Description of problem: There are 3 tags: v1, v2 and latest. Enabled scheduled import on tag "v2". oc import-image app --from=kunimare.usersys.redhat.com:5000/test/app --confirm --all --insecure oc tag kunimare.usersys.redhat.com:5000/test/app:latest app:v2 --insecure=true --scheduled=true When docker push to "latest" tag, the image stream tag "latest" is updated within the scheduled import. Version-Release number of selected component (if applicable): $ openshift version openshift v3.6.173.0.49 kubernetes v1.6.1+5115d708d7 etcd 3.2.1 How reproducible: Always Steps to Reproduce: $ oc import-image app --from=kunimare.usersys.redhat.com:5000/test/app --confirm --all --insecure $ oc tag kunimare.usersys.redhat.com:5000/test/app:latest app:v2 --insecure=true --scheduled=true $ oc describe is Name: app Namespace: test-import Created: 24 seconds ago Labels: <none> Annotations: openshift.io/image.dockerRepositoryCheck=2017-11-20T05:07:07Z Docker Pull Spec: 172.30.100.180:5000/test-import/app Image Lookup: local=false Unique Images: 2 Tags: 3 latest tagged from kunimare.usersys.redhat.com:5000/test/app:latest will use insecure HTTPS or HTTP connections * kunimare.usersys.redhat.com:5000/test/app@sha256:5fa3855815ef2eb8cb73632e35005078e59e3ad1c1c14ecaeeec070e65a25ee6 24 seconds ago v1 tagged from kunimare.usersys.redhat.com:5000/test/app:v1 will use insecure HTTPS or HTTP connections * kunimare.usersys.redhat.com:5000/test/app@sha256:a6929df10c9db619356a413f7cb094b9c4f59ee6c487ef8bbafb2074ddbded4c 24 seconds ago v2 updates automatically from registry kunimare.usersys.redhat.com:5000/test/app:v2 will use insecure HTTPS or HTTP connections * kunimare.usersys.redhat.com:5000/test/app@sha256:5fa3855815ef2eb8cb73632e35005078e59e3ad1c1c14ecaeeec070e65a25ee6 24 seconds ago $ sudo docker tag kunimare.usersys.redhat.com:5000/test/app:v1 kunimare.usersys.redhat.com:5000/test/app:latest $ sudo docker push kunimare.usersys.redhat.com:5000/test/app:latest $ oc describe is Name: app Namespace: test-import Created: About a minute ago Labels: <none> Annotations: openshift.io/image.dockerRepositoryCheck=2017-11-20T05:08:31Z Docker Pull Spec: 172.30.100.180:5000/test-import/app Image Lookup: local=false Unique Images: 2 Tags: 3 latest tagged from kunimare.usersys.redhat.com:5000/test/app:latest will use insecure HTTPS or HTTP connections * kunimare.usersys.redhat.com:5000/test/app@sha256:a6929df10c9db619356a413f7cb094b9c4f59ee6c487ef8bbafb2074ddbded4c 1 second ago kunimare.usersys.redhat.com:5000/test/app@sha256:5fa3855815ef2eb8cb73632e35005078e59e3ad1c1c14ecaeeec070e65a25ee6 About a minute ago v1 tagged from kunimare.usersys.redhat.com:5000/test/app:v1 will use insecure HTTPS or HTTP connections * kunimare.usersys.redhat.com:5000/test/app@sha256:a6929df10c9db619356a413f7cb094b9c4f59ee6c487ef8bbafb2074ddbded4c About a minute ago v2 updates automatically from registry kunimare.usersys.redhat.com:5000/test/app:v2 will use insecure HTTPS or HTTP connections * kunimare.usersys.redhat.com:5000/test/app@sha256:5fa3855815ef2eb8cb73632e35005078e59e3ad1c1c14ecaeeec070e65a25ee6 About a minute ago Actual results: "latest" imported with scheduled import on "v2" tag Expected results: "latest" is not imported with scheduled import on "v2" tag Additional info: Looks like same behavior applies to insecure. When "oc tag" performed without --insecure=true on a particular tag, import failed on all tags. Single tag update affects to all tags.
Initial description has a typo "app:latest": oc import-image app --from=kunimare.usersys.redhat.com:5000/test/app --confirm --all --insecure oc tag kunimare.usersys.redhat.com:5000/test/app:latest app:v2 --insecure=true --scheduled=true Actually it's tested with "app:v2": oc import-image app --from=kunimare.usersys.redhat.com:5000/test/app --confirm --all --insecure oc tag kunimare.usersys.redhat.com:5000/test/app:v2 app:v2 --insecure=true --scheduled=true and scheduled image imports "latest" updates.
what is kunimare.usersys.redhat.com:5000? is that a route to the openshift internal cluster registry, or is that an external registry? also need to see the full imagestream yaml.
Created attachment 1357107 [details] ImageStream yaml output after the test
> what is kunimare.usersys.redhat.com:5000? is that a route to the openshift internal cluster registry, or is that an external registry? It's an external registry.
I confirm the behaviour. # docker run -d -p 5000:5000 --name registry registry # docker tag 422dc563ca32 localhost:5000/test/app:v1 # docker tag d1fd7d86a825 localhost:5000/test/app:v2 # docker tag d1fd7d86a825 localhost:5000/test/app:latest # docker push localhost:5000/test/app:v1 # docker push localhost:5000/test/app:v2 # docker push localhost:5000/test/app:latest # oc import-image app --from=localhost:5000/test/app --confirm --all --insecure # oc tag localhost:5000/test/app:v2 app:v2 --insecure=true --scheduled=true # oc describe is Name: app Namespace: demo Created: About a minute ago Labels: <none> Annotations: openshift.io/image.dockerRepositoryCheck=2018-01-19T22:21:52Z Docker Pull Spec: 172.30.138.244:5000/demo/app Image Lookup: local=false Unique Images: 2 Tags: 3 latest tagged from localhost:5000/test/app:latest will use insecure HTTPS or HTTP connections * localhost:5000/test/app@sha256:feb40d14cd33e646b9985e2d6754ed66616fedb840226c4d917ef53d616dcd6c About a minute ago v1 tagged from localhost:5000/test/app:v1 will use insecure HTTPS or HTTP connections * localhost:5000/test/app@sha256:1b9bfb4e634dc1e5c19d0fa1eb2e5a28a5c2b498e3d3e4ac742bd7f5dae08611 About a minute ago v2 updates automatically from registry localhost:5000/test/app:v2 will use insecure HTTPS or HTTP connections * localhost:5000/test/app@sha256:feb40d14cd33e646b9985e2d6754ed66616fedb840226c4d917ef53d616dcd6c About a minute ago # docker tag 422dc563ca32 localhost:5000/test/app:latest # docker push localhost:5000/test/app:latest # oc describe is Name: app Namespace: demo Created: 3 minutes ago Labels: <none> Annotations: openshift.io/image.dockerRepositoryCheck=2018-01-19T22:23:37Z Docker Pull Spec: 172.30.138.244:5000/demo/app Image Lookup: local=false Unique Images: 2 Tags: 3 latest tagged from localhost:5000/test/app:latest will use insecure HTTPS or HTTP connections * localhost:5000/test/app@sha256:1b9bfb4e634dc1e5c19d0fa1eb2e5a28a5c2b498e3d3e4ac742bd7f5dae08611 48 seconds ago localhost:5000/test/app@sha256:feb40d14cd33e646b9985e2d6754ed66616fedb840226c4d917ef53d616dcd6c 3 minutes ago v1 tagged from localhost:5000/test/app:v1 will use insecure HTTPS or HTTP connections * localhost:5000/test/app@sha256:1b9bfb4e634dc1e5c19d0fa1eb2e5a28a5c2b498e3d3e4ac742bd7f5dae08611 3 minutes ago v2 updates automatically from registry localhost:5000/test/app:v2 will use insecure HTTPS or HTTP connections * localhost:5000/test/app@sha256:feb40d14cd33e646b9985e2d6754ed66616fedb840226c4d917ef53d616dcd6c 3 minutes ago
https://github.com/openshift/origin/pull/18199
I can still reproduce this issue with openshift v3.9.0-0.47.0 with below steps: 1. oc import-image app --from=docker.io/wzheng/ruby-22-centos7 --confirm --all --insecure 2. oc tag docker.io/wzheng/ruby-22-centos7:v2 app:v2 --insecure=true --scheduled=true 3. $ sudo docker tag docker.io/wzheng/ruby-22-centos7:v1 docker.io/wzheng/ruby-22-centos7:latest $ sudo docker push docker.io/wzheng/ruby-22-centos7:latest 4. $ oc describe is Name: app Namespace: wzheng3 Created: About a minute ago Labels: <none> Annotations: openshift.io/image.dockerRepositoryCheck=2018-02-22T09:24:39Z Docker Pull Spec: docker-registry.default.svc:5000/wzheng3/app Image Lookup: local=false Unique Images: 2 Tags: 4 latest tagged from docker.io/wzheng/ruby-22-centos7:latest will use insecure HTTPS or HTTP connections * docker.io/wzheng/ruby-22-centos7@sha256:fc4fe46e2db742bbe5ca2078ea5137e67beaad97070281b8df35379a26ef27b6 About a minute ago v1 tagged from docker.io/wzheng/ruby-22-centos7:v1 will use insecure HTTPS or HTTP connections * docker.io/wzheng/ruby-22-centos7@sha256:68c6c65b2dfb6af6540d06e4515d0d2325781741f7c2de830dc893ee561dbfab About a minute ago v2 updates automatically from registry docker.io/wzheng/ruby-22-centos7:v2 will use insecure HTTPS or HTTP connections * docker.io/wzheng/ruby-22-centos7@sha256:fc4fe46e2db742bbe5ca2078ea5137e67beaad97070281b8df35379a26ef27b6 About a minute ago
Verified openshift v3.9.0-0.47.0 kubernetes v1.9.1+a0ce1bc657 etcd 3.2.8 $ oc describe is Name: mysql Namespace: dyan1 Created: 17 minutes ago Labels: <none> Annotations: openshift.io/image.dockerRepositoryCheck=2018-02-22T09:45:30Z Docker Pull Spec: docker-registry.default.svc:5000/dyan1/mysql Image Lookup: local=false Unique Images: 2 Tags: 2 latest tagged from docker.io/dyan/mysql * docker.io/dyan/mysql@sha256:e1bb7bde4075033586516681e6f2bb47dbe2cea6ec0187320b1f17da079c2f23 17 minutes ago v5 updates automatically from registry docker.io/dyan/mysql * docker.io/dyan/mysql@sha256:4cee1979ba0bf7db9fc5d28fb7b798ca69ae95a47c5fecf46327720df4ff352d About a minute ago docker.io/dyan/mysql@sha256:e1bb7bde4075033586516681e6f2bb47dbe2cea6ec0187320b1f17da079c2f23 16 minutes ago
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0489