Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-28976

[OLMv1] the imagePullPolicy of bundle pod should be "Always" instead of "IfNotPresent"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 4.15.0
    • OLM
    • Important
    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      As the end user, I used the tag instead of digest for the bundle image so that I don't need to update the `catalog` if any updates, as follows,

      jiazha-mac:~ jiazha$ cat catalog/index.yaml 
defaultChannel: "candidate-v1.0"
...
---
image: quay.io/olmqe/nginx-operator-bundle:v0.0.1
name: nginx-operator.v0.0.1
package: nginx-operator
properties:
- type: olm.bundle.mediatype
  value: "registry+v1"
- type: olm.package
  value:
    packageName: nginx-operator
    version: 0.0.1
schema: olm.bundle
---

      But, the "IfNotPresent" imagePullPolicy of the bundle pod couldn't take the bundle image updates. If the previous bundle images have a problem, the users have to retag the bundle image and rebuild the catalog image or remove the preserved old image in the node manually.  That's not a good experience. The pain points are as follows,

      1, the "IfNotPresent" imagePullPolicy always uses the old bundle image even if there are updates on it.

            - lastTransitionTime: "2024-02-05T07:25:24Z"
    message: 'Failed to unpack the nginx-test-2jzxs1txpexrnyim9qut1b8067n0rvgd62zl33ejj
      Bundle: convert registry+v1 bundle to plain+v0 bundle: readfile metadata/annotations.yaml:
      file does not exist'
    reason: UnpackFailed
    status: "False"
    type: HasValidBundle

      2, there is no exact image digest display on the problemed bundle, the end user cannot get the exact image they used. As follows,

       

      jiazha-mac:operator-framework-rukpak jiazha$ oc get bundle  nginx-test-2jzxs1txpexrnyim9qut1b8067n0rvgd62zl33ejj  -o yaml
apiVersion: core.rukpak.io/v1alpha1
kind: Bundle
metadata:
  creationTimestamp: "2024-02-05T07:25:21Z"
  finalizers:
  - core.rukpak.io/delete-cached-bundle
  generation: 1
  labels:
    core.rukpak.io/bundle-template-hash: 2jzxs1txpexrnyim9qut1b8067n0rvgd62zl33ejjca7
    core.rukpak.io/owner-kind: BundleDeployment
    core.rukpak.io/owner-name: nginx-test
  name: nginx-test-2jzxs1txpexrnyim9qut1b8067n0rvgd62zl33ejj
  ownerReferences:
  - apiVersion: core.rukpak.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: BundleDeployment
    name: nginx-test
    uid: dc1dd96b-d235-4aab-9446-563e58b2f0ef
  resourceVersion: "347445"
  uid: 377235c6-bc57-4d0d-927f-a865b19bff6d
spec:
  provisionerClassName: core-rukpak-io-registry
  source:
    image:
      ref: quay.io/olmqe/nginx-operator-bundle:v0.0.1
    type: image
status:
  conditions:
  - lastTransitionTime: "2024-02-05T07:25:21Z"
    message: 'convert registry+v1 bundle to plain+v0 bundle: readfile metadata/annotations.yaml:
      file does not exist'
    reason: UnpackFailed
    status: "False"
    type: Unpacked
  observedGeneration: 1
  phase: Failing

      Version-Release number of selected component (if applicable):

      4.15.0

      How reproducible:

      always

      Steps to Reproduce:

          1. create a problems bundle image, which lack of the metadata files.
jiazha-mac:~ jiazha$ tree nginx
nginx
├── Dockerfile
├── manifests
│   ├── nginx-operator-controller-manager-metrics-service_v1_service.yaml
│   ├── nginx-operator-manager-config_v1_configmap.yaml
│   ├── nginx-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml
│   ├── nginx-operator.clusterserviceversion.yaml
│   └── olm.example.com_nginxolms.yaml


jiazha-mac:nginx jiazha$ docker buildx build . --push --platform linux/amd64,linux/arm64,linux/ppc64le,linux/s390x -t quay.io/olmqe/nginx-operator-bundle:v0.0.1
...

