Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-3593

Quay 3.7.0 Operator reconcile does not redeploy Clair APP POD after upload Custom Certificate via config editor

XMLWordPrintable

      Description:

      This is an issue found when use config editor to upload Custom SSL Cert, here the issue is after upload custom cert, click 'reconfigure quay' button, Quay Operator will reconcile the change, the results is quay, mirror, config editor PODs are redeployed, but Clair APP PODs are not redeployed, this cause the new uploaded proxy TLS Cert can't be mounted to Clair APP POD.

      How to deploy Proxy server with TLS Cert:

      https://docs.google.com/document/d/1LPnvvANEuXHSoD-kXwb0ToB7kCeek3iJXRA9qKpMSxk/edit?usp=sharing 

      Quay Image: quay-operator-bundle-container-v3.7.0-73

      oc get pod
NAME                                          READY   STATUS              RESTARTS        AGE
demo370-clair-app-659c58b7f9-csn6v            1/1     Running             0               5m5s
demo370-clair-app-659c58b7f9-nf4zc            1/1     Running             0               5m5s
demo370-clair-postgres-856746f9cf-8hz27       1/1     Running             1 (4m50s ago)   5m5s
demo370-quay-app-57867f69cb-6vg4d             1/1     Running             0               4m24s
demo370-quay-app-57867f69cb-hwx5j             1/1     Running             0               4m24s
demo370-quay-app-6cb79db84d-fp8gk             0/1     ContainerCreating   0               2s
demo370-quay-app-upgrade-ldsqp                0/1     Completed           0               4m56s
demo370-quay-config-editor-59db7dc65f-vt6xp   1/1     Running             0               4m56s
demo370-quay-config-editor-698c7778d5-6v798   0/1     ContainerCreating   0               2s
demo370-quay-database-76bc4b4585-nq55h        1/1     Running             0               5m5s
demo370-quay-mirror-b9ccc8c5b-b889d           1/1     Terminating         0               4m24s
demo370-quay-mirror-b9ccc8c5b-mq2vp           1/1     Terminating         0               4m24s
demo370-quay-redis-7c58b75569-vxtdd           1/1     Running             0               5m5s
quay-operator.v3.7.0-9fd6b99ff-zs25c          1/1     Running             0               7h10m

      QuayRegistry CR:

      apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
  name: quay370
spec:
  configBundleSecret: config-bundle-secret
  components:
    - kind: objectstorage
      managed: false
    - kind: route
      managed: true
    - kind: mirror
      managed: false
    - kind: tls
      managed: false
    - kind: clair
      managed: true
      overrides:
        env:
          - name: HTTP_PROXY
            value: quayproxy.qe.devcluster.openshift.com:3128
          - name: HTTPS_PROXY
            value: quayproxy.qe.devcluster.openshift.com:3128
    - kind: quay
      managed: true
      overrides:
        env:
          - name: DEBUGLOG
            value: "true

      Steps:

      1. Deploy Quay with Quay Operator, give proxy env variable to clair component
      2. Login Quay config editor, upload the proxy TLS Cert
      3. Click Validate configurations
      4. Click Reconfigure Quay
      5. Check Clair APP POD status

      Expected Results:

      Clair APP PODs are redeployed, and the new uploaded proxy TLS Cert is mounted to new Clair APP POD successfully.

      Actual Results:

      Clair APP PODs are NOT redeployed

              jonathankingfc Jonathan King (Inactive)
              lzha1981 luffy zhang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: