-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] cannot drop the username and password of a private registry in the secret cattle-system/cattle-private-registry in the downstream cluster once it is set on RKE1 downstream cluster #45605
Comments
Root causeWhen updating the private registries on an RKE1 downstream cluster Rancher always skips the entry whose password is empty. Rancher thinks the reason for an empty password is it has been migrated to a Secret, so skipping the entry can avoid wiping out the password from the Secret. The logic works well in most cases except the following one: once the username and password are set for a private registry on the RKE1 downstream cluster, we will not be able to unset those two values at the same time in the cases where the private registry does not require login anymore or the username and password are set by mistake at the first place. What was fixed, or what changes have occurredThe logic is updated such that now when updating the private registries on an RKE1 downstream cluster Rancher skips the private registry only if it meets all the following conditions:
Areas or cases that should be testedA matrix of cases can be derived from creating/updating a DS RKE1 cluster with/without a private registry that does/doesn't have a username and/or password. In all cases, the cattle-private-registry Secret, whose name is recorded at What areas could experience regressions?The same as the above. Are the repro steps accurate/minimal?Yes. |
The issue can validated on the latest v2.9-head tag |
This issue is waiting for an alpha/RC to properly test. |
QA TEST PLAN
|
Reproduced the issue on
REPRODUCTION STEPS
Now that this has been reproduced, will attempt to now validate with a tag that has the fix. |
Validated that this is addressed in ENVIRONMENT DETAILS
TEST RESULT
VALIDATION STEPS Scenario 1
Scenario 2
Scenario 3
|
Rancher Server Setup
Information about the Cluster
User Information
Describe the bug
When the private_registries parameter is set for a DS cluster, it creates a "cattle-private-registry" secret in the "cattle-system" namespace in that DS cluster that contains the docker config file.
If you ever set the user and password and now want to unset both of them, the secret in the DS will always contain the user/password data.
To Reproduce
Result
Observe that the secret is still in the DS cluster with the credentials set.
Expected Result
The secret does not contain the credentials after the cluster configuration changes.
SURE-8429
The text was updated successfully, but these errors were encountered: