Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.13
-
Moderate
-
No
-
False
-
Description
Description of problem:
A cluster with a default (empty) `configs.spec.samplesRegistry` field but with whitelist entries in `image.spec.registrySources.allowedRegistries` causes openshift-samples CO in degraded state.
Version-Release number of selected component (if applicable):
4.13.30, 4.13.32
How reproducible:
100%
Steps to Reproduce:
1. Add the whitelist entries in image.spec.registrySources.allowedRegistries:
~~~
oc get image.config/cluster -o yaml
spec:
registrySources:
allowedRegistries:
- registry.apps.example.com
- quay.io
- registry.redhat.io
- image-registry.openshift-image-registry.svc:5000
- ghcr.io
- quay.apps.example.com
~~~
2. Delete the pod, so it recreates:
~~~
oc delete pod -l name=cluster-samples-operator -n openshift-cluster-samples-operator
~~~
3. The openshift-samples go to degraded state:
~~~
# oc get co openshift-samples
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE
openshift-samples 4.13.30 True True True 79m Samples installation in error at 4.13.30: &errors.errorString{s:"global openshift image configuration prevents the creation of imagestreams using the registry "}
~~~
4. The configs.samples spec is empty:
~~~
# oc get configs.samples.operator.openshift.io cluster -o jsonpath='{.spec}{"\n"}'
{"architectures":["x86_64"],"managementState":"Managed"}
~~~
Actual results:
The openshift-sample go to degraded state.
Expected results:
The openshift-sample should remain in healthy state.
Additional info:
We had a Bug (https://bugzilla.redhat.com/show_bug.cgi?id=2027745) earlier which was fixed in OCP 4.10.3 as per erratta (https://access.redhat.com/errata/RHSA-2022:0056).
One of my customer faced this issue when they upgraded the cluster from 4.12 to 4.13.32.
As a workaround updating the below lines under `image.config.spec` helped.
~~~
allowedRegistriesForImport
- domainName: registry.redhat.io
insecure: false
~~~~
