OCPBUGS-23418: Machine-config controller should not log about non-existent pull-secret changes

[dkhater-redhat]

- What I did
Fixed false-positive log spam where MCC logged "Re-syncing ControllerConfig due to secret pull-secret change" every ~25 minutes even though the pull-secret secret hadn't actually changed.

- How to verify it
Check logs on a running cluster

1. Install a cluster with this fix
2. Wait 1+ hours without modifying the pull-secret
3. Check MCC logs:
   oc logs -n openshift-machine-config-operator -l k8s-app=machine-config-controller -c machine-config-controller --tail=-1 | grep -c 'Re-syncing ControllerConfig due to secret pull-secret change'
4. Expected: Count should be 0 (no false positives)
5. Without fix: Count would be ~7+ over a few hours

- Description for the changelog

[dkhater-redhat]

/jira refresh

[dkhater-redhat]

/jira refresh

[umohnani8]

Great fix!
/lgtm
/approve

[dkhater-redhat]

/jira refresh

[openshift-ci-robot]

@dkhater-redhat: This pull request references Jira Issue OCPBUGS-23418, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @HarshwardhanPatil07

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[umohnani8]

/lgtm
/approve

[HarshwardhanPatil07]

Pre-merge Verification: PASSED

Environment Setup:
Platform: AWS
Fixed Version: 4.22.0-0-2026-02-06-055557-test-ci-ln-85jv8sb-latest

1. Verification on Fixed main (Success)

Observation: The count remained stable at 2 and did not increment over time (pull-secret was not modified).

Verification Steps:

harshpat@harshpat-thinkpadp1gen4i:~/Downloads$ oc get clusterversion
NAME      VERSION                                                AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.22.0-0-2026-02-06-055557-test-ci-ln-85jv8sb-latest   True        False         64m     Cluster version is 4.22.0-0-2026-02-06-055557-test-ci-ln-85jv8sb-latest

harshpat@harshpat-thinkpadp1gen4i:~/Downloads$ oc logs -n openshift-machine-config-operator -l k8s-app=machine-config-controller -c machine-config-controller --tail=-1 | grep -c 'Re-syncing ControllerConfig due to secret pull-secret change'
2

After some time

harshpat@harshpat-thinkpadp1gen4i:~/Downloads$ oc logs -n openshift-machine-config-operator -l k8s-app=machine-config-controller -c machine-config-controller --tail=-1 | grep -c 'Re-syncing ControllerConfig due to secret pull-secret change'
2

/label qe-approved
/verified by @HarshwardhanPatil07

[openshift-ci-robot]

@HarshwardhanPatil07: This PR has been marked as verified by @HarshwardhanPatil07.

Details

In response to this:

Pre-merge Verification: PASSED

Environment Setup:
Platform: AWS
Fixed Version: 4.22.0-0-2026-02-06-055557-test-ci-ln-85jv8sb-latest

1. Verification on Fixed main (Success)

Observation: The count remained stable at 2 and did not increment over time (pull-secret was not modified).

Verification Steps:

harshpat@harshpat-thinkpadp1gen4i:~/Downloads$ oc get clusterversion
NAME      VERSION                                                AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.22.0-0-2026-02-06-055557-test-ci-ln-85jv8sb-latest   True        False         64m     Cluster version is 4.22.0-0-2026-02-06-055557-test-ci-ln-85jv8sb-latest

harshpat@harshpat-thinkpadp1gen4i:~/Downloads$ oc logs -n openshift-machine-config-operator -l k8s-app=machine-config-controller -c machine-config-controller --tail=-1 | grep -c 'Re-syncing ControllerConfig due to secret pull-secret change'
2

After some time

harshpat@harshpat-thinkpadp1gen4i:~/Downloads$ oc logs -n openshift-machine-config-operator -l k8s-app=machine-config-controller -c machine-config-controller --tail=-1 | grep -c 'Re-syncing ControllerConfig due to secret pull-secret change'
2

/label qe-approved
/verified by @HarshwardhanPatil07

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[dkhater-redhat]

/retest-required

[dkhater-redhat]

/retest-required

[dkhater-redhat]

/test verify

[dkhater-redhat]

/verified by @HarshwardhanPatil07
had to push a change for the make verify error

[openshift-ci-robot]

@dkhater-redhat: This PR has been marked as verified by @HarshwardhanPatil07.

Details

In response to this:

/verified by @HarshwardhanPatil07
had to push a change for the make verify error

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[isabella-janssen]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dkhater-redhat, HarshwardhanPatil07, isabella-janssen, umohnani8

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [dkhater-redhat,isabella-janssen,umohnani8]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dkhater-redhat]

/retest-required

[openshift-ci-robot]

@dkhater-redhat: Jira Issue Verification Checks: Jira Issue OCPBUGS-23418
✔️ This pull request was pre-merge verified.
✔️ All associated pull requests have merged.
✔️ All associated, merged pull requests were pre-merge verified.

Jira Issue OCPBUGS-23418 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓

Details

In response to this:

- What I did
Fixed false-positive log spam where MCC logged "Re-syncing ControllerConfig due to secret pull-secret change" every ~25 minutes even though the pull-secret secret hadn't actually changed.

- How to verify it
Check logs on a running cluster

1. Install a cluster with this fix
2. Wait 1+ hours without modifying the pull-secret
3. Check MCC logs:
   oc logs -n openshift-machine-config-operator -l k8s-app=machine-config-controller -c machine-config-controller --tail=-1 | grep -c 'Re-syncing ControllerConfig due to secret pull-secret change'
4. Expected: Count should be 0 (no false positives)
5. Without fix: Count would be ~7+ over a few hours

- Description for the changelog

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[dkhater-redhat]

/cherry-pick release-4.21

[openshift-cherrypick-robot]

@dkhater-redhat: new pull request created: #5659

Details

In response to this:

/cherry-pick release-4.21

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.