-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OPRUN-3566: UPSTREAM: <carry>: Add global-pull-secret flag #75
OPRUN-3566: UPSTREAM: <carry>: Add global-pull-secret flag #75
Conversation
@m1kola: This pull request references OPRUN-3566 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Skipping CI for Draft Pull Request. |
@m1kola: This pull request references OPRUN-3566 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
6ad06bd
to
a24f239
Compare
/hold |
@m1kola: This pull request references OPRUN-3566 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
At this point we have a flag and all the required RBAC, but I think both catalogd and operator-controller need to be built with |
Ah, it looks like we do build with conditions:
- lastTransitionTime: "2024-10-11T08:13:02Z"
message: 'source catalog content: error copying image: copying system image
from manifest list: Can not copy signatures to oci:/tmp/oci-layout-redhat-community-operators658406605:registry.redhat.io/redhat/community-operator-index@sha256:907fece168a3753e606a31c9c976ef49153487205e9bce8481ea5c1e0bf7f905:
Pushing signatures for OCI images is not supported'
observedGeneration: 1
reason: Retrying
status: "True"
type: Progressing
|
Ok, so it fails because on OCP we have this:
With this config in place image copying fails. Now need to figure out how to make it work. |
With this patch to upstream it works, but not sure if this is a proper solution. Need to dig a bit more on implications of doing this. diff --git a/internal/source/containers_image.go b/internal/source/containers_image.go
index cf40b62..44458de 100644
--- a/internal/source/containers_image.go
+++ b/internal/source/containers_image.go
@@ -130,7 +130,8 @@ func (i *ContainersImageRegistry) Unpack(ctx context.Context, catalog *catalogdv
//
//////////////////////////////////////////////////////
if _, err := copy.Image(ctx, policyContext, layoutRef, dockerRef, ©.Options{
- SourceCtx: srcCtx,
+ RemoveSignatures: true,
+ SourceCtx: srcCtx,
}); err != nil {
return nil, fmt.Errorf("error copying image: %w", err)
} |
Where are we on this @m1kola? |
@tmshort the latest is in the comments above. Pull secret works, but catalogd (and operator-controller too, I suspect) will fail to unpack images due to this issue. |
operator-framework/catalogd#431 and operator-framework/operator-controller#1369 should resolve the blocker after syncing downstream. |
a24f239
to
be3b547
Compare
Pass global-pull-secret to the manager container. Signed-off-by: Mikalai Radchuk <mradchuk@redhat.com>
be3b547
to
ff6e98e
Compare
@m1kola: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
/unhold Removing hold. I think it is ready to go. See openshift/operator-framework-operator-controller#166 (comment) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: anik120, m1kola The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
[ART PR BUILD NOTIFIER] Distgit: ose-olm-catalogd |
Pass global-pull-secret to the manager container.