Bug 2002368

Summary: samples should not go degraded when image allowedRegistries blocks imagestream creation
Product: OpenShift Container Platform Reporter: Gabe Montero <gmontero>
Component: SamplesAssignee: Gabe Montero <gmontero>
Status: CLOSED ERRATA QA Contact: Jitendar Singh <jitsingh>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.10CC: aos-bugs, dperaza, susdas, xiuwang
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
* Before this update, various allowed and blocked registry configuration options in the cluster image configuration might prevent the Cluster Samples Operator from creating image streams. As a result, the samples operator might mark itself as degraded, which impacted the general {product-title} install and upgrade status. + In various circumstances, the management state of the Cluster Samples Operator can transition to `Removed`. With this update, these circumstances include when the image controller configuration parameters prevent the creation of image streams by using either the default image registry or the image registry specified by the `samplesRegistry` setting. The Operator status also indicates that the cluster image configuration is preventing the creation of the sample image streams. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2002368[BZ#2002368])
Story Points: ---
Clone Of:
: 2009722 (view as bug list) Environment:
Last Closed: 2022-03-10 16:08:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 2009722    

Description Gabe Montero 2021-09-08 16:06:26 UTC
Description of problem:

the allowed/blocked registry image config feature returns 


on imagestream create if the registry used for samples is not allowed.

Samples operator currently marks itself degraded when it encounters such errors, which can mess up upgrades.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:

Actual results:

Expected results:

Don't go degraded, but note situation in config/clusteroperator object, minimally.

Ideally, we add metric and fire alert, which is aligned with what we do with failed imports.

Additional info:

Comment 1 Gabe Montero 2021-09-08 16:07:02 UTC
Talking for now.  Working with David and Adam to decide how to partition works.

Comment 2 Gabe Montero 2021-09-15 17:58:27 UTC
Jitendar - for verification, we do not need to worry about disconnected cluster, like with the original github issue.

You can verify by configuring the allowed/blocked registry fields as described at https://docs.openshift.com/container-platform/4.8/openshift_images/image-configuration.html along with using the default samples registry overriding it and mirroring images per https://docs.openshift.com/container-platform/4.8/openshift_images/samples-operator-alt-registry.html to verify that
a) samples bootstrap as removed when the whichever registry it is pointed to (either override, or default of registry.redhat.io) is prevented by the global image configuration
b) samples boostraps as managed and installs samples when whichever registry it is pointed to is allowed by the global image configuration.

As before, since that global image configuration is covered by XiuJuan (who I have cc:ed here) feel free to coordiate with her on test cases, etc. since we are testing the integration of both these functions.

I have also cc:ed Sushanta Das, who is the QE contact with the apps services team, and is suppose to be the new QA contact for samples, replacing you :-)

Let's use this verification effort as a means of helping him get up to speed in verifying samples.


Comment 4 Jitendar Singh 2021-10-01 09:53:41 UTC

Comment 7 errata-xmlrpc 2022-03-10 16:08:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.