    2. build catalog image.
    3. deploy it on the cluser. It failed as expected.
jiazha-mac:~ jiazha$ cat catalog.yaml 
apiVersion: catalogd.operatorframework.io/v1alpha1
kind: Catalog
metadata:
  name: nginx-catalog
spec:
  source:
    type: image
    image:
      ref: quay.io/olmqe/nginx-operator-index:v1
jiazha-mac:~ jiazha$ cat operator.yaml 
apiVersion: operators.operatorframework.io/v1alpha1
kind: Operator
metadata:
  name: nginx-test
spec:
  packageName: nginx-operator
  channel: candidate-v0.0
  version: "0.0.1"

jiazha-mac:operator-framework-rukpak jiazha$ oc get operator.operators.operatorframework.io nginx-test -o yaml
apiVersion: operators.operatorframework.io/v1alpha1
kind: Operator
metadata:
  creationTimestamp: "2024-02-05T07:25:21Z"
  generation: 1
  name: nginx-test
  resourceVersion: "347389"
  uid: 28315a4d-cf9f-45f0-84e7-1577add5d2fd
spec:
  channel: candidate-v0.0
  packageName: nginx-operator
  upgradeConstraintPolicy: Enforce
  version: 0.0.1
status:
  conditions:
  - lastTransitionTime: "2024-02-05T07:25:21Z"
    message: resolved to "quay.io/olmqe/nginx-operator-bundle:v0.0.1"
    observedGeneration: 1
    reason: Success
    status: "True"
    type: Resolved
  - lastTransitionTime: "2024-02-05T07:25:21Z"
    message: bundledeployment status is unknown
    observedGeneration: 1
    reason: InstallationStatusUnknown
    status: Unknown
    type: Installed
  resolvedBundleResource: quay.io/olmqe/nginx-operator-bundle:v0.0.1

jiazha-mac:operator-framework-rukpak jiazha$ oc get bd nginx-test -o yaml
apiVersion: core.rukpak.io/v1alpha1
kind: BundleDeployment
metadata:
  creationTimestamp: "2024-02-05T07:25:21Z"
  generation: 2
  name: nginx-test
  ownerReferences:
  - apiVersion: operators.operatorframework.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: Operator
    name: nginx-test
    uid: 28315a4d-cf9f-45f0-84e7-1577add5d2fd
  resourceVersion: "347446"
  uid: dc1dd96b-d235-4aab-9446-563e58b2f0ef
spec:
  provisionerClassName: core-rukpak-io-plain
  template:
    metadata: {}
    spec:
      provisionerClassName: core-rukpak-io-registry
      source:
        image:
          ref: quay.io/olmqe/nginx-operator-bundle:v0.0.1
        type: image
status:
  conditions:
  - lastTransitionTime: "2024-02-05T07:25:24Z"
    message: 'Failed to unpack the nginx-test-2jzxs1txpexrnyim9qut1b8067n0rvgd62zl33ejj
      Bundle: convert registry+v1 bundle to plain+v0 bundle: readfile metadata/annotations.yaml:
      file does not exist'
    reason: UnpackFailed
    status: "False"
    type: HasValidBundle
  observedGeneration: 2

4, fix the bundle image and redeploy it.
jiazha-mac:nginx jiazha$ docker buildx build . --push --platform linux/amd64,linux/arm64,linux/ppc64le,linux/s390x -t quay.io/olmqe/nginx-operator-bundle:v0.0.1
...    

      Actual results:

      Still get the same error due to the bundle pod still reading the previously issued bundle image. It's really confusing and not UX for the end user.

          jiazha-mac:~ jiazha$ oc get pods  nginx-test-2jzxs1txpexrnyim9qut1b8067n0rvgd62zl33ejj -o yaml
apiVersion: v1
kind: Pod
...
  containers:
  - command:
    - /bin/unpack
    - --bundle-dir
    - /
    image: quay.io/olmqe/nginx-operator-bundle:v0.0.1
    imagePullPolicy: IfNotPresent
    name: bundle
    resources: {}
...

      Expected results:

      Use the "Always" instead of the "IfNotPresent" imagePullPolicy for the bundle unpack pod so that the end user can update their operators/bundles easily.

      Additional info:

            krizza@redhat.com Kevin Rizza
            rhn-support-jiazha Jian Zhang
            Jian Zhang Jian Zhang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: