Description of problem:
the allowed/blocked registry image config feature returns
on imagestream create if the registry used for samples is not allowed.
Samples operator currently marks itself degraded when it encounters such errors, which can mess up upgrades.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Don't go degraded, but note situation in config/clusteroperator object, minimally.
Ideally, we add metric and fire alert, which is aligned with what we do with failed imports.
Talking for now. Working with David and Adam to decide how to partition works.
Jitendar - for verification, we do not need to worry about disconnected cluster, like with the original github issue.
You can verify by configuring the allowed/blocked registry fields as described at https://docs.openshift.com/container-platform/4.8/openshift_images/image-configuration.html along with using the default samples registry overriding it and mirroring images per https://docs.openshift.com/container-platform/4.8/openshift_images/samples-operator-alt-registry.html to verify that
a) samples bootstrap as removed when the whichever registry it is pointed to (either override, or default of registry.redhat.io) is prevented by the global image configuration
b) samples boostraps as managed and installs samples when whichever registry it is pointed to is allowed by the global image configuration.
As before, since that global image configuration is covered by XiuJuan (who I have cc:ed here) feel free to coordiate with her on test cases, etc. since we are testing the integration of both these functions.
I have also cc:ed Sushanta Das, who is the QE contact with the apps services team, and is suppose to be the new QA contact for samples, replacing you :-)
Let's use this verification effort as a means of helping him get up to speed in verifying samples.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.