Description
Summary:
Regression: KMM v2.0.0/v2.0.1 on OCP 4.14 is unable to pull the certified driver container image from Red Hat registry once the pre-built mode module is deployed in default openshift-kmm namespace. This behavior is unexpected as it is working on KMM v1 deployments. See issue filed in KMM downstream repo: rh-ecosystem-edge/kernel-module-management#992
Note: Only KMM v2.0.0/v2.0.1 is available on OCP 4.14+. KMM v1 is unavailable.
Analysis:
In KMM v1, the node successfully pulled the image with default OCP cluster global pull secret. In KMM v2, the worker pod pulls the image but the global pull secret is not mounted on the pod and thus the pull fails.
Workaround:
- Use command below to Copy global pull secret
pull-secretinopenshift-confignamespace toopenshift-kmmnamespace.
$ oc get secrets pull-secret -n openshift-config -o json | jq 'del(.metadata["namespace","creationTimestamp","resourceVersion","selfLink","uid","annotations"])' | oc apply -n openshift-kmm -f -
- Set module.spec.imageRepoSecret.name to
pull-secretin pre-build mode KMM Module intel-dgpu.yaml.
Impact:
Above workaround is an additional nontrivial step that impacts the user experience. Pre-built mode is intended to be as seamless as possible.
Tentative Proposal:
Request KMM to use the global pull secret and mount it on the worker pod.
Update:
Fix to be included in KMM 2.0.2, official release target Feb 27