Hide Forgot
Description of problem: OpenShift installer import EAP, AMQ, DataGrid ... imageStream and template regardless the users have the subscription or not. Some of xPaaS images need the entitlement, so this bug leads users to abuse the images Version-Release number of selected component (if applicable): - OSE 3.2 Steps to Reproduce: Installer OSE Actual results: oc get is,template -n openshift shows EAP imageStream and teamplte Expected results: Users can select if they import the imageStream and template which need xPaaS subscription Additional info: The list of images which need extra entitlement - https://access.redhat.com/solutions/1495513 These values works as xPaaS images. So, it doesn' work for some images like JWS https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_examples/tasks/main.yml#L115-L129
Hi Kenjiro, Right now there is no entitlement checking on these images. I agree we need to have a way to help guide the user to a supportable configuration for the entitlements they have.
Currently the installation of xPaaS templates and imagestreams is an optional task. The actual json files will reside on an Openshift node's filesystem, but importing the templates and imagestreams into the Openshift environment is optional. [1] Currently, the ansible examples [2] are set to install the xPaaS templates and imagestreams. This can be set to false, if desired. Is the request to block access to the registry and require entitlements? [1] https://docs.openshift.com/container-platform/3.3/install_config/imagestreams_templates.html#creating-image-streams-for-xpaas-middleware-images [2] https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_examples/defaults/main.yml#L6
Blocking access to the images is not a priority.
What is the suggested implementation here? We could make xpaas content opt-in rather than opt-out as it is now for enterprise installs. Moving to low severity.
Kenjiro, Setting openshift_examples_load_xpaas=false should disable this, can you try that? -- Scott
Scott, thank you for the suggestion. But the option stops importing templates under the `/usr/share/openshift/examples/xpaas-templates`[1]. So, it will exclude jws3*- (tomcat) and sso7*- templates. These are "xPaaS" images, but these do NOT need xPaaS subscription. So, the users want to include them. The customer's expectation is to distinguish the image/template which requires extra subscription requires or not. ref: https://docs.openshift.com/container-platform/3.6/install_config/imagestreams_templates.html#is-templates-core-sub
*** Bug 1552453 has been marked as a duplicate of this bug. ***
I'm sorry but we don't have capacity to provide this fine grained level of control over image streams. Our recommendation is to disable image stream management and curate the content as they see fit.