Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHOAIENG-10827: feat(nbcs): update ose-oauth-proxy image digest reference from 4.8 to the latest 4.14 version #386

Merged
merged 2 commits into from
Sep 19, 2024
Merged

RHOAIENG-10827: feat(nbcs): update ose-oauth-proxy image digest reference from 4.8 to the latest 4.14 version #386

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
636ff62
RHOAIENG-10827: feat(nbcs): update ose-oauth-proxy image digest refer…
jiridanek Sep 18, 2024
1d2021f
fixup, reference manifest digest
jiridanek Sep 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion components/odh-notebook-controller/config/manager/manager.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ spec:
imagePullPolicy: Always
command:
- /manager
args: ["--oauth-proxy-image", "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:4bef31eb993feb6f1096b51b4876c65a6fb1f4401fee97fa4f4542b6b7c9bc46"]
args: ["--oauth-proxy-image", "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:105307b602ac74649f868e1ea0aab7b8621ea1ecfd58ceca669dcf32f538798e"]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm, how did you get this sha? 🤔 When I check the PR for the Dashboard opendatahub-io/odh-dashboard#3216, it uses the following sha:

4f8d66597feeb32bb18699326029f9a71a5aca4a57679d636b876377c2e95695

Also, when I tried to create an ImageStream on my OpenShift cluster, I can see following:

kind: ImageStreamTag
apiVersion: image.openshift.io/v1
metadata:
  name: 'example:v4.14'
  namespace: default
  uid: f41c7b88-c7e3-4e56-bc11-bc389053e033
  resourceVersion: '44113055'
  creationTimestamp: '2024-09-19T07:45:52Z'
tag:
  name: v4.14
  annotations: null
  from:
    kind: DockerImage
    name: 'registry.redhat.io/openshift4/ose-oauth-proxy:v4.14'
  generation: 2
  importPolicy:
    scheduled: true
    importMode: PreserveOriginal
  referencePolicy:
    type: Source
generation: 2
lookupPolicy:
  local: false
image:
  metadata:
    name: 'sha256:4f8d66597feeb32bb18699326029f9a71a5aca4a57679d636b876377c2e95695'
    uid: bcfc4de2-b22b-49fb-9d1e-c2d65ddb4201
    resourceVersion: '44113054'
    creationTimestamp: '2024-09-19T07:45:52Z'
  dockerImageReference: 'registry.redhat.io/openshift4/ose-oauth-proxy@sha256:4f8d66597feeb32bb18699326029f9a71a5aca4a57679d636b876377c2e95695'
  dockerImageMetadata:
    kind: DockerImage
    apiVersion: image.openshift.io/1.0
    Id: 'sha256:4f8d66597feeb32bb18699326029f9a71a5aca4a57679d636b876377c2e95695'
    Created: '2024-09-19T07:45:50Z'
    ContainerConfig: {}
  dockerImageMetadataVersion: '1.0'
  dockerImageManifestMediaType: application/vnd.docker.distribution.manifest.list.v2+json
  dockerImageManifests:
    - digest: 'sha256:105307b602ac74649f868e1ea0aab7b8621ea1ecfd58ceca669dcf32f538798e'
      mediaType: application/vnd.docker.distribution.manifest.v2+json
      manifestSize: 760
      architecture: amd64
      os: linux
    - digest: 'sha256:c55ea5f29f59eccbb57d5606d84ab53d9987b0226e1e93d76aefa22bc2b82d0b'
      mediaType: application/vnd.docker.distribution.manifest.v2+json
      manifestSize: 760
      architecture: arm64
      os: linux
    - digest: 'sha256:0eb617ef510f990b11a3144077bda3bc96bdd2a9fd19bff9d1f3d11cab243c79'
      mediaType: application/vnd.docker.distribution.manifest.v2+json
      manifestSize: 760
      architecture: ppc64le
      os: linux
    - digest: 'sha256:1cff8c85d0befc48805d4339913fd0e7f02896c1c0ad313e3e4ec2e001ccecb9'
      mediaType: application/vnd.docker.distribution.manifest.v2+json
      manifestSize: 760
      architecture: s390x
      os: linux

My guess is you used some manifests sha instead? Or am I missing something? 🤔

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I used image sha, what dashboard pr uses is manifests sha.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://catalog.redhat.com/software/containers/openshift4/ose-oauth-proxy/5cdb2133bed8bd5717d5ae64?image=66cefc14401df6ff4664ec43&architecture=amd64&container-tabs=gti

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Jiri, eventually they changed it to platform agnostic opendatahub-io/odh-dashboard@6d95c02 and use back the manifest digest

Copy link

@shalberd shalberd Sep 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

correct. For a given tag, like v4.14, the digest changes every now and then, I think there is a stream kind of regular build process behind it.
Platform agnostic is what "manifest list digest" refers to
Google cloud docs explain it like this:
"The optional image index, sometimes referred to as the manifest list, refers to one or more image manifests. The reference is the digest of the image manifest. An image index is useful when you produce multiple related images for different platforms, such as amd64 and arm64 architectures."
Using manifest list digest is a good idea, nice to see the dashboard folks are using that one, too.
I always use manifest list digests and basically let the build and pull infrastructure pick the right architecture from the list in the manifest, either implicitly or with an architecture argument in podman or docker.

Screenshot 2024-09-19 at 11 07 22 Screenshot 2024-09-19 at 11 07 34

Currently, the manifest list digest from the build 8 days ago is
sha256:4f8d66597feeb32bb18699326029f9a71a5aca4a57679d636b876377c2e95695

securityContext:
allowPrivilegeEscalation: false
ports:
Expand Down
6 changes: 3 additions & 3 deletions components/odh-notebook-controller/controllers/notebook_oauth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,10 @@ import (
const (
OAuthServicePort = 443
OAuthServicePortName = "oauth-proxy"
// OAuthProxyImage uses sha256 manifest list digest value of v4.8 image for AMD64 as default to be compatible with imagePullPolicy: IfNotPresent, overridable
// taken from https://catalog.redhat.com/software/containers/openshift4/ose-oauth-proxy/5cdb2133bed8bd5717d5ae64?image=6306f12280cc9b3291272668&architecture=amd64&container-tabs=overview
// OAuthProxyImage uses sha256 manifest list digest value of v4.14 image for AMD64 as default to be compatible with imagePullPolicy: IfNotPresent, overridable
// taken from https://catalog.redhat.com/software/containers/openshift4/ose-oauth-proxy/5cdb2133bed8bd5717d5ae64?image=66cefc14401df6ff4664ec43&architecture=amd64&container-tabs=overview
// and kept in sync with the manifests here and in ClusterServiceVersion metadata of opendatahub operator
OAuthProxyImage = "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:4bef31eb993feb6f1096b51b4876c65a6fb1f4401fee97fa4f4542b6b7c9bc46"
OAuthProxyImage = "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:105307b602ac74649f868e1ea0aab7b8621ea1ecfd58ceca669dcf32f538798e"
)

type OAuthConfig struct {
Expand Down