Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-42867

HCP CLI should not directly inspect the release image

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • 4.18
    • HyperShift
    • None
    • Hypershift Sprint 261, Hypershift Sprint 262, Hypershift Sprint 263
    • 3
    • Approved
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      HCP CLI is trying to directly inspect (client side) the release image,
this cause some troubles when using it on disconnected environments because:
1. the HCP CLI client should be able to directly reach the internal mirror registry and this could require additional configuration (a proxied access to the api server of the management server is not enough)
2. the HCP CLI client should explicitly consume the pull secret of the internal mirror registry
3. the HCP CLI client should explicitly consume the internal CA used to sign the TLS cert of the internal mirror registry

      Version-Release number of selected component (if applicable):

          4.18

      How reproducible:

          100%

      Steps to Reproduce:

      1. run somthing like `hcp create cluster kubevirt --name simone2 --node-pool-replicas 2 --memory 16Gi --cores 4 --root-volume-size 64 --namespace local-cluster --release-image virthost.ostest.test.metalkube.org:5000/localimages/local-release-image@sha256:f50aca7690d197bcd2037bcb88c10237455ad61811158259496031426d9f833b` where the release-image is hosted on an internal mirror registry that cannot be directly reached from the client
2.
3.    

      Actual results:

          + /usr/bin/hcp create cluster kubevirt --etcd-storage-class=lvms-vg1 --additional-trust-bundle=/tmp/secret/registry.2.crt --network-type=OVNKubernetes --annotations=hypershift.openshift.io/control-plane-operator-image=virthost.ostest.test.metalkube.org:5000/localimages/local-release-image@sha256:15c23a901bc66844dd1290248efb7528369d8a2948111f94ecff77f0687dc93e --annotations=hypershift.openshift.io/olm-catalogs-is-registry-overrides=registry.redhat.io/redhat/certified-operator-index=virthost.ostest.test.metalkube.org:5000/olm-index/redhat-operator-index,registry.redhat.io/redhat/community-operator-index=virthost.ostest.test.metalkube.org:5000/olm-index/redhat-operator-index,registry.redhat.io/redhat/redhat-marketplace-index=virthost.ostest.test.metalkube.org:5000/olm-index/redhat-operator-index,registry.redhat.io/redhat/redhat-operator-index=virthost.ostest.test.metalkube.org:5000/olm-index/redhat-operator-index --annotations=hypershift.openshift.io/capi-provider-kubevirt-image=virthost.ostest.test.metalkube.org:5000/localimages/4.18:cluster-api-provider-kubevirt --image-content-sources /tmp/secret/mgmt_icsp.yaml --name 3da4410514f77ffa6d4d --namespace clusters --node-pool-replicas 2 --memory 16Gi --cores 4 --root-volume-size 64 --release-image virthost.ostest.test.metalkube.org:5000/localimages/local-release-image@sha256:9195b38603e8db4c63ae6241c888e690f1c2b03420de58c0de3dfe4578942f44 --pull-secret /tmp/.dockerconfigjson --generate-ssh --control-plane-availability-policy SingleReplica --infra-availability-policy SingleReplica --service-cidr 172.32.0.0/16 --cluster-cidr 10.136.0.0/14
2024-09-30T13:27:02Z	ERROR	Failed to create cluster	{"error": "failed to retrieve manifest virthost.ostest.test.metalkube.org:5000/localimages/local-release-image@sha256:9195b38603e8db4c63ae6241c888e690f1c2b03420de58c0de3dfe4578942f44: failed to create repository client for https://virthost.ostest.test.metalkube.org:5000: Get \"https://virthost.ostest.test.metalkube.org:5000/v2/\": Internal Server Error"}
github.com/openshift/hypershift/product-cli/cmd/cluster/kubevirt.NewCreateCommand.func1
	/hypershift/product-cli/cmd/cluster/kubevirt/create.go:30
github.com/spf13/cobra.(*Command).execute
	/hypershift/vendor/github.com/spf13/cobra/command.go:983
github.com/spf13/cobra.(*Command).ExecuteC
	/hypershift/vendor/github.com/spf13/cobra/command.go:1115
github.com/spf13/cobra.(*Command).Execute
	/hypershift/vendor/github.com/spf13/cobra/command.go:1039
github.com/spf13/cobra.(*Command).ExecuteContext
	/hypershift/vendor/github.com/spf13/cobra/command.go:1032
main.main
	/hypershift/product-cli/main.go:59
runtime.main
	/usr/lib/golang/src/runtime/proc.go:271
Error: failed to retrieve manifest virthost.ostest.test.metalkube.org:5000/localimages/local-release-image@sha256:9195b38603e8db4c63ae6241c888e690f1c2b03420de58c0de3dfe4578942f44: failed to create repository client for https://virthost.ostest.test.metalkube.org:5000: Get "https://virthost.ostest.test.metalkube.org:5000/v2/": Internal Server Error

      Expected results:

      No client side errors since the hcp client should not directly try to inspect the release image

      Additional info:

      This is just another instance of https://issues.redhat.com/browse/CNV-38194 that got probably re-introduced adding client-side multi-arch validation for HC/NodePool compatibility in https://github.com/openshift/hypershift/pull/4538

Appending --render --render-sensitive > hcp.yaml
and then executing oc apply -f hcp.yaml is a valid workaround because in that case the hcp client will not try to directly inspect the release image.

              Unassigned Unassigned
              stirabos Simone Tiraboschi
              Liangquan Li Liangquan Li
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: