Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: 4.22.0
Affects Version/s: 4.21, 4.22
Component/s: HyperShift
Labels:
None

Activity Type:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Important
Regression:
Yes

Target Backport Versions:

4.21.0
Target Version:

4.22
Release Blocker:
Rejected
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
In Progress
Release Note Type:
Bug Fix
Release Note Text:

Hide
*Cause*: This issue happens because hypershift contains temporary overrides for CAPI images that were hardcoded and not aware of registry configuration and therefore, always pulling from quay.io
*Consequence*: CAPI images are always pulled from quay.io and registry overrides have no effect. The rest of the payload properly applies the overrides.
*Fix*: The CAPI image override has been made aware of registry configuration and now properly follows it.
*Result*: CAPI images are downloaded from the right registry now. For this feature to work as intended in environments where registry overrides are applied, 4.20.10 images need to be mirrored to the target registry. Otherwise CAPI images will fail to be pulled and clusters will not be created.

Show
*Cause*: This issue happens because hypershift contains temporary overrides for CAPI images that were hardcoded and not aware of registry configuration and therefore, always pulling from quay.io *Consequence*: CAPI images are always pulled from quay.io and registry overrides have no effect. The rest of the payload properly applies the overrides. *Fix*: The CAPI image override has been made aware of registry configuration and now properly follows it. *Result*: CAPI images are downloaded from the right registry now. For this feature to work as intended in environments where registry overrides are applied, 4.20.10 images need to be mirrored to the target registry. Otherwise CAPI images will fail to be pulled and clusters will not be created.

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

When add HyperShift operator `--registry-overrides` flag to override image registries, the cluster-api and capi-provider deployments are not being overridden and continue pulling images from quay.io/openshift-release-dev/ocp-v4.0-art-dev` instead of the configured override registry. 
All other control plane components correctly use the overridden registry. 
This worked correctly in 4.19 and 4.20 but is broken in 4.21 and later

Version-Release number of selected component (if applicable):

How reproducible:

always

Steps to Reproduce:

    1.Deploy HyperShift on Aks
    2.Mirror OpenShift release images to ACR:
oc adm release mirror --from $RELEASE_IMAGE_LATEST --to $ACR_REPO -a $PULL_SECRET_PATH
    3.Configure HyperShift operator with registry overrides
       oc patch deployment operator -n hypershift --type=json -p='[                                            
         {                                                                                                     
           "op": "add",                                                                                        
           "path": "/spec/template/spec/containers/0/args/-",                                                  
           "value": "--registry-overrides=quay.io/openshift-release-dev/ocp-v4.0-art-dev='$ACR_REPO',quay.io   
      /openshift-release-dev/ocp-release='$ACR_REPO'"                                                            
         }                                                                                                     
       ]'
  4. Create a HostedCluster
  5. Verify deployment images in the hosted control plane namespace:
oc get deploy -n clusters-<cluster-name> -o json | \                                                    
 jq -r '.items[] | .metadata.name + " | " + .spec.template.spec.containers[0].image'

Actual results:

[capi-provider pod yaml|https://gcsweb-qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.21-amd64-nightly-azure-aks-hypershift-registry-overrides-guest-f7/2011706395962904576/artifacts/azure-aks-hypershift-registry-overrides-guest-f7/dump/artifacts/namespaces/clusters-356b04e96ea8e61b0cdf/core/pods/capi-provider-866456b576-rjs4j.yaml]
Only initContainers image has been overrided.
[cluster-api pod yaml|https://gcsweb-qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.21-amd64-nightly-azure-aks-hypershift-registry-overrides-guest-f7/2011706395962904576/artifacts/azure-aks-hypershift-registry-overrides-guest-f7/dump/artifacts/namespaces/clusters-356b04e96ea8e61b0cdf/core/pods/cluster-api-898cb5d8b-4fwdf.yaml]

The two deploy still use quay.io, but not overrided registry

Expected results:

All deployments in the hosted control plane namespace, including `cluster-api` and `capi-provider`, should use images from the override registry (`preservehypershiftaks.azurecr.io/release-xxxxx`).

Additional info:


[dump log|https://gcsweb-qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.21-amd64-nightly-azure-aks-hypershift-registry-overrides-guest-f7/2011706395962904576/artifacts/azure-aks-hypershift-registry-overrides-guest-f7/dump/]

links to

openshift/hypershift#7575: OCPBUGS-74247: CAPI image overrides aware of registry config

Assignee:: Borja Clemente Castanera

Reporter:: XiuJuan Wang

Need Info From:: None

Contributors:: None

QA Contact:: XiuJuan Wang

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2026/01/22 6:24 AM

Updated:: 2026/02/02 4:41 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates