Description of problem: Assisted Installer Operator CSV related images should be digests in order to properly mirror images in a disconnected environment. ICSP requires digests to properly translate images to a local registry. Version-Release number of selected component (if applicable): Latest operator bundle from last Thursday (https://quay.io/repository/ocpmetal/assisted-service-operator-bundle?tab=tags) How reproducible: 100% Steps to Reproduce: 1. Deploy OCP in a disconnected environment 2. Mirror latest ai operator bundle 3. Try to deploy AI instance Actual results: AI pods fail pull images as they are trying pull via tags, while the ICSP only respects digests. Expected results: AI instance deploys correctly Additional info: oc get csv assisted-service-operator.v0.0.1 -o yaml | grep image: image: quay.io/ocpmetal/assisted-service:latest image: registry.access.redhat.com/ubi8/ubi-minimal:latest image: quay.io/openshift/origin-cli:latest - image: quay.io/ocpmetal/ocp-metal-ui:latest image: quay.io/openshift/origin-cli:latest image: quay.io/openshift/origin-cli:latest image: quay.io/ocpmetal/postgresql-12-centos7 image: quay.io/openshift/origin-cli:latest
*** Bug 1907666 has been marked as a duplicate of this bug. ***
Our work around for testing at the moment is: - pull and extract the operator bundle - Mirror images from the csv to local registry and to replace the image path with the local registry in the csv - Recreate the operator bundle with updated csv and push to local registry - Create new index image pointing to local operator - Create catalog source If the image in the csv had a digest instead of a tag I believe an icsp would cover everything
This one has been verified. The Assisted Service operator upstream image can be built manually and include digests with the following: `IMAGES_BY_DIGEST=true make operator-bundle-build` The ACM downstream build including Assisted Service operator already has the digests included, which is the main build we are focusing on.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438