Bug 2027745
Summary: | default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Bram Verschueren <bverschu> |
Component: | Samples | Assignee: | David Peraza <dperaza> |
Status: | CLOSED ERRATA | QA Contact: | Jitendar Singh <jitsingh> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.9 | CC: | aos-bugs, asheth, dperaza, mharri |
Target Milestone: | --- | ||
Target Release: | 4.10.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-03-10 16:31:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bram Verschueren
2021-11-30 14:50:09 UTC
Looking into this, based on CRD https://github.com/openshift/api/blob/master/samples/v1/0000_10_samplesconfig.crd.yaml#L53 it looks like in most cases it will default to registry.redhat.io but I also do not see it in my 4.9.11 and 4.8.24 clusters: dperaza@dperaza-mac cluster-samples-operator % oc get configs.samples.operator.openshift.io/cluster -o json | jq .spec { "architectures": [ "x86_64" ], "managementState": "Managed" } Trying to figure out why it defaults to empty. Will keep you posted Yep that file is common between OKD and OCP, so it cannot list registry.redhat.io as the default. That field is really intended for mirroring scenarios. But yes, the imageConfigBlocksImageStreamCreation logic needs to properly handle the default case where an empty name is passed into it. If the name is empty, as long as the allowed list contains "registry.redhat.io", "registry.access.redhat.com", "quay.io", the method should return true Started to work on this fix, thanks for confirming @gmontero verified Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 Hello David, We have a customer facing this issue again in the OpenShift 4.10.14. The issue got resolved after implementing the workaround --oc patch configs.samples.operator.openshift.io cluster --type merge --patch '{"spec": {"samplesRegistry": "registry.redhat.io"}}, Can we reopen this bug? The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |