Bug 2031688
| Summary: | hostpath-provisioner-operator deployment is referencing upstream images | ||
|---|---|---|---|
| Product: | Container Native Virtualization (CNV) | Reporter: | Simone Tiraboschi <stirabos> |
| Component: | Storage | Assignee: | Alexander Wels <awels> |
| Status: | CLOSED ERRATA | QA Contact: | Kevin Alon Goldblatt <kgoldbla> |
| Severity: | urgent | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.10.0 | CC: | alitke, awels, cnv-qe-bugs, dbasunag, ocohen, oshoval, yadu |
| Target Milestone: | --- | ||
| Target Release: | 4.10.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | hco-bundle-registry-container-v4.10.0-623 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-16 15:57:31 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** Bug 2032050 has been marked as a duplicate of this bug. *** The source of the problem is the csv-generator provided by the hpp operator release. It takes arguments for each of the images, and it will replace the values with the arguments provided. The question is, how do we identify these images during the build pipeline if we use this mechanism. Alexander. can you provide an update on this bug? It's getting pretty late in the game and I am sure we will need some time to resolve this before the 4.10 release. So basically little to no progress, having a meeting on Wednesday to discuss with the cpaas team what we can do in the short term and long term. I reached out to the OCS team but they haven't responded. in ... we have:
- name: OPERATOR_IMAGE
value: registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:7a1d1c8818393e0425c63c77da6c5221c28369e1e55a4c42d2830aac53c12125
- name: PROVISIONER_IMAGE
value: registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8@sha256:705c40f84f8b2f33db1ec32e60043a79950cba5c362fa2706bdcb5ed043ed213
- name: CSI_PROVISIONER_IMAGE
value: registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8@sha256:17c145818f4927e390531e077b7b21e47ffdc2e4b01ca035e68280db50f7b3b9
- name: NODE_DRIVER_REG_IMAGE
value: registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:ea9ccb4f3e7b7c7b4403342b4408a7b166172c979aac49abeae73a0a3fe37421
- name: LIVENESS_PROBE_IMAGE
value: registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:582d67667d31abc1574c5fc620818bfa0af309d01ba8588828c9822ad3e593e3
- name: CSI_SNAPSHOT_IMAGE
value: registry.redhat.io/openshift4/ose-csi-external-snapshotter@sha256:6d9dcdfb0f37377c2f137f158b35fb2522bd5f1ab7089f867eda1e88bca19fb9
- name: CSI_SIG_STORAGE_PROVISIONER_IMAGE
value: registry.redhat.io/openshift4/ose-csi-external-provisioner@sha256:4493269794089f70788f0c1a03f63211c98d768a9f33d20358b72a1223df597e
...
- image: registry.redhat.io/openshift4/ose-csi-external-provisioner@sha256:4493269794089f70788f0c1a03f63211c98d768a9f33d20358b72a1223df597e
name: registry.redhat.io/openshift4/ose-csi-external-provisioner:v4.9
- image: registry.redhat.io/openshift4/ose-csi-external-snapshotter@sha256:6d9dcdfb0f37377c2f137f158b35fb2522bd5f1ab7089f867eda1e88bca19fb9
name: registry.redhat.io/openshift4/ose-csi-external-snapshotter:v4.9
- image: registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:582d67667d31abc1574c5fc620818bfa0af309d01ba8588828c9822ad3e593e3
name: registry.redhat.io/openshift4/ose-csi-livenessprobe:v4.9
- image: registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:ea9ccb4f3e7b7c7b4403342b4408a7b166172c979aac49abeae73a0a3fe37421
name: registry.redhat.io/openshift4/ose-csi-node-driver-registrar:v4.9
we are currently referencing the most up to date images available in production so currently `v4.9` even if we are building for CNV v4.10.0.
We will start consuming OCP 4.10 CSI sidecars images only when it will be officially released.
Verified with the following code:
-----------------------------------------
oc version
Client Version: 4.10.0-202201270049.p0.g900705d.assembly.stream-900705d
Server Version: 4.10.0-fc.2
Kubernetes Version: v1.23.0+60f5a1c
[cnv-qe-jenkins@stg10-kevin-n8n4x-executor ~]$ oc get csv --all-namespaces
NAMESPACE NAME DISPLAY VERSION REPLACES PHASE
openshift-cnv kubevirt-hyperconverged-operator.v4.10.0 OpenShift Virtualization 4.10.0 kubevirt-hyperconverged-operator.v4.9.0 Succeeded
openshift-local-storage local-storage-operator.4.9.0-202112142229 Local Storage 4.9.0-202112142229 Succeeded
openshift-operator-lifecycle-manager packageserver Package Server 0.19.0 Succeeded
openshift-storage mcg-operator.v4.10.0 NooBaa Operator 4.10.0 Succeeded
openshift-storage ocs-operator.v4.10.0 OpenShift Container Storage 4.10.0 Succeeded
openshift-storage odf-operator.v4.10.0 OpenShift Data Foundation 4.10.0 Succeeded
Verified with the following scenario:
-----------------------------------------
I deployed the latest 4.10 d/s and this is the output from the:
oc describe pod hostpath-provisioner-operator-87cbb48f5-8fjml -n openshift-cnv
OPERATOR_NAME: hostpath-provisioner-operator
OPERATOR_IMAGE: registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:7a1d1c8818393e0425c63c77da6c5221c28369e1e55a4c42d2830aac53c12125
PROVISIONER_IMAGE: registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8@sha256:705c40f84f8b2f33db1ec32e60043a79950cba5c362fa2706bdcb5ed043ed213
CSI_PROVISIONER_IMAGE: registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8@sha256:17c145818f4927e390531e077b7b21e47ffdc2e4b01ca035e68280db50f7b3b9
NODE_DRIVER_REG_IMAGE: registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:ea9ccb4f3e7b7c7b4403342b4408a7b166172c979aac49abeae73a0a3fe37421
LIVENESS_PROBE_IMAGE: registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:582d67667d31abc1574c5fc620818bfa0af309d01ba8588828c9822ad3e593e3
CSI_SNAPSHOT_IMAGE: registry.redhat.io/openshift4/ose-csi-external-snapshotter@sha256:6d9dcdfb0f37377c2f137f158b35fb2522bd5f1ab7089f867eda1e88bca19fb9
CSI_SIG_STORAGE_PROVISIONER_IMAGE: registry.redhat.io/openshift4/ose-csi-external-provisioner@sha256:4493269794089f70788f0c1a03f63211c98d768a9f33d20358b72a1223df597e
Moving to VERIFIED!
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Virtualization 4.10.0 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0947 |
Description of problem: In the deployment of hostpath-provisioner-operator we see: - name: OPERATOR_NAME value: hostpath-provisioner-operator - name: OPERATOR_IMAGE value: quay.io/kubevirt/hostpath-provisioner-operator:latest - name: PROVISIONER_IMAGE value: quay.io/kubevirt/hostpath-provisioner:latest - name: CSI_PROVISIONER_IMAGE value: quay.io/kubevirt/hostpath-csi-driver:latest - name: NODE_DRIVER_REG_IMAGE value: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.2.0 - name: LIVENESS_PROBE_IMAGE value: k8s.gcr.io/sig-storage/livenessprobe:v2.3.0 - name: CSI_SNAPSHOT_IMAGE value: k8s.gcr.io/sig-storage/csi-snapshotter:v4.2.1 - name: CSI_SIG_STORAGE_PROVISIONER_IMAGE value: k8s.gcr.io/sig-storage/csi-provisioner:v2.2.1 Version-Release number of selected component (if applicable): hco-bundle-registry-container-v4.10.0-463 How reproducible: 100% Steps to Reproduce: 1. deploy CNV 2. check the env variables for hostpath-provisioner-operator 3. Actual results: we see a list of upstream images referenced by tags Expected results: we should reference only downstream images and only by digest (to support the disconnected scenario via ICSP) Additional info: This should be considered as a release blocker