Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oc cluster up --service-catalog=true uses canary service catalog images #15237

Closed
spadgett opened this issue Jul 17, 2017 · 9 comments · Fixed by #15316
Closed

oc cluster up --service-catalog=true uses canary service catalog images #15237

spadgett opened this issue Jul 17, 2017 · 9 comments · Fixed by #15316
Assignees
@pmorie @bparees @derekwaynecarr
Labels
component/cluster-up kind/bug Categorizes issue or PR as related to a bug. priority/P2

Comments

@spadgett
Copy link
Member

spadgett commented Jul 17, 2017
edited
Loading

There are some API breaking changes coming to service catalog. In the near term, pod presets for bindings is changing, but there might be other breaking changes down the line. If we continue to use the canary images, the catalog will likely be broken later when run with the 3.6 console.

@bparees @jwforres @pmorie @csrwng
@bparees
Copy link
Contributor

bparees commented Jul 17, 2017

are the canary images not going to get those updates?

@pweil- pweil- added kind/bug Categorizes issue or PR as related to a bug. priority/P2 labels Jul 17, 2017
@jwforres
Copy link
Member

jwforres commented Jul 17, 2017 via email

@csrwng csrwng assigned bparees and unassigned csrwng Jul 17, 2017
@bparees
Copy link
Contributor

bparees commented Jul 17, 2017

@jwforres so is the SC team going to tag an image level that we can lock against for now? this is going to be an on-going pain point until the SC api is stable/compatibility-guaranteed.

I really don't want to add a "--service-catalog-image-tag" flag to oc cluster up.

@bparees
Copy link
Contributor

bparees commented Jul 17, 2017

/cc @derekwaynecarr

@jorgemoralespou
Copy link

jorgemoralespou commented Jul 18, 2017
edited
Loading

@bparees related to this: #15243 (comment)

I don't think adding flags should be the way forward when we have image tagging support on the registries. Even if in this case the images are not ours, we could use an ImageStream to abstract that.

@bparees
Copy link
Contributor

bparees commented Jul 18, 2017

Even if in this case the images are not ours, we could use an ImageStream to abstract that.

we could certainly define an imagestream within the service-catalog template and then define the deployments in terms of those (though it requires the new annotation-based imagestream references feature, since they are not DCs), but i don't really see what it buys us. We still need to pick a tag in the imagestream.

@jorgemoralespou
Copy link

It buys us that we can tag in out Imagestream the images as we want, hence avoiding the external image progression.

we can have openshift/k8s-service-catalog-apiserver:v3.6.0-rc.0 referencing quay.io/kubernetes-service-catalog/apiserver:canary or any other image. They can push any update to the tag and we would prevent origin to fetch a different image by not having the image stream pull-through configured. The image referenced in our Imagestream, which should be tested, will always be the image we fetch, no matter what changes to that external image and tag happen.

This adds a little boilerplate to release management, but I think it's one of the reasons we created Imagestreams for.

Other option, could be to mirror that image in dockerhub under one namespace we control, but that would prevent ease of development, I think.

@bparees
Copy link
Contributor

bparees commented Jul 18, 2017

@jorgemoralespou i think the scenario you're talking about sounds more like what OCP should do when deploying the SC, but not necessarily what oc cluster up needs to do right now. (It would be nice for oc cluster up to adopt whatever OCP does to deploy the SC in the future, unfortunately we had to blaze the trail within oc cluster up so we didn't have that option).

The image referenced in our Imagestream, which should be tested, will always be the image we fetch, no matter what changes to that external image and tag happen.

We're still going to pick up the latest version of the image tag on initial import, even with an iimagestream, so i'm not sure what you're saying here. Either we have a tag we can trust, or we don't. If we don't, we're potentially going to get broken no matter what we do unless we hardcode a sha reference.

Furthermore, the SC template is set to "pullifnotpresent", so if you have a particular SC image you want to use, you can pull it yourself and tag it as :canary locally. (And once you've pulled it once, it's never going to get replaced with something new/broken unless you remove that image or explicitly pull a new image).

So again, my main concern here is that the SC team provide us with a tag that we can make some compatibility guarantees around. Without that, the rest of this discussion is moot.

@jorgemoralespou
Copy link

@bparees of course if we can control how those images are tagged, that is a better option, but if not, as you say an imagestream with a tag to the sha256 of the image would guarantee that the remote image that is tested is the one shipped. Even with pullifnotpresent strategy this would work.

@bparees bparees mentioned this issue Jul 18, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pmorie pmorie

@bparees bparees

@derekwaynecarr derekwaynecarr

Labels
component/cluster-up kind/bug Categorizes issue or PR as related to a bug. priority/P2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

use openshift service catalog in cluster up bparees/origin
8 participants
@jorgemoralespou @pmorie @spadgett @jwforres @bparees @pweil- @csrwng @derekwaynecarr