Not sure which component this bug should be associated with.
I am not even sure if importing respects ImageTagMirrorSet.
We could not figure out in the slack conversion.
https://redhat-internal.slack.com/archives/C013VBYBJQH/p1709583648013199
Description of problem:
The expecting behaviour of ImageTagMirrorSet of redirecting the pulling of a proxy to quay.io did not work out.
Version-Release number of selected component (if applicable):
oc --context build02 get clusterversion version NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.16.0-ec.3 True False 7d4h
Steps to Reproduce:
oc --context build02 get ImageTagMirrorSet quay-proxy -o yaml apiVersion: config.openshift.io/v1 kind: ImageTagMirrorSet metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"config.openshift.io/v1","kind":"ImageTagMirrorSet","metadata":{"annotations":{},"name":"quay-proxy"},"spec":{"imageTagMirrors":[{"mirrors":["quay.io/openshift/ci"],"source":"quay-proxy.ci.openshift.org/openshift/ci"}]}} creationTimestamp: "2024-03-05T03:49:59Z" generation: 1 name: quay-proxy resourceVersion: "4895378740" uid: 69fb479e-85bd-4a16-a38f-29b08f2636c3 spec: imageTagMirrors: - mirrors: - quay.io/openshift/ci source: quay-proxy.ci.openshift.org/openshift/ci oc --context build02 tag --source docker quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest hongkliu-test/proxy-test-2:011 --as system:admin Tag proxy-test-2:011 set to quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest. oc --context build02 get is proxy-test-2 -o yaml apiVersion: image.openshift.io/v1 kind: ImageStream metadata: annotations: openshift.io/image.dockerRepositoryCheck: "2024-03-05T20:03:02Z" creationTimestamp: "2024-03-05T20:03:02Z" generation: 2 name: proxy-test-2 namespace: hongkliu-test resourceVersion: "4898915153" uid: f60b3142-1f5f-42ae-a936-a9595e794c05 spec: lookupPolicy: local: false tags: - annotations: null from: kind: DockerImage name: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest generation: 2 importPolicy: importMode: Legacy name: "011" referencePolicy: type: Source status: dockerImageRepository: image-registry.openshift-image-registry.svc:5000/hongkliu-test/proxy-test-2 publicDockerImageRepository: registry.build02.ci.openshift.org/hongkliu-test/proxy-test-2 tags: - conditions: - generation: 2 lastTransitionTime: "2024-03-05T20:03:02Z" message: 'Internal error occurred: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest: Get "https://quay-proxy.ci.openshift.org/v2/": EOF' reason: InternalError status: "False" type: ImportSuccess items: null tag: "011"
Actual results:
The status of the stream shows that it still tries to connect to quay-proxy.
Expected results:
The request goes to quay.io directly.
Additional info:
The proxy has been shut down completely just to simplify the case. If it was on, there are Access logs showing the proxy get the requests for the image. oc scale deployment qci-appci -n ci --replicas 0 deployment.apps/qci-appci scaled I also checked the pull secret in the namespace and it has correct pull credentials to both proxy and quay.io.
- clones
-
OCPBUGS-30279 Do imports on imagestreams respect ImageTagMirrorSet?
- Closed
- depends on
-
OCPBUGS-30279 Do imports on imagestreams respect ImageTagMirrorSet?
- Closed
- is cloned by
-
OCPBUGS-31509 4.14 Do imports on imagestreams respect ImageTagMirrorSet?
- Closed
- is depended on by
-
OCPBUGS-31509 4.14 Do imports on imagestreams respect ImageTagMirrorSet?
- Closed
- links to
-
RHBA-2024:1887 OpenShift Container Platform 4.15.z bug fix update