pullSecret issue in OKD4 docs

[andreaskaris]

This is a continuation of Closed ticket #264

Sorry for reopening this, but ...

I do not know which docs were updated, but clearly not this page:
https://docs.okd.io/latest/installing/installing_aws/installing-aws-default.html

Nor anything else in docs.okd.io

I'm reopening this because I'd expect that any installation related documentation should also mention the fake pull-secret from:
https://github.com/openshift/okd#getting-started

You will also be prompted for a pull-secret that will be made available to all of of your machines - for OKD4 you should either paste the pull-secret you use for your registry, or paste {"auths":{"fake":{"auth":"aWQ6cGFzcwo="}}} to bypass the required value check (see bug #182).

Or that it should clearly point non-RH registered users to a decent way to obtain a pull-secret.

Or how else are non-RH customers supposed to get a valid pull-secret?

[LorbusChris]

@andreaskaris people with no RH account are not supposed to get a valid pull-secret for the RH registry, which is why the fake pull secret (or your own podman authfile for e.g. quay.io) is supposed to be used in that case, because the OKD images are public/don't require this.

Does the fake pull secret on that line not work for you?

[LorbusChris]

Maybe we should just clarify this by saying: pass your compacted podman authfile/dockerconfigjson as pull secret. If you don't have one or don't need the cluster to pull images from any private repos that you have access to (for standard ops you probably don't need this), use the fake one.

[andreaskaris]

Hi,

@LorbusChris Thanks for the quick answer.

Just to clarify:

• what's here, is o.k and works: https://github.com/openshift/okd#getting-started

• this document here does not talk about the fake pull-secret: https://docs.okd.io/latest/installing/installing_aws/installing-aws-default.html (search for fake)

</html>[akaris@linux ~]$ curl https://docs.okd.io/latest/installing/installing_aws/installing-aws-default.html  | grep secret
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0                      Installing a cluster on AWS into a government or secret region
                    <a class="" href="../../openshift_images/managing_images/using-image-pull-secrets.html">
                      Using image pull secrets
                    <a class="" href="../../nodes/pods/nodes-pods-secrets.html">
 85  658k   85  560k    0     0   492k      0  0:00:01  0:00:01 --:--:--  492k                    <a class="" href="../../rest_api/security_apis/secret-core-v1.html">
<a href="https://cloud.redhat.com/openshift/install/pull-secret">Pull Secret</a> page on the Red Hat OpenShift Cluster Manager site, download your installation pull secret as a <code>.txt</code> file. This pull secret allows you to authenticate with the services that
<p>If you do not use the pull secret from the Red Hat OpenShift Cluster Manager site:</p>
<p>Obtain the OKD installation program and the pull secret for your
access key ID and secret access key for the user that you configured to run the
<p>The AWS access key ID and secret access key are stored in <code>~/.aws/credentials</code> in the home directory of the current user on the installation host. You are prompted for the credentials by the installation program if the credentials for the exported profile are not present in the file. Any credentials that you provide to the installation program are stored in the file.</p>
<p>Paste the pull secret that you obtained from the
<a href="https://cloud.redhat.com/openshift/install/pull-secret">Pull Secret</a> page on the Red Hat OpenShift Cluster Manager site.
100  658k  100  658k    0     0   572k      0  0:00:01  0:00:01 --:--:--  572k
[akaris@linux ~]$ curl https://docs.okd.io/latest/installing/installing_aws/installing-aws-default.html  | grep -i fake
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  658k  100  658k    0     0   668k      0 --:--:-- --:--:-- --:--:--  667k
[akaris@linux ~]$ 

This might be the wrong repository to report this, but docs.okd.io does not contain any references to the fake secret. You can corroborate this by going to: https://docs.okd.io/latest/welcome/index.html
and searching for "fake"

Thanks,

Andreas

[mburke5678]

@andreaskaris @LorbusChris The installation files are used in multiple installation types. Does the fake pull secret work across the board: AWS, GCP, Azure, oVirt, vSphere, VMC, etc?

PR in progress for this change: openshift/openshift-docs#32331

[mburke5678]

PR is merged

[mburke5678]

/close

[openshift-ci]

@mburke5678: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[andreaskaris]

Thank you for solving this so quickly!