Certain secrets can't be removed (the ones that identify the service account itself). others should be able to (bug if it can't).
On Wed, Sep 14, 2016 at 7:33 AM, Andre Esser <[email protected]> wrote: > On 2016-09-13 18:55, Clayton Coleman wrote: > >> On Sep 13, 2016, at 1:18 PM, Andre Esser <[email protected]> >>> wrote: >>> >>> It's Origin 1.2.1. >>> >>> Interesting entries in the node's /var/log/messages are: >>> -------------------------------------------------------------------> >>> [...] >>> origin-node: Pulling image eu.gcr.io/vb-europe/graylog-stack- >>> deployer:latest without credentials >>> [...] >>> <---------------------------------------------------------------------- >>> >>> 'without credentials' seems to indicate that the google-cloud-registry >>> secret isn't used at all? >>> >> >> Yeah. Can you double check that your created pod and service account >> names (and the linked secret names) all line up? >> > > OK, I figured out what was wrong. The secret had to be added to the > service account that was actually building the pod, which in our case is > different to the default account 'builder'. > > Also this had to be done for the project the pod was destined to be > running in, if it's not running in 'default'. > > I've noticed that once a secret has been added to a service account it can > no longer be removed. Is this correct? > > > Thanks, > > Andre >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
