Loading...

XML

Word

Printable

Type: Bug
Resolution: Not a Bug
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.15
Component/s: Node / CRI-O
Labels:
- triaged

Regression:
Yes
Blocked:
False
Blocked Reason:

Hide

None

Show
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

User in CNCF slack reported upgrading OKD from 4.13 to 4.15 and observed breakage in StackRox/ACS. The root cause has been narrowed down to the pod `.status.containerStatuses[].imageID` field no longer containing the image digest - which is used by StackRox to determine the specific image the container runtime deployed.

Version-Release number of selected component (if applicable):

OKD 4.15

$ oc version
Client Version: 4.15.0-0.okd-2024-03-10-010116
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: 4.15.0-0.okd-2024-03-10-010116
Kubernetes Version: v1.28.2-3598+6e2789bbd58938-dirty

$ oc get nodes -o wide
NAME                   STATUS   ROLES     AGE     VERSION           INTERNAL-IP     EXTERNAL-IP   OS-IMAGE                        KERNEL-VERSION          CONTAINER-RUNTIME
master-0.XXXXXXXXXX    Ready    master    3y45d   v1.28.7+6e2789b   172.16.12.220   <none>        Fedora CoreOS 39.20240210.3.0   6.7.4-200.fc39.x86_64   cri-o://1.28.2
master-1.XXXXXXXXXX    Ready    master    3y45d   v1.28.7+6e2789b   172.16.12.221   <none>        Fedora CoreOS 39.20240210.3.0   6.7.4-200.fc39.x86_64   cri-o://1.28.2
master-2.XXXXXXXXXX    Ready    master    3y45d   v1.28.7+6e2789b   172.16.12.222   <none>        Fedora CoreOS 39.20240210.3.0   6.7.4-200.fc39.x86_64   cri-o://1.28.2
storage-0.XXXXXXXXXX   Ready    storage   3y45d   v1.28.7+6e2789b   172.16.12.240   <none>        Fedora CoreOS 39.20240210.3.0   6.7.4-200.fc39.x86_64   cri-o://1.28.2
storage-1.XXXXXXXXXX   Ready    storage   3y45d   v1.28.7+6e2789b   172.16.12.241   <none>        Fedora CoreOS 39.20240210.3.0   6.7.4-200.fc39.x86_64   cri-o://1.28.2
storage-2.XXXXXXXXXX   Ready    storage   3y45d   v1.28.7+6e2789b   172.16.12.242   <none>        Fedora CoreOS 39.20240210.3.0   6.7.4-200.fc39.x86_64   cri-o://1.28.2
worker-0.XXXXXXXXXX    Ready    worker    3y45d   v1.28.7+6e2789b   172.16.12.230   <none>        Fedora CoreOS 39.20240210.3.0   6.7.4-200.fc39.x86_64   cri-o://1.28.2
worker-1.XXXXXXXXXX    Ready    worker    3y45d   v1.28.7+6e2789b   172.16.12.231   <none>        Fedora CoreOS 39.20240210.3.0   6.7.4-200.fc39.x86_64   cri-o://1.28.2
worker-2.XXXXXXXXXX    Ready    worker    2y45d   v1.28.7+6e2789b   172.16.12.232   <none>        Fedora CoreOS 39.20240210.3.0   6.7.4-200.fc39.x86_64   cri-o://1.28.2

How reproducible:

Steps to Reproduce:

    1.
    2.
    3.

Actual results:

$ oc get pod <pod> -o yaml
...
imageID: bfc9289dcabb18cf0bb59658a44325067f4340f3668cbaae9fa1fe21dc6bc678

Expected results:

$ oc get pod <pod> -o yaml
...
imageID: quay.io/stackrox-io/main@sha256:6b6815aa9333c3af9b0bcaa290d08b7604ddc33b88cc840ef8e0576c89418088

Additional info:

- CNCF Slack Thread: https://cloud-native.slack.com/archives/C01TDE3GK0E/p1728567181278069

- Potentially related issue: https://issues.redhat.com/browse/RFE-4608

relates to

RFE-4608 Expose digest of the image executed in a Pod

Accepted

Assignee:: Sascha Grunert

Reporter:: David Caravello

QA Contact:: Sunil Choudhary

Votes:: 3 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2024/10/21 8:14 PM

Updated:: 2024/11/04 9:22 AM

Resolved:: 2024/11/04 9:22 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates