opendevstack
oauth-proxy sidecar image update
Describe the bug
Current ODS quickstarters that make use of the openshift oauth-proxy sidecar container are working with the image openshift/oauth-proxy:latest (check it here), and that is no longer working as expected.
RedHat catalogue provides image registry.redhat.io/openshift4/ose-oauth-proxy:latest, which is the right/maintained one (see catalogue)
To Reproduce Steps to reproduce the behavior:
- Provision jupyter or r-shiny
- When running on new OCP4 clusters it does not work
Expected behavior The OpenShift OAuth Proxy shall work.
Affected version (please complete the following information):
- OpenShift: >3.9
- OpenDevStack: 4, master
This might break the RM since the image is not owned by ODS nor in the openshift namespace. The solution might be required to be managed via PaaS team (which implies defining a life cycle for this image and get latest regularly).
FYI @braisvq1996 @metmajer
ok, thanks from the tests from @braisvq1996 we confirm we require the image to be in the cluster, hence the PRs will change in a more "cluster management" docs way.
basically, we need a cluster admin from now on to make sure (when installing an ODS in a cluster) to run:
oc -n openshift tag registry.redhat.io/openshift4/ose-oauth-proxy:latest ose-oauth-proxy:latest --scheduled
and, to reference that in the deployments as:
kind: ImageStreamTag
name: 'ose-oauth-proxy:latest'
namespace: openshift
@braisvq1996 and me plan to test adding the sidecar image in the foo-cd namespace at provisioning time, will come back with results next week
We can take the same approach as mono-repo Quickstarter, having 1 pod with 2 containers.
- We will aling Data-Science Quickstarters to use sidecar containers.
- Create a BC resoures for the Oauth component in order to build it in each project (as if we just pull it from registry in case the image has any issue or vulnerability we cannot make any change as it comes directly from any vendor) and support release process.