-
Bug
-
Resolution: Done
-
Blocker
-
None
-
quay-v3.11.9
-
None
-
False
-
-
False
-
-
-
Critical
Description
QBO 3.11.9 pull non-exist ose-kube-rbac-proxy image, cause QBO installation failed
Version
quay-bridge-operator-bundle-container-v3.11.9-1
Reproduced steps
1. install QBO 3.11.9
Actual results
QBO installation fails, pod is not running
$ oc describe pod quay-bridge-operator-6d6c976cb8-cc5fv -n openshift-operators
Name: quay-bridge-operator-6d6c976cb8-cc5fv
Namespace: openshift-operators
Priority: 0
Service Account: quay-bridge-operator
Node: ip-10-0-34-43.us-east-2.compute.internal/10.0.34.43
Start Time: Tue, 18 Feb 2025 19:37:47 +0800
Labels: name=quay-bridge-operator
pod-template-hash=6d6c976cb8
Annotations: alm-examples:
[
{
"apiVersion": "quay.redhat.com/v1",
"kind": "QuayIntegration",
"metadata": {
"name": "quay"
},
"spec": {
"clusterID": "openshift",
"credentialsSecret": {
"name": "quay-credentials",
"namespace": "openshift-operators"
},
"insecureRegistry": false
}
}
]
capabilities: Full Lifecycle
categories: OpenShift Optional
containerImage: registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc9ad427b952e0d5ab83a55b43a21a2ccf2eb5a128bcd028591c58aeb10007b3
createdAt: 2021-07-09 14:07 UTC
description: Enhance OCP using Red Hat Red Hat container registry
features.operators.openshift.io/disconnected: true
features.operators.openshift.io/fips-compliant: true
features.operators.openshift.io/proxy-aware: false
features.operators.openshift.io/tls-profiles: false
features.operators.openshift.io/token-auth-aws: false
features.operators.openshift.io/token-auth-azure: false
features.operators.openshift.io/token-auth-gcp: false
k8s.ovn.org/pod-networks:
{"default":{"ip_addresses":["10.131.2.41/23"],"mac_address":"0a:58:0a:83:02:29","gateway_ips":["10.131.2.1"],"routes":[{"dest":"10.128.0.0...
k8s.v1.cni.cncf.io/network-status:
[{
"name": "ovn-kubernetes",
"interface": "eth0",
"ips": [
"10.131.2.41"
],
"mac": "0a:58:0a:83:02:29",
"default": true,
"dns": {}
}]
olm.operatorGroup: global-operators
olm.operatorNamespace: openshift-operators
olm.skipRange: >=3.8.x <3.11.9
olm.targetNamespaces:
olmcahash: 99aac0bdb2c0055ca6f4cbd5fdab398b117598f0c8cf8538cb645ec78a752a3a
openshift.io/scc: restricted-v2
operatorframework.io/properties:
{"properties":[{"type":"olm.gvk","value":{"group":"quay.redhat.com","kind":"QuayIntegration","version":"v1"}},{"type":"olm.package","value...
