Details
-
Bug
-
Resolution: Done
-
Blocker
-
quay-v3.7.0
Description
Description:
This is an issue found when config Quay to use TLS Proxy, now after created QuayRegistry CR by add proxy server(TLS Proxy Server) via env variable, quay app pod was crashed, the reason is the expected Proxy TLS Cert is not mounted in quay app pod, here use config editor to upload the proxy TLS Cert, but the results is can't trigger quay operator to reconcile the change.
Quay Image: quay-operator-bundle-container-v3.7.0-75
Can't reconfigure Quay when Quay APP POD in crashed status:
QuayRegistry CR:
apiVersion: quay.redhat.com/v1 kind: QuayRegistry metadata: name: quay37 spec: configBundleSecret: config-bundle-secret components: - kind: objectstorage managed: false - kind: route managed: true - kind: mirror managed: true overrides: env: - name: HTTP_PROXY value: quayproxy.qe.devcluster.openshift.com:3128 - name: HTTPS_PROXY value: quayproxy.qe.devcluster.openshift.com:3128 - name: DEBUGLOG value: "true" - kind: tls managed: false - kind: clair managed: true overrides: env: - name: HTTP_PROXY value: quayproxy.qe.devcluster.openshift.com:3128 - name: HTTPS_PROXY value: quayproxy.qe.devcluster.openshift.com:3128 - kind: quay managed: true overrides: env: - name: DEBUGLOG value: "true" - name: HTTP_PROXY value: quayproxy.qe.devcluster.openshift.com:3128 - name: HTTPS_PROXY value: quayproxy.qe.devcluster.openshift.com:3128
Quay Pods list:
oc get pod
NAME READY STATUS RESTARTS AGE
quay-operator.v3.7.0-766c8dc9b5-s4684 1/1 Running 0 71m
quay37-clair-app-56654bb966-kvgk2 1/1 Running 0 13m
quay37-clair-app-56654bb966-nfn2p 1/1 Running 0 13m
quay37-clair-postgres-678ff4c8cf-t6jx9 1/1 Running 1 (12m ago) 13m
quay37-quay-app-7466b88c4-9zzkb 0/1 CrashLoopBackOff 7 (44s ago) 12m
quay37-quay-app-7466b88c4-bcg2v 0/1 CrashLoopBackOff 7 (39s ago) 12m
quay37-quay-app-upgrade-drr7t 0/1 Completed 0 13m
quay37-quay-config-editor-dc7fcbb67-76mbg 1/1 Running 0 13m
quay37-quay-database-6c88646cbc-ch7j9 1/1 Running 0 13m
quay37-quay-mirror-5d7c7d9797-lvmnp 0/1 Init:CrashLoopBackOff 7 (35s ago) 13m
quay37-quay-mirror-5d7c7d9797-pp2lw 0/1 Init:CrashLoopBackOff 7 (48s ago) 13m
quay37-quay-redis-7bd9fc84f7-wgsnb 1/1 Running 0 13m
Quay config.yaml:
DEFAULT_SYSTEM_REJECT_QUOTA_BYTES: 102400000 FEATURE_EXTENDED_REPOSITORY_NAMES: true CREATE_REPOSITORY_ON_PUSH_PUBLIC: true FEATURE_QUOTA_MANAGEMENT: true FEATURE_PROXY_CACHE: true FEATURE_USER_INITIALIZE: true SERVER_HOSTNAME: quay370.apps.quayperf370.perfscale.devcluster.openshift.com ALLOWED_OCI_ARTIFACT_TYPES: application/vnd.cncf.helm.config.v1+json: - application/tar+gzip application/vnd.oci.image.layer.v1.tar+gzip+encrypted: - application/vnd.oci.image.layer.v1.tar+gzip+encrypted DEFAULT_TAG_EXPIRATION: 4w TAG_EXPIRATION_OPTIONS: - 2w - 4w - 8w FEATURE_GENERAL_OCI_SUPPORT: true FEATURE_HELM_OCI_SUPPORT: true SUPER_USERS: - quay - admin USERFILES_LOCATION: default USERFILES_PATH: userfiles/ DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: - default DISTRIBUTED_STORAGE_PREFERENCE: - default DISTRIBUTED_STORAGE_CONFIG: default: - S3Storage - s3_bucket: quay370 storage_path: /quay370 s3_access_key: *** s3_secret_key: *** host: s3.us-east-2.amazonaws.com
Steps:
- Deploy Quay with Quay Operator, provide proxy server via env variable to quay and mirror components
- Quay, Mirror PODs are crashed(this is expected behavior, as not providing the Proxy TLS Cert)
- Login Quay Config editor, upload the Proxy TLS Cert
- Click Validate Configurations
- Click Reconfigure Quay
Expected Results:
Quay Operator can reconcile the change, and after reconcile the Proxy TLS Cert is mounted to Quay and Mirror PODs successfully.
Actual Results:
Quay Operator can't reconcile the change.