Loading...

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: quay-v3.6.0
Affects Version/s: quay-v3.6.0
Component/s: quay-operator
Labels:
- quay-enterprise
- triaged

Blocked:
False
Ready:
False
Release Note Text:
Undefined
Git Pull Request:
https://github.com/quay/quay-operator/pull/503
Market:

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Description:

This is an issue found when deploy Quay 3.6.0 with Quay Operator, with managed Clair Component, after push image to quay, Clair was unable to scan image vulnerability, checked Clair App POD logs, get certificate error message "x509: certificate is valid for *.apps.quay-731.qe.devcluster.openshift.com, not quayregistry-quay-quay-enterprise.router-default.apps.quay-731.qe.devcluster.openshift.com","time":"2021-07-28T10:56:45Z","message":"layers fetch failure"", see detailed Clair App POD logs.

Note: Clair image is quay-clair-container-v3.6.0-27

https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1676152

Quay is unable to show image vulnerability

oc get pod
NAME                                               READY   STATUS      RESTARTS   AGE
quay-operator.v3.6.0-7495d9cd8f-b9vzt              1/1     Running     0          8h
quayregistry-clair-app-6574f7777-gl6j7             1/1     Running     0          8h
quayregistry-clair-app-6574f7777-png9s             1/1     Running     0          8h
quayregistry-clair-postgres-6486dc45b7-hrgk8       1/1     Running     1          8h
quayregistry-quay-app-5ccb4c9d4f-hqc4q             0/1     Running     1          8h
quayregistry-quay-app-5ccb4c9d4f-mrvwd             1/1     Running     1          8h
quayregistry-quay-app-upgrade-bnkz2                0/1     Completed   0          8h
quayregistry-quay-config-editor-86cc686c68-k5r4r   1/1     Running     0          8h
quayregistry-quay-database-bfd9c6fcc-wr9nx         1/1     Running     1          8h
quayregistry-quay-mirror-5958f59567-9mdmq          0/1     Running     91         8h
quayregistry-quay-mirror-5958f59567-l5jm4          0/1     Running     91         8h
quayregistry-quay-postgres-init-k8t96              0/1     Completed   0          8h
quayregistry-quay-redis-9999b6b5b-xtkdf            1/1     Running     0          8h

oc get pod quayregistry-clair-app-6574f7777-png9s -o json | jq '.spec.containers[0].image'
"registry.redhat.io/quay/clair-rhel8@sha256:cc1a862fd82109fb98dd93cf75a02ed9a2fcb60b906fa1f97160013fd16e5ef4"

