- Description of problem: Triggering updates on image stream changes does not work as expected configuring triggers on resources using annotations. - Version-Release number of selected component (if applicable): ~~~ $ oc version Client Version: 4.8.0-202108312109.p0.git.0d10c3f.assembly.stream-0d10c3f Server Version: 4.8.11 Kubernetes Version: v1.21.1+9807387 ~~~ - How reproducible: 100% - Steps to Reproduce: ~~~ // Create the project $ oc adm new-project 03149630 --node-selector="" // Import the image reproducer-03149630 with tag v1.1 $ oc import-image reproducer-03149630:v1.1 -n 03149630 --from=quay.io/gmeghnag/reproducer-03149630:v1.1 --confirm // Tag image reproducer-03149630:v1.1 as reproducer-03149630:latest $ oc tag reproducer-03149630:v1.1 reproducer-03149630:latest // (Optional, for debugging) Get IsTag dockerImageReference digest $ oc get istag reproducer-03149630:latest -o jsonpath="{.image.dockerImageReference}" // Create DaemonSet resource that use the image: image-registry.openshift-image-registry.svc:5000/03149630/reproducer-03149630:latest $ curl -sk https://gist.githubusercontent.com/gmeghnag/f3cc8124dd29fec55f80b7e85464fda9/raw/726faa7b585c285007339a2b28e18f680fd5d7b0/reproducer-03149630.yaml | oc apply -f - // Allow some time for the resource to be created $ sleep 10 // Import the image reproducer-03149630 with tag v1.2 $ oc import-image reproducer-03149630:v1.2 -n 03149630 --from=quay.io/gmeghnag/reproducer-03149630:v1.2 --confirm // Tag image reproducer-03149630:v1.2 as reproducer-03149630:latest $ oc tag reproducer-03149630:v1.2 reproducer-03149630:latest // (Optional, for debugging) Get IsTag dockerImageReference digest $ oc get istag reproducer-03149630:latest -o jsonpath="{.image.dockerImageReference}" // ! HERE THE IMAGE REFERENCED INSIDE THE DAEMONSET RESOURCE SHOULD BE CHANGED BUT NOTHING HAPPEN ! $ oc get pods -o jsonpath="{.items[0].status.containerStatuses[0].imageID}" ~~~ - Actual results: Image is not changed - Expected results: Image should change - Additional info: Documentation followed [1] [1] https://docs.openshift.com/container-platform/4.8/openshift_images/triggering-updates-on-imagestream-changes.html
Also verified on this version: Client Version: 4.8.22 Server Version: 4.8.17 Kubernetes Version: v1.21.1+6438632
Image trigger works on Daemonset, but not statefulset, oc new-project 03149630 $ oc import-image reproducer-03149630:v1.1 -n 03149630 --from=quay.io/gmeghnag/reproducer-03149630:v1.1 --confirm $ oc tag reproducer-03149630:v1.1 reproducer-03149630:latest $ oc get istag reproducer-03149630:latest -o jsonpath="{.image.dockerImageReference}" Create statefulset resource that use the image: image-registry.openshift-image-registry.svc:5000/03149630/reproducer-03149630:latest - apiVersion: apps/v1 kind: StatefulSet metadata: name: "${NAME}" namespace: "${NAMESPACE}" spec: serviceName: example-statefulset replicas: 3 selector: matchLabels: app: example-statefulset template: metadata: labels: app: example-statefulset spec: terminationGracePeriodSeconds: 10 containers: - name: reproducer-03149630 image: image-registry.openshift-image-registry.svc:5000/03149630/reproducer-03149630:latest imagePullPolicy: Always resources: {} terminationMessagePath: /dev/termination-log serviceAccount: default terminationGracePeriodSeconds: 10 parameters: - name: NAME - name: NAMESPACE $oc process -f statefulset.yaml -p NAME=test -p NAMESPACE=03149630 | oc create -f - // Allow some time for the resource to be created $ sleep 10 // Import the image reproducer-03149630 with tag v1.2 $ oc import-image reproducer-03149630:v1.2 -n 03149630 --from=quay.io/gmeghnag/reproducer-03149630:v1.2 --confirm // Tag image reproducer-03149630:v1.2 as reproducer-03149630:latest $ oc tag reproducer-03149630:v1.2 reproducer-03149630:latest // (Optional, for debugging) Get IsTag dockerImageReference digest $ oc get istag reproducer-03149630:latest -o jsonpath="{.image.dockerImageReference}" // ! HERE THE IMAGE REFERENCED INSIDE THE DAEMONSET RESOURCE SHOULD BE CHANGED BUT NOTHING HAPPEN ! $ oc get pods -o jsonpath="{.items[0].status.containerStatuses[0].imageID}" The statefulsetc pod don't fetch the new image $oc get statefulset/test -o jsonpath="{..spec.containers[0]}" | jq { "image": "image-registry.openshift-image-registry.svc:5000/03149630/reproducer-03149630:latest", "imagePullPolicy": "Always", "name": "reproducer-03149630", "resources": {}, "terminationMessagePath": "/dev/termination-log", "terminationMessagePolicy": "File" }
To enable triggers, you need to add the annotation: metadata: annotations: image.openshift.io/triggers: |- [ { "from": { "kind": "ImageStreamTag", "name": "reproducer-03149630:latest" }, "fieldPath": "spec.template.spec.containers[0].image" } ] It seems it works with the annotation, isn't it?
sorry, I make mistake, the annotation works for statefulset.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399