Description of problem: The following OpenShift compliance-operator https://github.com/openshift/compliance-operator repository has used some private repository in deployment yaml files. Examples: $ grep quay compliance-operator/deploy/operator.yaml image: quay.io/jhrozek/compliance-operator value: "quay.io/jhrozek/openscap-ocp:remediations_demo" $ grep quay crds/complianceoperator.compliance.openshift.io_v1alpha1_compliancesuite_cr.yaml contentImage: quay.io/jhrozek/ocp4-openscap-content:remediation_demo contentImage: quay.io/jhrozek/ocp4-openscap-content:remediation_demo Version-Release number of selected component (if applicable): 4.4.0-0.nightly-2020-01-13-232206 How reproducible: Always Steps to Reproduce: 1. clone git repo $ git clone https://github.com/openshift/compliance-operator.git 2. Deploy CustomResourceDefinition. $ for f in $(ls -1 compliance-operator/deploy/crds/*crd.yaml); do oc create -f $f; done 3. Deploy compliance-operator. $ oc create -f compliance-operator/deploy/ Actual results: Private repository is getting used. $ oc describe pod/compliance-operator-86f46b74d9-68jft -n openshift-compliance |tail -8 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled <unknown> default-scheduler Successfully assigned openshift-compliance/compliance-operator-86f46b74d9-68jft to ip-10-0-59-226.us-east-2.compute.internal Normal Pulling 2m25s kubelet, ip-10-0-59-226.us-east-2.compute.internal Pulling image "quay.io/jhrozek/compliance-operator" <<---- Normal Pulled 2m19s kubelet, ip-10-0-59-226.us-east-2.compute.internal Successfully pulled image "quay.io/jhrozek/compliance-operator" <<---- Normal Created 2m19s kubelet, ip-10-0-59-226.us-east-2.compute.internal Created container compliance-operator Normal Started 2m19s kubelet, ip-10-0-59-226.us-east-2.compute.internal Started container compliance-operator Expected results: Private repository should not be used. Additional info:
This appears to be fixed, can you verify?
This issue has been fixed and I do not see the private repos are getting used in yaml files. $ grep quay compliance-operator/deploy/operator.yaml image: "quay.io/compliance-operator/compliance-operator:latest" value: "quay.io/compliance-operator/openscap-ocp:1.3.3" value: "quay.io/compliance-operator/compliance-operator:latest" $ grep quay compliance-operator/deploy/crds/compliance.openshift.io_v1alpha1_compliancesuite_cr.yaml contentImage: quay.io/complianceascode/ocp4:latest $ oc describe pod openscap-pod-22ba9770a7a1bc646eedd70b1ef5ef1037addc9b|tail Normal Pulled 68m kubelet, ip-10-0-153-172.us-east-2.compute.internal Successfully pulled image "quay.io/complianceascode/ocp4:latest" <<----- Normal Created 68m kubelet, ip-10-0-153-172.us-east-2.compute.internal Created container content-container Normal Started 68m kubelet, ip-10-0-153-172.us-east-2.compute.internal Started container content-container Normal Pulling 68m kubelet, ip-10-0-153-172.us-east-2.compute.internal Pulling image "quay.io/compliance-operator/compliance-operator:latest" <<----- Normal Pulled 68m kubelet, ip-10-0-153-172.us-east-2.compute.internal Successfully pulled image "quay.io/compliance-operator/compliance-operator:latest" <<----- Normal Created 68m kubelet, ip-10-0-153-172.us-east-2.compute.internal Created container log-collector Normal Started 68m kubelet, ip-10-0-153-172.us-east-2.compute.internal Started container log-collector Normal Pulled 68m kubelet, ip-10-0-153-172.us-east-2.compute.internal Container image "quay.io/compliance-operator/openscap-ocp:1.3.3" already present on machine <<----- Normal Created 68m kubelet, ip-10-0-153-172.us-east-2.compute.internal Created container openscap-ocp verified on : 4.5.0-0.nightly-2020-06-23-020504
The private repos are not getting used in compliance operator now. The issue has been fixed. Verified on: 4.6.0-0.nightly-2020-07-12-232219 $ grep quay compliance-operator/deploy/operator.yaml image: "quay.io/compliance-operator/compliance-operator:latest" value: "quay.io/compliance-operator/openscap-ocp:1.3.3" value: "quay.io/compliance-operator/compliance-operator:latest" value: "quay.io/complianceascode/ocp4:latest" $ oc describe pod compliance-operator-6bcbf66d5b-6dr7j|tail -5 Normal AddedInterface 14m multus Add eth0 [10.129.0.53/23] Normal Pulling 14m kubelet, ip-10-0-49-36.us-east-2.compute.internal Pulling image "quay.io/compliance-operator/compliance-operator:latest" Normal Pulled 13m kubelet, ip-10-0-49-36.us-east-2.compute.internal Successfully pulled image "quay.io/compliance-operator/compliance-operator:latest" <<---- Normal Created 13m kubelet, ip-10-0-49-36.us-east-2.compute.internal Created container compliance-operator Normal Started 13m kubelet, ip-10-0-49-36.us-east-2.compute.internal Started container compliance-operator $ oc describe pod workers-scan-ip-10-0-53-28.us-east-2.compute.internal-pod |tail -12 Normal Pulling 3m59s kubelet, ip-10-0-53-28.us-east-2.compute.internal Pulling image "quay.io/complianceascode/ocp4:latest" Normal Pulled 3m58s kubelet, ip-10-0-53-28.us-east-2.compute.internal Successfully pulled image "quay.io/complianceascode/ocp4:latest" <<---- Normal Created 3m58s kubelet, ip-10-0-53-28.us-east-2.compute.internal Created container content-container Normal Started 3m58s kubelet, ip-10-0-53-28.us-east-2.compute.internal Started container content-container Normal Pulling 3m57s kubelet, ip-10-0-53-28.us-east-2.compute.internal Pulling image "quay.io/compliance-operator/compliance-operator:latest" Normal Pulled 3m53s kubelet, ip-10-0-53-28.us-east-2.compute.internal Successfully pulled image "quay.io/compliance-operator/compliance-operator:latest" <<---- Normal Created 3m53s kubelet, ip-10-0-53-28.us-east-2.compute.internal Created container log-collector Normal Started 3m53s kubelet, ip-10-0-53-28.us-east-2.compute.internal Started container log-collector Normal Pulling 3m53s kubelet, ip-10-0-53-28.us-east-2.compute.internal Pulling image "quay.io/compliance-operator/openscap-ocp:1.3.3" Normal Pulled 3m49s kubelet, ip-10-0-53-28.us-east-2.compute.internal Successfully pulled image "quay.io/compliance-operator/openscap-ocp:1.3.3" <<---- Normal Created 3m49s kubelet, ip-10-0-53-28.us-east-2.compute.internal Created container openscap-ocp Normal Started 3m49s kubelet, ip-10-0-53-28.us-east-2.compute.internal Started container openscap-ocp
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196