1368078 – The resourcequota 'openshift.io/imagestreams' doesn't work

Bug 1368078 - The resourcequota 'openshift.io/imagestreams' doesn't work

Summary: The resourcequota 'openshift.io/imagestreams' doesn't work

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OKD
Classification:	Red Hat
Component:	Image Registry
Sub Component:
Version:	3.x
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	David Eads
QA Contact:	zhou ying
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-08-18 10:10 UTC by zhou ying
Modified:	2016-09-19 13:56 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-09-19 13:56:17 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description zhou ying 2016-08-18 10:10:43 UTC

Description of problem:
When exceed openshift.io/imagestreams resourcequota still could create imagestreams on project

Version-Release number of selected component (if applicable):
openshift version
openshift v1.3.0-alpha.3+f237d09
kubernetes v1.3.0+507d3a7
etcd 2.3.0+git

How reproducible:
Always

Steps to Reproduce:
1. Create resourcequota on project;
apiVersion: v1
kind: ResourceQuota
metadata:
  name: openshift-object-counts
spec:
  hard:
    openshift.io/imagestreams: "1"
2. Create imagestreams exceed the openshift.io/imagestreams resourcequota
    `oc tag busybox mybox:v1`
    `oc tag openshift/hello-openshift myis2:v2`

Actual results:
2. Could  create the second imagestream:
[root@dhcp-128-40 workdir]# oc get is
NAME      DOCKER REPO                       TAGS      UPDATED
mybox     172.30.119.240:5000/zhouy/mybox   v1        4 minutes ago
myis2     172.30.119.240:5000/zhouy/myis2   v2        4 minutes ago
[root@dhcp-128-40 workdir]# oc describe quota openshift-object-counts 
Name:                openshift-object-counts
Namespace:            zhouy
Resource            Used    Hard
--------            ----    ----
openshift.io/imagestreams    2    1

Expected results:
2. Should ban to create the second imagestream.

Additional info:

Comment 1 Avesh Agarwal 2016-08-18 13:39:45 UTC

I am working on to reproduce the issue on my local setup.

Comment 2 Michal Fojtik 2016-08-18 13:47:42 UTC

(In reply to Avesh Agarwal from comment #1)
> I am working on to reproduce the issue on my local setup.

I reproduced this locally, but I doubt this is a regression because we introduced limits in 3.2 and I'm not sure they ever worked for `oc tag`.

Comment 3 Avesh Agarwal 2016-08-18 13:59:15 UTC

I agree Michal, if they were not functional before, then it does not sound regression.

Comment 4 David Eads 2016-08-18 18:02:16 UTC

I think a couple changes were introduced that caused this to regress.  Fixed in https://github.com/openshift/origin/pull/10517

1. We started handling updates differently in quota admission
2. istag now has a create verb and the evaluator didn't handle it.

Comment 5 zhou ying 2016-08-19 07:37:58 UTC

Confirmed with ami:devenv-rhel7_4874 , the issue has fixed. 

[root@ip-172-18-14-199 amd64]# oc describe quota openshift-object-counts
Name:				openshift-object-counts
Namespace:			zhouy
Resource			Used	Hard
--------			----	----
openshift.io/imagestreams	0	1


[root@ip-172-18-14-199 amd64]# oc tag busybox mybox:v1
Tag mybox:v1 set to busybox.
[root@ip-172-18-14-199 amd64]# oc tag openshift/hello-openshift myis2:v2
Error from server: imagestreams "myis2" is forbidden: Exceeded quota: openshift-object-counts, requested: openshift.io/imagestreams=1, used: openshift.io/imagestreams=1, limited: openshift.io/imagestreams=1

Please modify the status to ON_QA, thanks.

Note You need to log in before you can comment on or make changes to this bug.