Playing around with the Openshift-Sandbox I stuck in a (somehow) trivial problem. I build an image with a build-configuration and push it to ImageStreamTag:
(buildconfig)
(....)
spec:
nodeSelector: null
output:
to:
kind: ImageStreamTag
name: 'goedel-db-connector:latest'
(....)
This works fine and the Image seems to be there
oc get is/goedel-db-connector
NAME IMAGE REPOSITORY TAGS UPDATED
goedel-db-connector default-route-openshift-image-registry.apps.sandbox-m3.1530.p1.openshiftapps.com/gratinierer-dev/goedel-db-connector latest 2 minutes ago
As noted here my Imagestream should be correct
apiVersion: image.openshift.io/v1
metadata:
name: goedel-db-connector
namespace: gratinierer-dev
uid: 9e735a9e-3311-4fbf-8d14-cb491b5f8ee7
resourceVersion: '1384476123'
generation: 2
creationTimestamp: '2023-10-10T05:47:01Z'
spec:
lookupPolicy:
local: true
status:
dockerImageRepository: >-
image-registry.openshift-image-registry.svc:5000/gratinierer-dev/goedel-db-connector
publicDockerImageRepository: >-
default-route-openshift-image-registry.apps.sandbox-m3.1530.p1.openshiftapps.com/gratinierer-dev/goedel-db-connector
tags:
- tag: latest
items:
- created: '2023-10-10T05:47:01Z'
dockerImageReference: >-
image-registry.openshift-image-registry.svc:5000/gratinierer-dev/goedel-db-connector@sha256:44adfeb631dc0a9c23a7c44f28224ecb62294de695c61e7e8a9d8b5d21d5d5ce
image: >-
sha256:44adfeb631dc0a9c23a7c44f28224ecb62294de695c61e7e8a9d8b5d21d5d5ce
generation: 1
from that point I would expect, that a Service/Deployment with goedel-db-connector:latest should work. But it fails, whatever I try:
spec:
containerConcurrency: 0
containers:
- image: 'goedel-db-connector:latest'
name: goedel-db-connector
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
successThreshold: 1
tcpSocket:
port: 0
resources: {}
enableServiceLinks: false
timeoutSeconds: 300
status:
conditions:
- lastTransitionTime: '2023-10-10T05:48:47Z'
message: >-
Unable to fetch image "goedel-db-connector:latest": failed to resolve
image to digest: HEAD
https://index.docker.io/v2/library/goedel-db-connector/manifests/latest:
unexpected status code 401 Unauthorized (HEAD responses have no body,
use GET for details)
reason: ContainerMissing
status: 'False'
type: ContainerHealthy
- lastTransitionTime: '2023-10-10T05:48:47Z'
message: >-
Unable to fetch image "goedel-db-connector:latest": failed to resolve
image to digest: HEAD
https://index.docker.io/v2/library/goedel-db-connector/manifests/latest:
unexpected status code 401 Unauthorized (HEAD responses have no body,
use GET for details)
reason: ContainerMissing
status: 'False'
type: Ready
- lastTransitionTime: '2023-10-10T05:48:47Z'
reason: ResolvingDigests
status: Unknown
type: ResourcesAvailable
observedGeneration: 1
I can make it work, if I paste the full-path for image.
image: >-
default-route-openshift-image-registry.apps.sandbox-m3.1530.p1.openshiftapps.com/gratinierer-dev/goedel-db-connector@sha256:44adfeb631dc0a9c23a7c44f28224ecb62294de695c61e7e8a9d8b5d21d5d5ce
In this case the deployment runs fine, so the image is there and ready. but this should no be a desired solution in my eyes.
do I have a general misunderstanding of the concept?
There's a bug in RHOS 4.8+ where RH appears to have broken this functionality, then never fixed it. They published a workaround KB, then closed the bug as fixed based on the workaround KB.
In short, referring to imagestreams by short-name doesn't work properly, and you should instead generate the full RHOS container registry URI in your workloads.