{"level":"warn","component":"internal/indexer/controller/Controller.Index","manifest":"sha256:1e48201ccc2ab83afc435394b3bf70af0fa0055215c1e26a5da9b50a1ae367c9","state":"FetchLayers","error":"encountered error while fetching a layer: fetcher: request failed: Get \"https://quayregistry-quay-quay-enterprise.router-default.apps.quay-731.qe.devcluster.openshift.com/_storage_proxy/ZXlKMGVYQWlPaUpLVjFRaUxDSmhiR2NpT2lKU1V6STFOaUlzSW10cFpDSTZJbXN4U1ZSSU9VRlFjbk42Tm1sSlpUTjZhWFIyWVVSWlJuUnZjekJ0YVU5eWNVWldhVkZmY0dGbmRVa2lmUS5leUpwYzNNaU9pSnhkV0Y1SWl3aVlYVmtJam9pY1hWaGVYSmxaMmx6ZEhKNUxYRjFZWGt0Y1hWaGVTMWxiblJsY25CeWFYTmxMbkp2ZFhSbGNpMWtaV1poZFd4MExtRndjSE11Y1hWaGVTMDNNekV1Y1dVdVpHVjJZMngxYzNSbGNpNXZjR1Z1YzJocFpuUXVZMjl0SWl3aWJtSm1Jam94TmpJM05EWTVPREExTENKcFlYUWlPakUyTWpjME5qazRNRFVzSW1WNGNDSTZNVFl5TnpRMk9UZ3pOU3dpYzNWaUlqb2ljM1J2Y21GblpYQnliM2g1SWl3aVlXTmpaWE56SWpwYmV5SjBlWEJsSWpvaWMzUnZjbUZuWlhCeWIzaDVJaXdpZFhKcElqb2ljWFZoZVdGM2N6RTBNall3Tmk5a1lYUmhabWxzWlM5emFHRXlOVFl2TVRZdk1UWmxZek15WXpJeE16SmlORE0wT1RRNE16SmhNRFZtTW1Jd01tWTNZVGd5TWpRM09XWTRNalV3WXpFM00yUXdZV0l5TjJJelpHVTNPR0l5WmpBMU9EOVlMVUZ0ZWkxQmJHZHZjbWwwYUcwOVFWZFROQzFJVFVGRExWTklRVEkxTmlaWUxVRnRlaTFEY21Wa1pXNTBhV0ZzUFVGTFNVRlZUVkZCU0VOS1QwNHlOelZUV0VaYUpUSkdNakF5TVRBM01qZ2xNa1oxY3kxbFlYTjBMVElsTWtaek15VXlSbUYzY3pSZmNtVnhkV1Z6ZENaWUxVRnRlaTFFWVhSbFBUSXdNakV3TnpJNFZERXdOVFkwTlZvbVdDMUJiWG90Ulhod2FYSmxjejAyTURBbVdDMUJiWG90VTJsbmJtVmtTR1ZoWkdWeWN6MW9iM04wSmxndFFXMTZMVk5wWjI1aGRIVnlaVDAyWTJabFlURm1OelUwWldJd01qZ3lOMkk1T0dNMVlqQTRORE13TVRZNU5tRTJZekpsTldZM1lqQmxaalprTTJVMk1HUTRNVGd3WWpsalptWTBOalJoSWl3aWFHOXpkQ0k2SW5NekxuVnpMV1ZoYzNRdE1pNWhiV0Y2YjI1aGQzTXVZMjl0SWl3aWMyTm9aVzFsSWpvaWFIUjBjSE1pZlYwc0ltTnZiblJsZUhRaU9udDlmUS5YSHlLSnF1aXRLN3dWQVFraUdPbGpnVENfYWFEeUt1SEdXdUJUbEh4dEpoVVd6V18tRV9wbnVtOGFQOE1nR2VfdXNtY084SEhjU0hWQkxVSTFMMlRFTUJFOFB6TzkwR29SczNBTm5vX3NXX2hXS3d3OE9UejUtQUtUVmhYYm9kX1l2YVlWcXNQV0R6SG80WmxjTVNYY3Z2YzZodm51ZHhNVUFCSDBzcGZWSHRQNDl4MVlvc1c0cGlRbEJpaVROOWJfVmt4RkhzeF81bGJYRnJUT0RMTllzWXFaQURqMnV3T1NWZlJwSGZ4dVRHa3FDMGdNTFZRRUlhaTdqbjNTZy1kUk1WaGwteGxhd1V6SlE2V3V2eDROd1U2SUJMLXNtSVk3VFl5MC1makxBRFJjMi1kWXV5T2RkVkYyM1VCNlhDd2tULWppNVhMeElfa2lWZ2piejFhNVE=/https/s3.us-east-2.amazonaws.com/quayaws142606/datafile/sha256/16/16ec32c2132b43494832a05f2b02f7a822479f8250c173d0ab27b3de78b2f058?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAUMQAHCJON275SXFZ%2F20210728%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20210728T105645Z&X-Amz-Expires=600&X-Amz-SignedHeaders=host&X-Amz-Signature=6cfea1f754eb02827b98c5b084301696a6c2e5f7b0ef6d3e60d8180b9cff464a\": x509: certificate is valid for *.apps.quay-731.qe.devcluster.openshift.com, not quayregistry-quay-quay-enterprise.router-default.apps.quay-731.qe.devcluster.openshift.com","time":"2021-07-28T10:56:45Z","message":"layers fetch failure"}

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

clair_360_app_pod.logs
5.48 MB
2021/07/28 11:16 AM
image-2021-07-28-19-27-32-580.png
195 kB
2021/07/28 11:27 AM
image-2021-09-03-11-17-25-978.png
320 kB
2021/09/03 3:17 AM

is related to

PROJQUAY-2413 Mirror Job can't trust quay managed TLS cert

Closed

relates to

PROJQUAY-2921 Quay App route hostname is changed when upgrade from 3.4.7 to 3.6.2

Closed

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates