Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-3504

console-cr-form creating too many service-account secrets

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Not a Bug
    • 7.8.0.GA, 7.9.1.GA
    • None
    • Cloud
    • None
    • OpenShift Container Platform 4.5 and 4.6

    • False
    • False
    • Undefined
    • ---
    • ---
    • 2021 Week 10-12 (from Mar 8)

    Description

      Two OCP clusters (4.5 and 4.6) recently have been left unusable by seemingly runaway secret creation due to RH PAM operator.

      Common factor in both cases was RH PAM operator installed, and some time afterwards, the cluster was degraded due to large volume of data writes to ETCD DB.

       

      PAM operator was version 7.9.1-1

       

      One cluster found these "console-cr" secrets in post analysis of ETCD DB

      ~~~

      65901 /kubernetes.io/secrets/bpm-dva/console-cr-form-dockercfg

      190686 /kubernetes.io/secrets/bpm-dva/console-cr-form-token

      ~~~

       

      Another customer:

      "It had over 8700 secrets created for the console-cr service account ( 110 MB of secrets )"

       

      No further info available from either cluster sorry as they were nuked after issue could not be resolved.

      Attachments

        Activity

          People

            tohughes Tommy Hughes
            rhn-support-bshirren Brendan Shirren
            Jakub Schwan Jakub Schwan
            Jakub Schwan Jakub Schwan
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: