Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-2606

Quay Operator can't reconcile change from 'redhat quay handles tls' to 'my own loadbalancer handles tls'

XMLWordPrintable

      Description:

      This is an issue found use Quay config editor to change from use "Redhat Quay handles TLS" to "My own loadbalancer handles TLS", after click Reconfigure Quay, Operator can't reconcile the change, checked Quay Operator POD logs, get error ""reason": "ConfigInvalid", "message": "tls component marked as managed, but `configBundleSecret` contains required fields"", here Quay Operator should change to use OCP wildcard Cert.

      Note: Quay image is "quay-operator-bundle-container-v3.6.0-41"

      2021-09-28T12:01:26.884Z	INFO	server.Reconfigure	created new config secret for QuayRegistry: quay360/quay360
2021-09-28T12:01:26.884Z	INFO	server.Reconfigure	marking component as managed	{"component": "tls"}
2021-09-28T12:01:26.884Z	INFO	server.Reconfigure	marking component as managed	{"component": "postgres"}
2021-09-28T12:01:26.884Z	INFO	server.Reconfigure	marking component as managed	{"component": "clair"}
2021-09-28T12:01:26.884Z	INFO	server.Reconfigure	marking component as managed	{"component": "redis"}
2021-09-28T12:01:26.884Z	INFO	server.Reconfigure	marking component as managed	{"component": "mirror"}
2021-09-28T12:01:26.884Z	INFO	server.Reconfigure	marking component as unmanaged	{"component": "objectstorage"}
2021-09-28T12:01:26.897Z	INFO	controllers.QuayRegistry	begin reconcile	{"quayregistry": "quay360/quay360"}
2021-09-28T12:01:26.904Z	INFO	controllers.QuayRegistry	successfully retrieved referenced `configBundleSecret`	{"quayregistry": "quay360/quay360", "configBundleSecret": "quay360-quay-config-bundle-nsds6", "resourceVersion": "8309003"}
2021-09-28T12:01:26.904Z	INFO	controllers.QuayRegistry	provided TLS cert/key pair in `configBundleSecret` will be used
2021-09-28T12:01:26.932Z	INFO	controllers.QuayRegistry	cluster supports `Routes` API
2021-09-28T12:01:27.432Z	INFO	controllers.QuayRegistry	Detected cluster hostname apps.quay-perf-796.perfscale.devcluster.openshift.com
2021-09-28T12:01:27.432Z	INFO	controllers.QuayRegistry	detected router canonical hostname: apps.quay-perf-796.perfscale.devcluster.openshift.com
2021-09-28T12:01:27.443Z	INFO	controllers.QuayRegistry	detected cluster wildcard certificate for apps.quay-perf-796.perfscale.devcluster.openshift.com
2021-09-28T12:01:27.458Z	INFO	controllers.QuayRegistry	cluster supports `ObjectBucketClaims` API
2021-09-28T12:01:27.458Z	INFO	controllers.QuayRegistry	`ObjectBucketClaim` not found
2021-09-28T12:01:27.458Z	INFO	controllers.QuayRegistry	monitoring is only supported in AllNamespaces mode. Disabling component monitoring
2021-09-28T12:01:28.472Z	DEBUG	controller-runtime.manager.events	Warning	{"object": {"kind":"QuayRegistry","namespace":"quay360","name":"quay360","uid":"0d7d79a2-6bbe-43da-a45d-b2a1e4cd3624","apiVersion":"quay.redhat.com/v1","resourceVersion":"8309023"}, "reason": "ConfigInvalid", "message": "tls component marked as managed, but `configBundleSecret` contains required fields"}
2021-09-28T12:01:28.477Z	INFO	controllers.QuayRegistryStatus	quay components conditions reconciled (no changes)	{"quayregistrystatus": "quay360/quay360"}
2021-09-28T12:01:28.481Z	INFO	controllers.QuayRegistryStatus	quay components conditions reconciled (no changes)	{"quayregistrystatus": "quay360/quay360"}
2021-09-28T12:02:21.532Z	INFO	controllers.QuayRegistryStatus	quay components conditions reconciled (no changes)	{"quayregistrystatus": "quay360/quay360"}

      Steps:

      1. Deploy Quay with Quay Operator, choose to use managed route, unmanaged tls and unmanaged objectstorage components, running "oc create secret generic --from-file config.yaml=./config.yaml --from-file ssl.cert=./ssl.cert --from-file ssl.key=./ssl.key config-bundle-secret"
      2. Login Quay config Editor, and change Hostname and change to use "My own loadbalancer handles TLS"
      3. Click Validate Configurations Changes
      4. Click Reconfigure Quay
      5. Check QuayRegistry status

      Expected Results:

      Quay Operator reconcile the change successfully, and quay will use managed route and managed tls, use OCP Wildcard Cert.

      Actual Results:

      Quay Operator can't reconcile the change, report error "reason": "ConfigInvalid", "message": "tls component marked as managed, but `configBundleSecret` contains required fields""

       

        1. image-2021-10-08-11-26-58-705.png
          image-2021-10-08-11-26-58-705.png
          282 kB

              jonathankingfc Jonathan King (Inactive)
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: