Skip to content

[openshift_setup] pre-pull RBAC proxy images on master nodes#3986

Open
dsariel wants to merge 1 commit into
openstack-k8s-operators:mainfrom
dsariel:pre-pull-rbac
Open

[openshift_setup] pre-pull RBAC proxy images on master nodes#3986
dsariel wants to merge 1 commit into
openstack-k8s-operators:mainfrom
dsariel:pre-pull-rbac

Conversation

@dsariel
Copy link
Copy Markdown
Contributor

@dsariel dsariel commented Jun 8, 2026
edited by openshift-ci Bot
Loading

When digest mirrors are configured, optionally pre-pull any RBAC proxy images found in the mirror list on all master nodes. This avoids pull failures at workload deployment time when the cluster cannot reach the original registry directly.

The feature is controlled by cifmw_openshift_setup_prepull_rbac_images (default: true) and is skipped when no digest mirrors are defined or when no mirrors match the RBAC proxy image pattern.

Each image is pulled via oc debug node using the node's existing kubelet auth credentials. Failures are non-fatal and a summary of successful pulls is logged at the end.

Signed-off-by: David Sariel dsariel@redhat.com

ANVIL-142

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Jun 8, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign eshulman2 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@dsariel
[openshift_setup] pre-pull RBAC proxy images on master nodes
681391f 
When digest mirrors are configured, optionally pre-pull any RBAC proxy
images found in the mirror list on all master nodes. This avoids pull
failures at workload deployment time when the cluster cannot reach the
original registry directly.

The feature is controlled by cifmw_openshift_setup_prepull_rbac_images
(default: true) and is skipped when no digest mirrors are defined or
when no mirrors match the RBAC proxy image pattern.

Each image is pulled via `oc debug node` using the node's existing
kubelet auth credentials. Failures are non-fatal and a summary of
successful pulls is logged at the end.

Signed-off-by: David Sariel <dsariel@redhat.com>

ANVIL-142
@centosinfra-prod-github-app
Copy link
Copy Markdown

centosinfra-prod-github-app Bot commented Jun 8, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/438c4194f81342ccb723d5385456c93a

✔️ openstack-k8s-operators-content-provider SUCCESS in 3h 28m 21s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 26m 57s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 38m 45s
cifmw-crc-podified-edpm-baremetal-minor-update FAILURE in 2h 14m 29s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 35s
adoption-standalone-to-crc-ceph-provider POST_FAILURE in 3h 13m 22s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 41s
✔️ cifmw-pod-pre-commit SUCCESS in 8m 11s
cifmw-molecule-openshift_setup TIMED_OUT in 31m 07s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dsariel