Bug 2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation
Summary: samples should not go degraded when image allowedRegistries blocks imagestrea...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Samples
Version: 4.10
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.10.0
Assignee: Gabe Montero
QA Contact: Jitendar Singh
URL:
Whiteboard:
Depends On:
Blocks: 2009722
TreeView+ depends on / blocked
 
Reported: 2021-09-08 16:06 UTC by Gabe Montero
Modified: 2022-03-10 16:09 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
* Before this update, various allowed and blocked registry configuration options in the cluster image configuration might prevent the Cluster Samples Operator from creating image streams. As a result, the samples operator might mark itself as degraded, which impacted the general {product-title} install and upgrade status. + In various circumstances, the management state of the Cluster Samples Operator can transition to `Removed`. With this update, these circumstances include when the image controller configuration parameters prevent the creation of image streams by using either the default image registry or the image registry specified by the `samplesRegistry` setting. The Operator status also indicates that the cluster image configuration is preventing the creation of the sample image streams. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2002368[BZ#2002368])
Clone Of:
: 2009722 (view as bug list)
Environment:
Last Closed: 2022-03-10 16:08:57 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-samples-operator pull 394 0 None None None 2021-09-08 18:22:53 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:09:24 UTC

Description Gabe Montero 2021-09-08 16:06:26 UTC
Description of problem:

the allowed/blocked registry image config feature returns 

APIServerInvalidError

on imagestream create if the registry used for samples is not allowed.

Samples operator currently marks itself degraded when it encounters such errors, which can mess up upgrades.


Version-Release number of selected component (if applicable):


4.x

How reproducible:

always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:

Don't go degraded, but note situation in config/clusteroperator object, minimally.

Ideally, we add metric and fire alert, which is aligned with what we do with failed imports.

Additional info:

Comment 1 Gabe Montero 2021-09-08 16:07:02 UTC
Talking for now.  Working with David and Adam to decide how to partition works.

Comment 2 Gabe Montero 2021-09-15 17:58:27 UTC
Jitendar - for verification, we do not need to worry about disconnected cluster, like with the original github issue.

You can verify by configuring the allowed/blocked registry fields as described at https://docs.openshift.com/container-platform/4.8/openshift_images/image-configuration.html along with using the default samples registry overriding it and mirroring images per https://docs.openshift.com/container-platform/4.8/openshift_images/samples-operator-alt-registry.html to verify that
a) samples bootstrap as removed when the whichever registry it is pointed to (either override, or default of registry.redhat.io) is prevented by the global image configuration
b) samples boostraps as managed and installs samples when whichever registry it is pointed to is allowed by the global image configuration.

As before, since that global image configuration is covered by XiuJuan (who I have cc:ed here) feel free to coordiate with her on test cases, etc. since we are testing the integration of both these functions.

I have also cc:ed Sushanta Das, who is the QE contact with the apps services team, and is suppose to be the new QA contact for samples, replacing you :-)

Let's use this verification effort as a means of helping him get up to speed in verifying samples.

Thanks

Comment 4 Jitendar Singh 2021-10-01 09:53:41 UTC
verified

Comment 7 errata-xmlrpc 2022-03-10 16:08:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056


Note You need to log in before you can comment on or make changes to this bug.