Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Upgrade] Upgrade clears the syndesis-pull-secret link from service accounts

See original GitHub issue

This is a…


[ ] Feature request
[ ] Regression (a behavior that used to work and stopped working in a new release)
[X] Bug report  
[ ] Documentation issue or request

Description

I created the syndesis-pull-secret secret with my authentication details and deploy 7.3.1. Now when I do the upgrade, what the upgrade pod does is:

...
=== * Update resources (upgrade_40_update_resources)
      - ServiceAccount: force update (delete/create)
        * syndesis-default
        * syndesis-integration
        * syndesis-prometheus
        * syndesis-server
...

so it deletes the old SAs with linked secret and replaces them with the ones from the template and those do not have the pull secret linked.

We will need to have this script https://github.com/syndesisio/syndesis/blob/1.6.x/tools/upgrade/migration/resource/any/03_ensure_service_account_setup.sh but not as a migration script (those are called before the SAs are re-created) but as part of the upgrade_40_update_resources script, after apply_resources call: https://github.com/syndesisio/syndesis/blob/d0c9225266b7dda3f4c1df326ed0583f39618f5a/tools/upgrade/steps/upgrade_40_update_resources#L48-L56

Issue Analytics

State:
Created 4 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

nicolaferrarocommented, Jul 23, 2019

@avano if you already have a fix, please open the PR. I think the 1.6 migration script should be slightly changed to work on upstream (where we don’t have the pull secret), but it should be ok for 1.7.

0reactions

heiko-brauncommented, Jul 24, 2019

Fixed with https://github.com/syndesisio/syndesis/pull/6233

Top Results From Across the Web

Service Accounts | OpenShift Container Platform 3.11

To allow a secret to be used as an image pull secret by a service account's pods, run: $ oc secrets link --for=pull...

Creating and managing service accounts | IAM Documentation

This page explains how to create and manage service accounts using the Identity and Access Management (IAM) API, the Google Cloud console, and...

NGC Private Registry User Guide

This document describes how to use the NVIDIA® GPU Cloud (NGC) private registry. This guide assumes the user is familiar with Linux and ......

Adding pull secrets to service accounts in OpenShift ...

To make that work I need to make sure that every service account contains the corresponding pull secret. Especially when operators (like strimzi) ......

Azure resource provider operations | Microsoft Learn

In this article. This section lists the operations for Azure resource providers, which are used in built-in roles.