Playing around with the Openshift-Sandbox I stuck in a (somehow) trivial problem. I build an image with a build-configuration and push it to ImageStreamTag:
(buildconfig)
(....)
spec:
nodeSelector: null
output:
to:
kind: ImageStreamTag
name: 'goedel-db-connector:latest'
(....)
This works fine and the Image seems to be there
oc get is/goedel-db-connector
NAME IMAGE REPOSITORY TAGS UPDATED
goedel-db-connector default-route-openshift-image-registry.apps.sandbox-m3.1530.p1.openshiftapps.com/gratinierer-dev/goedel-db-connector latest 2 minutes ago
As noted here my Imagestream should be correct
apiVersion: image.openshift.io/v1
metadata:
name: goedel-db-connector
namespace: gratinierer-dev
uid: 9e735a9e-3311-4fbf-8d14-cb491b5f8ee7
resourceVersion: '1384476123'
generation: 2
creationTimestamp: '2023-10-10T05:47:01Z'
spec:
lookupPolicy:
local: true
status:
dockerImageRepository: >-
image-registry.openshift-image-registry.svc:5000/gratinierer-dev/goedel-db-connector
publicDockerImageRepository: >-
default-route-openshift-image-registry.apps.sandbox-m3.1530.p1.openshiftapps.com/gratinierer-dev/goedel-db-connector
tags:
- tag: latest
items:
- created: '2023-10-10T05:47:01Z'
dockerImageReference: >-
image-registry.openshift-image-registry.svc:5000/gratinierer-dev/goedel-db-connector@sha256:44adfeb631dc0a9c23a7c44f28224ecb62294de695c61e7e8a9d8b5d21d5d5ce
image: >-
sha256:44adfeb631dc0a9c23a7c44f28224ecb62294de695c61e7e8a9d8b5d21d5d5ce
generation: 1
from that point I would expect, that a Service/Deployment with goedel-db-connector:latest should work. But it fails, whatever I try:
spec:
containerConcurrency: 0
containers:
- image: 'goedel-db-connector:latest'
name: goedel-db-connector
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
successThreshold: 1
tcpSocket:
port: 0
resources: {}
enableServiceLinks: false
timeoutSeconds: 300
status:
conditions:
- lastTransitionTime: '2023-10-10T05:48:47Z'
message: >-
Unable to fetch image "goedel-db-connector:latest": failed to resolve
image to digest: HEAD
https://index.docker.io/v2/library/goedel-db-connector/manifests/latest:
unexpected status code 401 Unauthorized (HEAD responses have no body,
use GET for details)
reason: ContainerMissing
status: 'False'
type: ContainerHealthy
- lastTransitionTime: '2023-10-10T05:48:47Z'
message: >-
Unable to fetch image "goedel-db-connector:latest": failed to resolve
image to digest: HEAD
https://index.docker.io/v2/library/goedel-db-connector/manifests/latest:
unexpected status code 401 Unauthorized (HEAD responses have no body,
use GET for details)
reason: ContainerMissing
status: 'False'
type: Ready
- lastTransitionTime: '2023-10-10T05:48:47Z'
reason: ResolvingDigests
status: Unknown
type: ResourcesAvailable
observedGeneration: 1
I can make it work, if I paste the full-path for image.
image: >-
default-route-openshift-image-registry.apps.sandbox-m3.1530.p1.openshiftapps.com/gratinierer-dev/goedel-db-connector@sha256:44adfeb631dc0a9c23a7c44f28224ecb62294de695c61e7e8a9d8b5d21d5d5ce
In this case the deployment runs fine, so the image is there and ready. but this should no be a desired solution in my eyes.
do I have a general misunderstanding of the concept?
ImageStream is a resource for OpenShift. So if you want to use the imagestream in a Kubernetes Resource, you need to set image lookup policy*1 for your resources.
e.g.
Here are some notes.
defaultnamespace, nor in anyopenshift-orkube-namespace.There are two ways to enable image lookup policy in OpenShift. First, you can enable image lookup policy for a image stream. It means, all resources can reference the imagestream.
Second, you can enable image lookup policy for a specific resource like a deployment. It means, only the resource can refer image streams.
*1: https://docs.openshift.com/container-platform/4.13/openshift_images/using-imagestreams-with-kube-resources.html