Bug 1805250

Summary: oauth-proxy image cannot be referenced for disconnected installs
Product: OpenShift Container Platform Reporter: Ben Parees <bparees>
Component: apiserver-authAssignee: Stefan Schimanski <sttts>
Status: CLOSED ERRATA QA Contact: scheng
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.4CC: aos-bugs, mfojtik, ssadhale, sttts, xiuwang
Target Milestone: ---   
Target Release: 4.2.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1805247
: 1812489 (view as bug list) Environment:
Last Closed: 2020-06-03 09:26:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1812554    
Bug Blocks:    

Description Ben Parees 2020-02-20 15:02:42 UTC 
+++ This bug was initially created as a clone of Bug #1805247 +++

+++ This bug was initially created as a clone of Bug #1804765 +++

+++ This bug was initially created as a clone of Bug #1804763 +++

Description of problem:

The oauth-proxy image is used by various external products (e.g. OLM operators).  Currently they must reference all their images using SHAs to ensure they can be mirrored for disconnected installs.  However that means they must repackage their operator every time the SHA changes.

It would be better if they can simply reference the current image via an imagestreamtag provided by OCP.

We will introduce a new imagestreamtag that maps to the SHA from the OCP payload for the cluster and OLM components can reference that tag to ensure they are always getting the right image.


Actual results:
There is no oauth-proxy imagestreamtag in the openshift namespace

Expected results:
There will be an oauth-proxy imagestreamtag in the openshift namespace which resolves to the SHA of the oauth-proxy image from the cluster's payload.
Comment 1 Ben Parees 2020-05-18 15:34:48 UTC 
Stefan looks like this never got moved to modified?

PR is merged.
Comment 2 Stefan Schimanski 2020-05-20 08:51:45 UTC 
PRs merged.
Comment 8 Ben Parees 2020-06-01 02:54:32 UTC 
> I am unsure as to whether the issue where oauth proxy image is not referenced for disconnected installation is resolved and if resolved then which Bugzilla should be followed. 

This bug made it possible for operator manifests to reference the oauth proxy image by sha, which ensures that they can work in disconnected environments.

each individual operator needs to update its manifest to use the new imagestreamtag if they want to ensure they can work properly in a disconnected environment, this bug(and the related bugs which were for backporting the change to different openshift releases) does nothing to fix any specific operator.  You would need to talk to the individual operator teams to find out if they have made use of the new imagestreamtag and in what version of their operator they did so.
Comment 10 errata-xmlrpc 2020-06-03 09:26:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2307