operators.openshift.io/infrastructure-features: ["disconnected", "fips"]
operators.openshift.io/valid-subscription: ["OpenShift Platform Plus", "Red Hat Quay"]
operators.operatorframework.io/builder: operator-sdk-v1.9.0+git
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
quay-version: 3.11.9
repository: https://github.com/quay/quay-bridge-operator
seccomp.security.alpha.kubernetes.io/pod: runtime/default
Status: Pending
SeccompProfile: RuntimeDefault
IP: 10.131.2.41
IPs:
IP: 10.131.2.41
Controlled By: ReplicaSet/quay-bridge-operator-6d6c976cb8
Containers:
kube-rbac-proxy:
Container ID:
Image: registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:bd36d38375b23ce370f5f5f015b1381da664222b36d221102f60d16a6c42af66
Image ID:
Port: 8443/TCP
Host Port: 0/TCP
Args:
--secure-listen-address=0.0.0.0:8443
--upstream=http://127.0.0.1:8080/
--logtostderr=true
--v=10
State: Waiting
Reason: ErrImagePull
Ready: False
Restart Count: 0
Environment:
OPERATOR_CONDITION_NAME: quay-bridge-operator.v3.11.9
Mounts:
/apiserver.local.config/certificates from apiservice-cert (rw)
/tmp/k8s-webhook-server/serving-certs from webhook-cert (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-k4wqm (ro)
manager:
Container ID: cri-o://bfc94108a1c78a226dd96b3737176f35b88b2c2f843ecdf399b6255bc2e50686
Image: registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc9ad427b952e0d5ab83a55b43a21a2ccf2eb5a128bcd028591c58aeb10007b3
Image ID: registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6134fd306361614404008d9c8d38d41a88e5d496fe27d7e359f46d6f30fe9dc3
Port: 9443/TCP
Host Port: 0/TCP
Command:
/manager
Args:
--health-probe-bind-address=:8081
--metrics-bind-address=127.0.0.1:8080
--leader-elect
State: Running
Started: Tue, 18 Feb 2025 19:37:51 +0800
Ready: True
Restart Count: 0
Limits:
cpu: 200m
memory: 512Mi
Requests:
cpu: 200m
memory: 400Mi
Liveness: http-get http://:8081/healthz delay=15s timeout=1s period=20s #success=1 #failure=3
Readiness: http-get http://:8081/readyz delay=5s timeout=1s period=10s #success=1 #failure=3
Environment:
OPERATOR_CONDITION_NAME: quay-bridge-operator.v3.11.9
Mounts:
/apiserver.local.config/certificates from apiservice-cert (ro)
/tmp/k8s-webhook-server/serving-certs from webhook-cert (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-k4wqm (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
apiservice-cert:
Type: Secret (a volume populated by a Secret)
SecretName: quay-bridge-operator-service-cert
Optional: false
webhook-cert:
Type: Secret (a volume populated by a Secret)
SecretName: quay-bridge-operator-service-cert
Optional: false
kube-api-access-k4wqm:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
ConfigMapName: openshift-service-ca.crt
ConfigMapOptional: <nil>
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/memory-pressure:NoSchedule op=Exists
node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 45s default-scheduler Successfully assigned openshift-operators/quay-bridge-operator-6d6c976cb8-cc5fv to ip-10-0-34-43.us-east-2.compute.internal
Normal AddedInterface 45s multus Add eth0 [10.131.2.41/23] from ovn-kubernetes
Normal Pulling 45s kubelet Pulling image "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc9ad427b952e0d5ab83a55b43a21a2ccf2eb5a128bcd028591c58aeb10007b3"
Normal Pulled 42s kubelet Successfully pulled image "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc9ad427b952e0d5ab83a55b43a21a2ccf2eb5a128bcd028591c58aeb10007b3" in 2.941s (2.941s including waiting). Image size: 147017959 bytes.
Normal Created 42s kubelet Created container manager
Normal Started 42s kubelet Started container manager
Normal Pulling 21s (x2 over 45s) kubelet Pulling image "registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:bd36d38375b23ce370f5f5f015b1381da664222b36d221102f60d16a6c42af66"
Warning Failed 20s (x2 over 45s) kubelet Failed to pull image "registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:bd36d38375b23ce370f5f5f015b1381da664222b36d221102f60d16a6c42af66": reading manifest sha256:bd36d38375b23ce370f5f5f015b1381da664222b36d221102f60d16a6c42af66 in registry.redhat.io/openshift4/ose-kube-rbac-proxy: manifest unknown
Warning Failed 20s (x2 over 45s) kubelet Error: ErrImagePull
Normal BackOff 8s (x4 over 41s) kubelet Back-off pulling image "registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:bd36d38375b23ce370f5f5f015b1381da664222b36d221102f60d16a6c42af66"
Warning Failed 8s (x4 over 41s) kubelet Error: ImagePullBackOff
