Not sure which component this bug should be associated with.
I am not even sure if importing respects ImageTagMirrorSet.
We could not figure out in the slack conversion.
https://redhat-internal.slack.com/archives/C013VBYBJQH/p1709583648013199
Description of problem:
The expecting behaviour of ImageTagMirrorSet of redirecting the pulling of a proxy to quay.io did not work out.
Version-Release number of selected component (if applicable):
oc --context build02 get clusterversion version NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.16.0-ec.3 True False 7d4h
Steps to Reproduce:
oc --context build02 get ImageTagMirrorSet quay-proxy -o yaml
apiVersion: config.openshift.io/v1
kind: ImageTagMirrorSet
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"config.openshift.io/v1","kind":"ImageTagMirrorSet","metadata":{"annotations":{},"name":"quay-proxy"},"spec":{"imageTagMirrors":[{"mirrors":["quay.io/openshift/ci"],"source":"quay-proxy.ci.openshift.org/openshift/ci"}]}}
creationTimestamp: "2024-03-05T03:49:59Z"
generation: 1
name: quay-proxy
resourceVersion: "4895378740"
uid: 69fb479e-85bd-4a16-a38f-29b08f2636c3
spec:
imageTagMirrors:
- mirrors:
- quay.io/openshift/ci
source: quay-proxy.ci.openshift.org/openshift/ci
oc --context build02 tag --source docker quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest hongkliu-test/proxy-test-2:011 --as system:admin
Tag proxy-test-2:011 set to quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest.
oc --context build02 get is proxy-test-2 -o yaml
apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
annotations:
openshift.io/image.dockerRepositoryCheck: "2024-03-05T20:03:02Z"
creationTimestamp: "2024-03-05T20:03:02Z"
generation: 2
name: proxy-test-2
namespace: hongkliu-test
resourceVersion: "4898915153"
uid: f60b3142-1f5f-42ae-a936-a9595e794c05
spec:
lookupPolicy:
local: false
tags:
- annotations: null
from:
kind: DockerImage
name: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
generation: 2
importPolicy:
importMode: Legacy
name: "011"
referencePolicy:
type: Source
status:
dockerImageRepository: image-registry.openshift-image-registry.svc:5000/hongkliu-test/proxy-test-2
publicDockerImageRepository: registry.build02.ci.openshift.org/hongkliu-test/proxy-test-2
tags:
- conditions:
- generation: 2
lastTransitionTime: "2024-03-05T20:03:02Z"
message: 'Internal error occurred: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest:
Get "https://quay-proxy.ci.openshift.org/v2/": EOF'
reason: InternalError
status: "False"
type: ImportSuccess
items: null
tag: "011"
Actual results:
The status of the stream shows that it still tries to connect to quay-proxy.
Expected results:
The request goes to quay.io directly.
Additional info:
The proxy has been shut down completely just to simplify the case. If it was on, there are Access logs showing the proxy get the requests for the image. oc scale deployment qci-appci -n ci --replicas 0 deployment.apps/qci-appci scaled I also checked the pull secret in the namespace and it has correct pull credentials to both proxy and quay.io.
- clones
-
OCPBUGS-30279 Do imports on imagestreams respect ImageTagMirrorSet?
-
- Verified
-
- depends on
-
-
- Verified
-
- is cloned by
-
-
- Verified
-
- is depended on by
-
-
- Verified
-
- links to
-
RHBA-2024:1887
OpenShift Container Platform 4.15.z bug fix update
