token-5p9w2 kubernetes.io/service-account-token 4 12m default-dockercfg-v7b92 kubernetes.io/dockercfg 1 12m default-quay-openshift kubernetes.io/dockerconfigjson 1 33s <-------------- default-token-6rdxp kubernetes.io/service-account-token 4 12m deployer-dockercfg-lj7kg kubernetes.io/dockercfg 1 12m deployer-quay-openshift kubernetes.io/dockerconfigjson 1 33s <-------------- deployer-token-htmhf kubernetes.io/service-account-token 4 12m ~~~~ created a new httpd application in the same project and it was running fine Then deleted the QBO and checked the secrets and noticed the extra 3 secrets are not deleted Then deleted QuayIntegration CRD and then checked the secerts again in the same project and noticed all the secrets are there, it did not delete 3 additional secerts Also noticed QuayIntegration CRD added additional 3 secerts in all the projects named without "openshift-".
    • 0

    Description

      *Environment: *

      • ocp4.11
      • Quay 3.7.8

      Issue: Uninstallation of QuayBridgeOperator or deletion of QuayIntegration object is not deleting the OCP secrets in a project representing robot accounts

      Here are the steps to reproduce the issue
      1.Create the QuayBridgeOperator and the "quayintegration" custom resource.

      2. Create a project (OCP project)

      3. Create a "build" for an image in the project created in step 2.

      4. Create the corresponding image stream that the build populates in the project created in step 2.

      5. Delete the QuayBridgeOperator

      6. The OCP secrets representing the Quay Robot Accounts are still there.

      Attachments

        Activity

          People

            Unassigned Unassigned
            rhn-support-mjahangi Muhammad Selim Jahangir
            Votes:
            3 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated: