Description of problem: When working with disconnected environments, sometimes you need to define multiple ImageContentSourcePolicies, some of them are used by apps/manifests that don't use digests when pulling the images. Currently, all configurations are added with the mirror-by-digest-only property set to true. It will be nice if this property could be configured using the ImageContentSourcePolicy. Version-Release number of selected component (if applicable): 4.6.X but I believe it affects any 4.X release which supports ICSPs. How reproducible: Always. Steps to Reproduce: 1. Create an ICSP 2. In the OCP nodes check the file /etc/containers/registries.conf 3. Registries will be configured with "mirror-by-digest-only = true" Actual results: Workloads using image tags rather than image digests will not pull the images from the mirror. Expected results: Workloads using image tags whose their mirror has been configured with "mirror-by-digest-only = false" should be able to pull the image from that mirror. Additional info: https://github.com/openshift/api/issues/636
To my knowledge the ImageContentSourcePolicies API is owned by node team. Moving over.
The current development preview version of the OpenShift Assisted Installer pulls images by tag, not by digest, which renders installs initiated through it to not proceed. Restricted network installations, which ones that are not able to pull content from Red Hat registries (registry.redhat.io, quay.io) directly, are unable to proceed. Setting /etc/containers/registries.conf via a machineconfig leveraging ImageContentSourcePolicies during installation appears to be overwritten by the MCO to be true, despite being set to false in the initial ignition. The only workaround I found was to overwrite pulling by digest from true to false in registries.conf, which allows the installation to proceed. We really need a way to overwrite this behavior.
Jira card for the RFE: https://issues.redhat.com/browse/RFE-676 Marking as closed.
*** Bug 1957337 has been marked as a duplicate of this bug. ***