-
Bug
-
Resolution: Duplicate
-
Undefined
-
None
-
4.14
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
Important
-
No
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
A cluster installed with limited capabilites does not create an entry for the image-registries' defaultRoute in a projects default serviceaccount pull-secret.
Version-Release number of selected component (if applicable):
4.14.1
How reproducible:
100%
Steps to Reproduce:
1. Create a cluster with disabled build, deploymentconfig, insights and openshift-samples capabilities:
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.14.1 True False 79s Cluster version is 4.14.1
$ oc get clusterversion/version -o yaml|yq '.status.capabilities'
enabledCapabilities:
- CSISnapshot
- Console
- ImageRegistry
- MachineAPI
- NodeTuning
- Storage
- baremetal
- marketplace
knownCapabilities:
- Build <-- disabled
- CSISnapshot
- Console
- DeploymentConfig <-- disabled
- ImageRegistry
- Insights <-- disabled
- MachineAPI
- NodeTuning
- Storage
- baremetal
- marketplace
- openshift-samples <-- disabled
2. expose the internal registry:
$ oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
config.imageregistry.operator.openshift.io/cluster patched
3. create a project and verify the default serviceaccount secret misses an entry for the defaultRoute:
$ oc new-project test
Now using project "test" on server "https://api.example.com:6443".
<...>
$ oc get secret default-dockercfg-hj27t -o 'jsonpath={.data.*}' | base64 -d | jq 'keys'
[
"172.30.200.218:5000",
"image-registry.openshift-image-registry.svc.cluster.local:5000",
"image-registry.openshift-image-registry.svc:5000"
]
Actual results:
missing entry for the internal registries' defaultRoute
Expected results:
A cluster created with all capabilities enabled creates the entry:
$ oc get clusterversion version -o yaml|yq '.status.capabilities'
enabledCapabilities:
- Build
- CSISnapshot
- Console
- DeploymentConfig
- ImageRegistry
- Insights
- MachineAPI
- NodeTuning
- Storage
- baremetal
- marketplace
- openshift-samples
knownCapabilities:
- Build
- CSISnapshot
- Console
- DeploymentConfig
- ImageRegistry
- Insights
- MachineAPI
- NodeTuning
- Storage
- baremetal
- marketplace
- openshift-samples
$ oc new-project test
Now using project "test" on server "https://api.example.com:6443".
<...>
$ oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge
config.imageregistry.operator.openshift.io/cluster patched
$ oc get route -n openshift-image-registry
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
default-route default-route-openshift-image-registry.apps.example.com image-registry <all> reencrypt None
$ oc get secret default-dockercfg-n8n4g -o 'jsonpath={.data.*}' | base64 -d | jq 'keys'
[
"172.30.241.170:5000",
"default-route-openshift-image-registry.apps.example.com", <----
"image-registry.openshift-image-registry.svc.cluster.local:5000",
"image-registry.openshift-image-registry.svc:5000"
]
Additional info:
Even after enabling the capabilities no entry is created:
$ oc patch clusterversion/version --type merge -p '{"spec":{"capabilities":{"additionalEnabledCapabilities":["openshift-samples", "Build", "DeploymentConfig", "Insights"]}}}'
$ oc get secret default-dockercfg-hj27t -o 'jsonpath={.data.*}' | base64 -d | jq 'keys'
[
"172.30.200.218:5000",
"image-registry.openshift-image-registry.svc.cluster.local:5000",
"image-registry.openshift-image-registry.svc:5000"
]
Neither does setting the baselineCapabilitySet to v4.14:
$ oc patch clusterversion version --type merge -p '{"spec":{"capabilities":{"baselineCapabilitySet":"v4.14"}}}'
clusterversion.config.openshift.io/version patched
- duplicates
-
-
- Closed
-
