Bug 1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc.
Summary: image pruner is not aware of image policy annotation, StatefulSets, etc.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: ImageStreams
Version: 4.4
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
: 4.7.0
Assignee: Ricardo Maraschini
QA Contact: XiuJuan Wang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-17 15:41 UTC by Oleg Bulatov
Modified: 2022-05-26 16:14 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Image pruner was not taking into account a series of objects when gathering its list of images in use. Consequence: Some images might be wrongly pruned due to this. Fix: Made pruner to consider objects of type StatefulSets, Jobs and CronJobs when gathering images in use. Result: Problem fixed and now images in use by these objects are not pruned anymore.
Clone Of:
Environment:
Last Closed: 2021-02-24 15:18:31 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift oc pull 671 0 None closed Bug 1880068: Take StatefulSets, Jobs and CronJobs into account during image prune 2021-01-25 13:39:48 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:19:03 UTC

Description Oleg Bulatov 2020-09-17 15:41:38 UTC
Description of problem:

The image pruner is not aware of StatefulSets, Jobs, CronJobs, etc.
Also it's not aware of the annotation alpha.image.policy.openshift.io/resolve-names

Version-Release number of selected component (if applicable):

4.x

How reproducible:

Always

Steps to Reproduce:
1. create an image stream with an image A
2. create a statefulset from the image stream (it should use the image A)
3. scale it down to 0 replicas
4. push 3 new images to the same image stream
5. run the pruner with default options (keep-tag-revisions=3)

Actual results:

the image A is deleted from the image stream

Expected results:

the image A is kept because it's used by the statefulset

Additional info:

Comment 6 XiuJuan Wang 2021-01-18 10:23:45 UTC
Client Version: 4.7.0-0.nightly-2021-01-17-153039
steps:
1. create an image stream with an image A
2. create a statefulset|jobs|cronjobs from the image stream (it should use the image A)
3. scale it down to 0 replicas
4. push 3 new images to the same image stream
5. run the pruner with default options(--keep-tag-revisions=3) and --keep-younger-than=0m(since the default --keep-younger-than is 60m, and my imagestream is younger than 1h)
$oc adm prune images  --keep-tag-revisions=3  --registry-url=default-route-openshift-image-registry.apps.qe-ui47-0118.qe.devcluster.openshift.com  --loglevel=8  --keep-younger-than=0m

Could see the log, only revision 4 of the imagestream is pruned.

I0118 18:14:26.759804   27802 prune.go:906] imagestream xiuwang/statefulset: tag latest: revision 1: keeping sha256:3f205876e1e6d05d693c8fc94e7abf7137f20767c66c636431774f1ea37094d6 because tag is used by statefulset/hello-statefulset namespace=xiuwang
I0118 18:14:26.759808   27802 prune.go:978] Examining ImageStream openshift/jboss-fuse70-karaf-openshift
I0118 18:14:26.759812   27802 prune.go:931] imagestream xiuwang/statefulset: tag latest: revision 2: keeping sha256:2e83b9e07e85960060096b6aff7ee202a5f52e0e18447641b080b1f3879e0901 because of --keep-tag-revisions
I0118 18:14:26.759822   27802 prune.go:931] imagestream xiuwang/statefulset: tag latest: revision 3: keeping sha256:35e6ada1215bb168d6d9aff01001438a3c35c4fcb64680be3b7f23a5f2257863 because of --keep-tag-revisions
I0118 18:14:26.759822   27802 prune.go:931] imagestream openshift/fuse7-karaf-openshift: tag 1.0: revision 1: keeping sha256:be51ee43b1596078a17756f38a0017e9338c902f9094f1ad677844d165a02d43 because of --keep-tag-revisions
I0118 18:14:26.759829   27802 prune.go:948] imagestream xiuwang/statefulset: tag latest: revision 4: deleting repository links for sha256:04b6af86b03c1836211be2589db870dba09b7811c197c47c07fbbe33c7f80ef7...
I0118 18:14:26.759834   27802 prune.go:931]

Deleting layer link sha256:74f0853ba93b37c8152648905c48965c774d5a7d2de1967aef86ef0144561f62 in repository xiuwang/statefulset
I0118 18:14:26.759841   27802 prune.go:931] imagestream openshift/fuse7-karaf-openshift: tag 1.2: revision 1: keeping sha256:13577236b039ed11e9f1070f884e9836e731944575de2ee59b290b05e08ad5f8 because of --keep-tag-revisions
Deleting layer link sha256:3f4301e72ea16f463e696c5d9227f847a9444379a0e7bae5272eceb2dff7837f in repository xiuwang/statefulset
Deleting layer link sha256:28a27ae98fb5e643ac6930366a1e2d64dfcad31f3884c7c91afdeebbb16b494c in repository xiuwang/statefulset
Deleting layer link sha256:75d355fecbea4301f4c9e3efeda0af23f14ea4947b0579300572f1c82599de5f in repository xiuwang/statefulset

Comment 9 errata-xmlrpc 2021-02-24 15:18:31 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.