Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.12.z
Component/s: OpenShift Update Service / operator
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Low
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

While reconciling a UpdateService, the OSUS Operator creates a graph-data-tag-digest Pod to resolve a potentially tag pullspec to a digest one. But there seems to be no mechanism in place to allow two UpdateService instances to exist at the same time, so one of the instances may end up using incorrect data

Version-Release number of selected component (if applicable):

5.0.3

How reproducible:

Always

Steps to Reproduce:

1. Create two UpdateService with different .spec.graphDataImage images
2. Inspect the updateservice.operator.openshift.io/graph-data-image annotation on on the Deployment instances:

oc get deployment another-sample -o yaml | yq '.spec.template.metadata.annotations["updateservice.operator.openshift.io/graph-data-image"]'

Actual results:

❯ oc get updateservice sample -o yaml | yq .spec.graphDataImage
quay.io/petr-muller/cincinnati-graph-data-container:master
❯ oc get updateservice another-sample -o yaml | yq .spec.graphDataImage
quay.io/petr-muller/cincinnati-graph-data-container:20250826

=> different graph data images

❯ skopeo inspect docker://quay.io/petr-muller/cincinnati-graph-data-container:master | jq -r '.Digest'
sha256:e7b568bf2521815e7be5b0684a86df01e269828b90fe7d9517ee0b51663a9bf3
❯ skopeo inspect docker://quay.io/petr-muller/cincinnati-graph-data-container:20250826 | jq -r '.Digest'
sha256:1e72623f18747ed3bcf07558ba4ac88372231ab36126126e99718c25b9d4a55e

=> with different digests

❯ oc get deployment sample -o yaml | yq '.spec.template.metadata.annotations["updateservice.operator.openshift.io/graph-data-image"]'
quay.io/petr-muller/cincinnati-graph-data-container@sha256:e7b568bf2521815e7be5b0684a86df01e269828b90fe7d9517ee0b51663a9bf3
❯ ota-stage get deployment another-sample -o yaml | yq '.spec.template.metadata.annotations["updateservice.operator.openshift.io/graph-data-image"]'
quay.io/petr-muller/cincinnati-graph-data-container@sha256:e7b568bf2521815e7be5b0684a86df01e269828b90fe7d9517ee0b51663a9bf3

=> identical annotation (meaning it is wrong on the another-sample one, leading to missed graph data updates if quay.io/petr-muller/cincinnati-graph-data-container:20250826 is tagged to a different image

Expected results:

There are two separate Pods, and the annotations on the deployments match the digests of the .spec.graphDataImage

Additional info:

Seems like rare scenario so low severity

duplicates

OTA-985 OSUS should handle multiple by-tag UpdateServices

To Do

Assignee:: Unassigned

Reporter:: Petr Muller

Need Info From:: None

Contributors:: None

QA Contact:: Jia Liu

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2025/08/26 5:06 PM

Updated:: 2025/09/23 11:37 AM

Details

Description

Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide