Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: quay-v3.7.9
Affects Version/s: quay-v3.4.3
Component/s: container-security-operator
Labels:
- bugreviewed
- triaged

Blocked:
False
Ready:
False
Epic Link:
CSO disconnected support
Product:
Quay Enterprise
Release Note Text:
Undefined
Git Pull Request:
https://github.com/quay/container-security-operator/pull/78

RICE Score:
0

Target Version:

quay-v3.7.9

SFDC Cases Links:
SFDC Cases Counter:

Description

In a disconnected environment the CSO would not be able to query information from containers provided by registry.redhat.io as this is restricted.

CRIO makes use of settings in `/etc/containers/registries.conf` where mirrors for the images are defined. CSO should make use of the same, in order to reach out for a local registry instead the upstream one.

Squid-log 192.168.4.83 being the worker node:
Date	IP	Status	Address	User	Destination
12.02.2021 16:15:40	192.168.4.83	TCP_DENIED/403	quay.io:443	-	-
12.02.2021 16:15:40	192.168.4.83	TCP_DENIED/403	quay.io:443	-	-
12.02.2021 16:15:40	192.168.4.83	TCP_DENIED/403	quay.io:443	-	-
12.02.2021 16:15:40	192.168.4.83	TCP_DENIED/403	quay.io:443	-	-
12.02.2021 16:15:40	192.168.4.83	TCP_DENIED/403	quay.io:443	-	-
12.02.2021 16:15:40	192.168.4.83	TCP_DENIED/403	registry.redhat.io:443	-	-

Pod log:
2021-02-12T15:15:40.008116068Z level=error msg="Failed to sync layer data" key=openshift-pipelines/tekton-pipelines-webhook-7646dc6967-5bjwq err="Get \"https://registry.redhat.io/.well-known/app-capabilities\": Forbidden"
2021-02-12T15:15:40.394122636Z level=error msg="Failed to sync layer data" key=openshift-dns/dns-default-rkl7k err="Get \"https://quay.io/.well-known/app-capabilities\": Forbidden"
2021-02-12T15:15:40.460490521Z level=error msg="Failed to sync layer data" key=openshift-dns/dns-default-rkl7k err="Get \"https://quay.io/.well-known/app-capabilities\": Forbidden"
2021-02-12T15:15:40.580388625Z level=error msg="Failed to sync layer data" key=openshift-dns/dns-default-rkl7k err="Get \"https://quay.io/.well-known/app-capabilities\": Forbidden"
2021-02-12T15:15:40.864098984Z level=error msg="Failed to sync layer data" key=openshift-multus/multus-admission-controller-xwzxd err="Get \"https://quay.io/.well-known/app-capabilities\": Forbidden"
2021-02-12T15:15:40.965120716Z level=error msg="Failed to sync layer data" key=openshift-multus/multus-admission-controller-xwzxd err="Get \"https://quay.io/.well-known/app-capabilities\": Forbidden"