Bug 2087032

Summary: Operator-sdk "run bundle" "run bundleup-grade" can't support proxy env
Product: OpenShift Container Platform Reporter: Fan Jia <jfan>
Component: Operator SDKAssignee: Bryce Palmer <bpalmer>
Status: CLOSED ERRATA QA Contact: Fan Jia <jfan>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.11CC: cchantse
Target Milestone: ---   
Target Release: 4.12.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-17 19:48:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Fan Jia 2022-05-17 07:32:50 UTC 
Description of problem:
Operator-sdk "run bundle" "run bundle-upgrade" can't support proxy env since the generated catalogsource pod get the bundle image without the proxy configuration.

Version-Release number of selected component (if applicable):
operator-sdk version: "v1.20.0-ocp", commit: "deb99d5a456fa32c3153de89d940ee05b603c83b", kubernetes version: "v1.23", go version: "go1.17.4", GOOS: "linux", GOARCH: "amd64"


How reproducible:
always

Steps to Reproduce:
1.setup one proxy cluster
2.operator-sdk run bundle quay.io/xxxx/blacklist-bundle:v4.10

Actual results:
The catalogsource pods can't get the bundle image.
1.$oc get pods
NAME                                   READY   STATUS             RESTARTS        AGE
quay-io-xxxx-blacklist-bundle-v4-10   0/1     CrashLoopBackOff   8 (3m38s ago)   24m

2.$ oc logs quay-io-xxxx-blacklist-bundle-v4-10
`
time="2022-05-17T07:14:55Z" level=warning msg="\x1b[1;33mDEPRECATION NOTICE:\nSqlite-based catalogs and their related subcommands are deprecated. Support for\nthem will be removed in a future release. Please migrate your catalog workflows\nto the new file-based catalog format.\x1b[0m"
time="2022-05-17T07:14:55Z" level=info msg="adding to the registry" bundles="[quay.io/xxxx/blacklist-bundle:v4.10]"
time="2022-05-17T07:15:25Z" level=info msg="trying next host" error="failed to do request: Head \"https://quay.io/v2/xxxx/blacklist-bundle/manifests/v4.10\": dial tcp 3.227.212.61:443: i/o timeout" host=quay.io
time="2022-05-17T07:15:25Z" level=error msg="permissive mode disabled" bundles="[quay.io/xxxx/blacklist-bundle:v4.10]" error="[error resolving name : failed to do request: Head \"https://quay.io/v2/xxxx/blacklist-bundle/manifests/v4.10\": dial tcp 3.227.212.61:443: i/o timeout, image \"quay.io/xxxx/blacklist-bundle:v4.10\": not found]"
Error: [error resolving name : failed to do request: Head "https://quay.io/v2/xxxx/blacklist-bundle/manifests/v4.10": dial tcp 3.227.212.61:443: i/o timeout, image "quay.io/xxxx/blacklist-bundle:v4.10": not found]
Usage:
  opm registry add [flags]
`

Expected results:
Command "run bundle" success and the catalogsource pod is running status.

Additional info:
Comment 1 Fan Jia 2022-05-17 07:36:19 UTC 
The proxy configuration can be added to the operators by the way of "make deploy". Should we notice customer about this if we don't support the "run bundle" in the proxy env.
Comment 2 Bryce Palmer 2022-07-05 20:37:38 UTC 
Updated the cli and cli documentation upstream to mention that the bundle image provided to the `operator-sdk run bundle` and `operator-sdk run bundle-upgrade` commands should be pullable by the cluster. These commands do not support the proxy env. This change should make it downstream in the next downstream sync.
Comment 4 Fan Jia 2022-07-07 10:35:55 UTC 
operator-sdk version: "v1.22.0-20-g4070e40e", commit: "4070e40ec79cc78d538d20a139bad5e909ce695e", kubernetes version: "v1.24.1", go version: "go1.18.3", GOOS: "linux", GOARCH: "amd64"
./operator-sdk run bundle -h
The single argument to this command is a bundle image, with the full registry path specified.
If using a docker.io image, you must specify docker.io(/<namespace>)?/<bundle-image-name>:<tag>.
If the bundle image provided is a SQLite index, it must be pullable by the cluster as SQLite images are pulled from the cluster.
If the bundle image provided is a File-Based Catalog (FBC) index, it will be pulled on the local machine.

./operator-sdk run bundle-upgrade -h
The single argument to this command is a bundle image, with the full registry path specified.
If using a docker.io image, you must specify docker.io(/<namespace>)?/<bundle-image-name>:<tag>.
If the bundle image provided is a SQLite index, it must be pullable by the cluster as SQLite images are pulled from the cluster.
If the bundle image provided is a File-Based Catalog (FBC) index, it will be pulled on the local machine.

Will test again when the PR is merged in next 4.11 release.
Comment 8 errata-xmlrpc 2023-01-17 19:48:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399