New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove pull secret copy, defer to image registry #249
remove pull secret copy, defer to image registry #249
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: gabemontero The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@ricardomaraschini ... the image-ecosystem failures are around imagestream imports failing because of credentials. In some of the test output I seen message like And when I examine the imagestreams in the must gather located at https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_cluster-samples-operator/249/pull-ci-openshift-cluster-samples-operator-master-e2e-aws-image-ecosystem/922/artifacts/e2e-aws-image-ecosystem/must-gather.tar I see consistently see this across all the imagestreams:
I would contend your image-registry change is not working as expected. |
in talking with @ricardomaraschini it looks like this PR would need openshift/openshift-apiserver#83 and openshift/cluster-openshift-apiserver-operator#284 as well |
de11294
to
7703d2f
Compare
/retest |
@@ -487,7 +477,15 @@ func (h *Handler) CreateDefaultResourceIfNeeded(cfg *v1.Config) (*v1.Config, err | |||
func (h *Handler) initConditions(cfg *v1.Config) *v1.Config { | |||
now := kapis.Now() | |||
util.Condition(cfg, v1.SamplesExist) | |||
util.Condition(cfg, v1.ImportCredentialsExist) | |||
creds := util.Condition(cfg, v1.ImportCredentialsExist) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not deleting this condition in case customers are coding to it
could entertain marking deprecated in openshift/api
ci build pain wit its internal imagestreams with e2e-aws and e2e-aws-upgrade we'll see what happens with the other 2 in flight e2es |
yeah @dmage @ricardomaraschini I'm still getting |
Very interesting. How does the update work on CI? I mean, how can we be sure that we did have the new version of the apiserver when this test happened? |
Yeah, it seems like it is running the new version(judging by the artifacts). No idea why it is not working at this stage. |
@ricardomaraschini @dmage perhaps it makes sense when you guys have cycles to use cluster bot on slack to launch a cluster from this PR and start investigating. |
/test e2e-aws-operator @gabemontero @dmage I ran e2e tests using this PR branch on a cluster and they succeeded. I am not sure if these tests use the hypershift
|
Seems like the failure has changed now for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gabemontero I have created PR(gabemontero#2) against your branch that removes a check for the existence of a secret on openshift
namespace, IIUC the logic to create that secret has been removed.
7703d2f
to
4a38483
Compare
updated this PR with @ricardomaraschini 's gabemontero#2 thanks @ricardomaraschini |
4a38483
to
892f9f5
Compare
terraform / aws flake with latest e2e-aws-operator /test e2e-aws-operator |
failed to acquire lease e2e upgrade /test e2e-aws-upgrade |
failed to acquire lease image eco /test e2e-aws-image-ecosystem |
/retest |
2 similar comments
/retest |
/retest |
ok @dmage @ricardomaraschini we got imagestream imports in the openshift namespace working via the latest image-eco and operator e2e's !! based on how CI health is on Friday, we'll see about getting this in |
/test e2e-aws-upgrade |
/test e2e-aws |
With @ricardomaraschini 's openshift/image-registry#226 merged here is my change here the change that remove's samples operator's copying of the install pull secret to the openshift namespace
I still have my prometheus metrics around whether the pull secret has TBR credentials, but it now just looks at the install pull secret directly.
Have not tried it in a local cluster yet so marked WIP for now
@openshift/openshift-team-developer-experience FYI