Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-2389

Quay upgrade from 3.3.4 to 3.6.0 change TLS Termination from passthrough to edge

XMLWordPrintable

    • False
    • False
    • undefined

      Description:

      This is an issue found when upgrade from Quay 3.3.4 to Quay 3.6.0 directly, when in Quay 3.3.4 set the TLS Termination of Quay App Route to passthrough, after upgrade to Quay 3.6.0 directly, found the TLS Termination was changed to edge, the expected behavior should keep set TLS Termination as passthrough, because this is the config that customers prefer to use. Attached the logs of Quay 3.6.0 Operator.

      Note: Quay Operator Version is quay-operator-container-v3.6.0-2

      Quay 3.3.4:

      oc get route
      NAME                 HOST/PORT                                                                         PATH   SERVICES             PORT   TERMINATION            WILDCARD
      quay33-quay          quayv33.apps.quay-perf-732.perfscale.devcluster.openshift.com                            quay33-quay          8443   passthrough/Redirect   None
      quay33-quay-config   quay33-quay-config-quay33.apps.quay-perf-732.perfscale.devcluster.openshift.com          quay33-quay-config   8443   passthrough/Redirect   None

      Quay 3.3.4 QuayEcosystem CR:

      apiVersion: redhatcop.redhat.io/v1alpha1
      kind: QuayEcosystem
      metadata:
        name: quay33
      spec:
        quay:
          imagePullSecretName: redhat-pull-secret
          enableRepoMirroring: true
          image: quay.io/quay/quay:v3.3.4-2
          registryBackends:
            - name: default
              s3:
                accessKey: ******
                bucketName: quay330
                secretKey: ******
                host: s3.us-east-2.amazonaws.com
          externalAccess:
            hostname: quayv33.apps.quay-perf-732.perfscale.devcluster.openshift.com
            tls:
              secretName: quay33tls
              termination: passthrough
          database:
            volumeSize: 30Gi
          envVars:
            - name: DEBUGLOG
              value: "true"
        clair:
          enabled: true
          image: quay.io/quay/clair-jwt:v3.3.4-1
          imagePullSecretName: redhat-pull-secret
      

      Quay 3.6.0:

      oc get route
      NAME                        HOST/PORT                                                                                PATH   SERVICES                    PORT   TERMINATION            WILDCARD
      quay33-quay                 quayv33.apps.quay-perf-732.perfscale.devcluster.openshift.com                                   quay33-quay-app             http   edge/Redirect          None
      quay33-quay-builder         quay33-quay-builder-quay33.apps.quay-perf-732.perfscale.devcluster.openshift.com                quay33-quay-app             grpc   edge                   None
      quay33-quay-config          quay33-quay-config-quay33.apps.quay-perf-732.perfscale.devcluster.openshift.com                 quay33-quay-config          8443   passthrough/Redirect   None
      quay33-quay-config-editor   quay33-quay-config-editor-quay33.apps.quay-perf-732.perfscale.devcluster.openshift.com          quay33-quay-config-editor   http   edge/Redirect          None
      

            jonathankingfc Jonathan King
            lzha1981 luffy zhang
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: