1804763 – oauth-proxy image cannot be referenced for disconnected installs

Bug 1804763 - oauth-proxy image cannot be referenced for disconnected installs

Summary: oauth-proxy image cannot be referenced for disconnected installs

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	apiserver-auth
Sub Component:
Version:	4.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	4.5.0
Assignee:	Michal Fojtik
QA Contact:	scheng
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1804765
TreeView+	depends on / blocked

Reported:	2020-02-19 15:14 UTC by Ben Parees
Modified:	2020-07-13 17:16 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	Feature: Allow consumption of oauth-proxy image in disconnected installs by external components (Istio) using openshift/oauth-proxy:v4.4 image stream tag.
Clone Of:
Clones:	1804765 (view as bug list)
Environment:
Last Closed:	2020-07-13 17:16:11 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cluster-samples-operator pull 228	0	None	closed	Bug 1804763: add imagestream for oauthproxy image	2020-11-05 23:39:49 UTC
Red Hat Product Errata	RHBA-2020:2409	0	None	None	None	2020-07-13 17:16:36 UTC

Description Ben Parees 2020-02-19 15:14:26 UTC

Description of problem:

The oauth-proxy image is used by various external products (e.g. OLM operators).  Currently they must reference all their images using SHAs to ensure they can be mirrored for disconnected installs.  However that means they must repackage their operator every time the SHA changes.

It would be better if they can simply reference the current image via an imagestreamtag provided by OCP.

We will introduce a new imagestreamtag that maps to the SHA from the OCP payload for the cluster and OLM components can reference that tag to ensure they are always getting the right image.


Actual results:
There is no oauth-proxy imagestreamtag in the openshift namespace

Expected results:
There will be an oauth-proxy imagestreamtag in the openshift namespace which resolves to the SHA of the oauth-proxy image from the cluster's payload.

Comment 3 Ben Parees 2020-03-02 14:39:59 UTC

reopening this since the PR that fixed it was reverted.

Comment 4 Stefan Schimanski 2020-05-19 10:56:02 UTC

Fixed through https://github.com/openshift/cluster-samples-operator/pull/241.

Comment 8 errata-xmlrpc 2020-07-13 17:16:11 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409

Note You need to log in before you can comment on or make changes to this bug.