Open leonklingele opened 1 year ago
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten /remove-lifecycle stale
/remove-lifecycle rotten
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten /remove-lifecycle stale
/remove-lifecycle rotten
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
/remove-lifecycle rotten
/remove-lifecycle stale
The "openshift-controller-manager" doesn't seem to respect cluster MirrorSet and pull secret configs.
Steps to reproduce:
ImageDigestMirrorSet
andImageTagMirrorSet
resource to prevent direct requests to "docker.io" and instead proxy them over a specified mirror. See the YAML definitions [0] and [1].This gets us to a rate-limit on docker.io rather quickly. We even tried to configure a cluster pull secret for docker.io, although this secret doesn't seem to be used for authenticating those specific requests.
The behavior of periodic pulls (or, more precisely, manifest fetches) has also been observed here by another user: https://serverfault.com/questions/1116219/openshift-docker-rate-limit-and-regular-pulls
The requests to docker.io are made due to the community samples operator adding several sample images from docker.io to the cluster (see the output of
oc get images | grep docker.io
). To stop those requests from occurring, the community samples operator needs to be disabled (viaoc patch OperatorHub/cluster --type=merge --patch='{"spec":{"sources":[{"name":"community-operators","disabled":true}]}}
) and all image references to docker.io removed (viaoc get images | grep docker.io | cut -d " " -f1 | xargs --verbose -I{} oc delete image "{}"
).[0]:
[1]: