-
Feature Request
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
False
-
False
-
undefined
-
-
-
-
-
1. Proposed title of this feature request
> Add the possibility to set the reference policy setting for platform-generated imagestreams.
2. What is the nature and description of the request?
> The platform generated certain imagestreams like cli, must-gather, tools, test,... in the openshift namespace. This is great although some environments have the requirement to set the reference policy setting on these imagestreams to Local instead of the default Source. Please implement a way to override that default setting in a gitops-compatible way (for example a setting in a custom resource is a viable option)
3. Why does the customer need this? (List the business requirements here)
> The provided imagestreams are extremely useful for platform owners/administrators but also platform users. Without being able to set the referencepolicy to local, these imagestreams are not working in our environment (as Source will redirect to quay.io; which is not allowed on the multus attached networks (default route is on this second attached interface).
Detailed Scenario:
``````````````
On OCP4 in the openshift namespace there are a couple of imagestreams imported by default i.e. cli, tools, must-gather,... are some examples. These imagestreams are generated with referencepolicy: Source.
My customer is having a disconnected environment, in combination with multus (dedicated egress networks per major environment within the same cluster), the referencepolicy: Source is an issue.
Context:
Only the management network is having internet access via the proxy. That is how they import these images. The egress networks do not have access to the internet (which is used for all application builds, runtime,...). These egress networks are having the default route on the pods.
--> result: the cli image for example cannot be pulled when the referencepolicy is set to Source as it will try to pull from quay.io. If we are able to configure these images to referencepolicy: Local we dont have that issue as it will be pulled from the internal registry and the initial pull from quay.io can perfectly happen via the management network.
So my question is: how can we set the referencepolicy to Local on these generated imagestreams (they are using gitops so it must be able to apply via a custom resource or via a yaml file)
4. List any affected packages or components.
Operators which are part of the Install Payload (must-gather, CLI, tools, etc), as of other Operators which are managed by Samples Operator.