Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-2103

RH SSO operator's deployment request for postgresql image with tag, instead of digest value, this is bothering smooth installation in disconnected env.

XMLWordPrintable

    • False
    • None
    • False
    • Major
    • Optional
    • Workaround Exists
    • Hide

      Work around used,
      1) https://access.redhat.com/solutions/4817401 << Tested one
      2) # oc edit subscriptions.operators.coreos.com/rhsso-operator << suggested one
      ---------------------
      apiVersion: operators.coreos.com/v1alpha1
      kind: Subscription
      metadata:
      labels:
      operators.coreos.com/rhsso-operator.default: ""
      channel: stable
      config:
      env:

      name: RELATED_IMAGE_POSTGRESQL
      value: registry.example.com/myrepo/postgresql-10:1
      installPlanApproval: Automatic
      name: rhsso-operator
      source: my-sso-index
      sourceNamespace: openshift-marketplace
      startingCSV: rhsso-operator.7.6.0-opr-002
      ---------------------
      Then delete the keycloak resource and recreate.

      Show
      Work around used, 1) https://access.redhat.com/solutions/4817401 << Tested one 2) # oc edit subscriptions.operators.coreos.com/rhsso-operator << suggested one --------------------- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: labels: operators.coreos.com/rhsso-operator.default: "" channel: stable config: env: name: RELATED_IMAGE_POSTGRESQL value: registry.example.com/myrepo/postgresql-10:1 installPlanApproval: Automatic name: rhsso-operator source: my-sso-index sourceNamespace: openshift-marketplace startingCSV: rhsso-operator.7.6.0-opr-002 --------------------- Then delete the keycloak resource and recreate.
    • Hide

      OpenShift Version : 4.10.17
      RHSSO version : 7.5.2-opr-003
      Steps to install RHSSO :

      Customer is deploying SSO operator in a disconnected environment, which is why we have mirrored the latest available version at that time (~3-4 weeks ago).
      As for SSO deployment, it was done by directly following our available documentation, with installing of operator via OperatorHub, followed by creating the required CRDs for SSO operator.

      As mentioned previously, the error only occurs after an SSO instance is deployed, where due to the keycloak-postgresql image being mentioned via tag instead of digest caused the image pull to fail.
      Our understanding is that since SSO currently supports disconnected environment, the SSO operator should have reference the keycloak-postgresql image by sha digest instead.

      Show
      OpenShift Version : 4.10.17 RHSSO version : 7.5.2-opr-003 Steps to install RHSSO : mirroring SSO: https://docs.openshift.com/container-platform/4.10/operators/admin/olm-restricted-networks.html and https://docs.openshift.com/container-platform/4.10/installing/disconnected_install/installing-mirroring-installation-images.html#olm-mirroring-catalog_installing-mirroring-installation-images installing SSO: https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/html-single/server_installation_and_configuration_guide/index#installing-operator Customer is deploying SSO operator in a disconnected environment, which is why we have mirrored the latest available version at that time (~3-4 weeks ago). As for SSO deployment, it was done by directly following our available documentation, with installing of operator via OperatorHub, followed by creating the required CRDs for SSO operator. As mentioned previously, the error only occurs after an SSO instance is deployed, where due to the keycloak-postgresql image being mentioned via tag instead of digest caused the image pull to fail. Our understanding is that since SSO currently supports disconnected environment, the SSO operator should have reference the keycloak-postgresql image by sha digest instead.

      In OCP4 we are supposed to use all images by it's digest value. But in our customer's env RHSSO operator is trying to pull it by tag (postgresql image), it is creating mess in Disconnected env.

      in https://github.com/keycloak/keycloak-operator/blob/main/pkg/model/image_manager.go i can see all images are referred by tag , it should be by sha256 value

      We need to get back to the customer on the following:

      In a disconnected mode, how can 7.5.1-opr-010 be mirrored for a disconnected environment?

      fix that image name with digest value in 7.5.2-opr-003 and a timeline for this fix.
      Cause this issue will again arise while operator upgrade.

            Unassigned Unassigned
            rhn-support-manyayad Mahesh Nyayadhish
            Votes:
            5 Vote for this issue
            Watchers:
            16 Start watching this issue

              Created:
              Updated:
              Resolved: