Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-2431

Busybox dependency in Kieserver DeploymentConfig causing issues when starting pod

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.6.0.GA
    • 7.5.0.GA
    • Cloud
    • None

    • KIE server pods that are dependent in other pods

    • Release Notes
    • CR2
    • Workaround Exists
    • Hide

      For the nslookup problem

      The busybox version 1.28.4 works perfectly. So one could update the tag on the DC to use that image or mark this tag as latest on the registry.

      Also, if used the full service name for the nslookup script, should work:

       - until nslookup rhpam-rewards2-postgresql.bsig-cloud.svc.cluster.local && nc -vz rhpam-rewards2-postgresql 5432; do echo waiting for rhpam-rewards2-postgresql; sleep 2; done;

      For the docker.io blocked access

      Might be a problem while downloading the busybox image from the docker.io registry. Users could block the docker.io access completely from their clusters.

      If this happens, a solution would to pull the image locally and then push it to the OpenShift internal repository:

      1. pull the image with docker pull docker.io/busybox:1.28.4 into a local machine that has access to the cluster
      2. Tag the image with the latest tag: docker tag docker.io/busybox:1.28.4 myopenshiftcluster/openshift/busybox:latest
      3. push this image to the internal OpenShift registry in the openshift namespace. Follow this doc to do so: https://cookbook.openshift.org/image-registry-and-image-streams/how-do-i-push-an-image-to-the-internal-image-registry.html

      If following the linked doc, the final image should be tag as:

      docker tag docker.io/busybox:1.28.4 registry.pro-us-east-1.openshift.com:443/openshift/busybox:latest
      Show
      For the nslookup problem The busybox version 1.28.4 works perfectly. So one could update the tag on the DC to use that image or mark this tag as latest on the registry. Also, if used the full service name for the nslookup script, should work: - until nslookup rhpam-rewards2-postgresql.bsig-cloud.svc.cluster.local && nc -vz rhpam-rewards2-postgresql 5432; do echo waiting for rhpam-rewards2-postgresql; sleep 2; done; For the docker.io blocked access Might be a problem while downloading the busybox image from the docker.io registry. Users could block the docker.io access completely from their clusters. If this happens, a solution would to pull the image locally and then push it to the OpenShift internal repository: 1. pull the image with docker pull docker.io/busybox:1.28.4 into a local machine that has access to the cluster 2. Tag the image with the latest tag: docker tag docker.io/busybox:1.28.4 myopenshiftcluster/openshift/busybox:latest 3. push this image to the internal OpenShift registry in the openshift namespace. Follow this doc to do so: https://cookbook.openshift.org/image-registry-and-image-streams/how-do-i-push-an-image-to-the-internal-image-registry.html If following the linked doc, the final image should be tag as: docker tag docker.io/busybox:1.28.4 registry.pro-us-east-1.openshift.com:443/openshift/busybox:latest
    • Hide

      1. Have a deployment of a kieserver with PostgreSQL or MySQL (immutable will do)
      2. Update OpenShift registry to the latest busybox image: docker pull busybox
      3. Scale down and then up your kieserver pod
      4. You should stuck on Init: 0/1 while waiting for the kieserver pod to fire up

      Show
      1. Have a deployment of a kieserver with PostgreSQL or MySQL (immutable will do) 2. Update OpenShift registry to the latest busybox image: docker pull busybox 3. Scale down and then up your kieserver pod 4. You should stuck on Init: 0/1 while waiting for the kieserver pod to fire up
    • 2019 Week 44-46 (from Okt 28), 2019 Week 50-52 (from Dec 9)

    Description

      Today we are dependent from busybox image to perform some initialization tasks on kieserver pods. This dependency could bring some risks to users like:

      1. This image is maintained by Docker community, which is something that we can't control
      2. It's based on Alpine/Debian distros
      3. It's on Docker Hub, and Red Hat is moving away from it to use Quay
      4. Some customers cut the access to Dockerhub on production for security reasons. This could jeopardize the kieserver based images to fire up at all

      Today, we have a possible bug in busybox that makes nslookup command to fail:
      https://github.com/docker-library/busybox/issues/61

      And Red Hat doesn't support busybox.

      To resolve this, we need to prepare an image based on ubi8-minimal to have the binaries needed for this check and replace the busybox with this one.

      Attachments

        Activity

          People

            rhn-support-mmagnani Mauricio Magnani
            mramendi Mikhail Ramendik
            Karel Suta Karel Suta
            Karel Suta Karel Suta
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: