Description of problem: The quota can be abused by creating image steam tags Version-Release number of selected component (if applicable): openshift v1.1.3-536-gda71953 kubernetes v1.2.0-alpha.7-703-gbc4550d etcd 2.2.5 How reproducible: always Steps to Reproduce: 1. To apply a quota to a project: more resource-quota.json { "apiVersion": "v1", "kind": "ResourceQuota", "metadata": { "name": "quota" }, "spec": { "hard": { "memory": "1Gi", "cpu": "20", "openshift.io/imagesize": "0.2Gi", "openshift.io/imagestreamsize": "0.2Gi", "openshift.io/projectimagessize": "0.2Gi", "pods": "10", "services": "5", "replicationcontrollers":"5", "resourcequotas":"1" } } } `oc create -f resource-quota.json -n zhouy` 2. Tag a public registry image to the project, the image size is 160M; `docker tag docker.io/zhouying7780/singlelayer hellotest:latest` 3. Push the image to integrated docker-registry. 4. Tag the ImageStream with another tag: `oc tag hellotest:latest mybase:v2` 5. Push the new ImageSteam again. 6. Check the quota info. Actual results: 5. Push successfully; 6. The quota info show that the Used of openshift.io/projectimagessize is bigger than the Hard of openshift.io/projectimagessize. [root@ip-172-18-6-56 amd64]# oc describe quota Name: quota Namespace: zhouy Resource Used Hard -------- ---- ---- cpu 0 20 memory 0 1Gi openshift.io/imagesize 0 214748364800m openshift.io/imagestreamsize 0 214748364800m openshift.io/projectimagessize 320204510 214748364800m pods 0 10 replicationcontrollers 0 5 resourcequotas 1 1 services 0 5 Expected results: The Used of openshift.io/projectimagessize should not exceed the Hard of openshift.io/projectimagessize. Additional info:
Origin PR addressing this: https://github.com/openshift/origin/pull/7930
Latest PR with reworked quota: https://github.com/openshift/origin/pull/8195
Since the latest strategy will not limit the total project-image-size , can we close this issue ?
Let's wait for a merge of the PR #8195.
Moving to ON_QA, they can close this when 8195 merges since they've begun testing 8195 already and this will not be relevant.
Will verify it until the PR #8195 to be merged.
Quota is being reworked once more. Blocked on PR #8195.
The quota refactor PR https://github.com/openshift/origin/pull/8195 has been merged. This bug is no longer relevant.
Confirmed with ami :devenv-rhel7_4354 , the issue has fixed. openshift v1.3.0-alpha.1-251-ga19279f kubernetes v1.3.0-alpha.1-331-g0522e63 etcd 2.3.0