On Thu, Jun 11, 2020 at 1:24 PM Marcello Lorenzi wrote:
> Hi All,
> we use Helm 2.x to create new deployment configs on OKD 3.10 cluster and
> we configure the image stream tag to deploy a new application pointing to a
> specific tag. The template used for a deploy is reported below as example:
>
> # Source: ocp-generic/templates/04_service.yaml
> apiVersion: v1
> kind: Service
> metadata:
> name: "test-api-dev"
> namespace: "ocp-dev"
> labels:
> application: "test-api-dev"
> spec:
> ports:
>- name: "http"
> port: 8080
> targetPort: 8080
> protocol: "TCP"
>- name: "https"
> port: 443
> targetPort: 443
> protocol: "TCP"
> selector:
> deploymentconfig: "test-api-dev"
> sessionAffinity: None
> type: ClusterIP
> ---
> # Source: ocp-generic/templates/03_deploymentconfig.yaml
> apiVersion: apps.openshift.io/v1
> kind: DeploymentConfig
> metadata:
> name: "test-api-dev"
> namespace: "ocp-dev"
> labels:
> application: "test-api-dev"
> spec:
> replicas: 1
> selector:
> deploymentConfig: "test-api-dev"
> strategy:
> type: Rolling
> rollingParams:
> updatePeriodSeconds: 1
> intervalSeconds: 1
> timeoutSeconds: 180
> triggers:
>- type: ConfigChange
>- type: ImageChange
> imageChangeParams:
>automatic: false
>containerNames:
> - "test-api-dev"
>from:
> kind: ImageStreamTag
> name: "test-api:latest"
> namespace: "ocp-dev"
> template:
> metadata:
> labels:
> deploymentConfig: "test-api-dev"
> application: "test-api-dev"
> date: "1591894524"
> spec:
> dnsPolicy: ClusterFirst
> restartPolicy: Always
> hostAliases:
> securityContext: {}
> terminationGracePeriodSeconds: 60
> terminationMessagePath: /dev/termination-log
> containers:
>- name: "test-api-dev"
> image: "docker-registry.default.svc:5000/ocp-dev/test-api:latest"
> imagePullPolicy: Always
> ports:
> - containerPort: 8080
> protocol: "TCP"
> - containerPort: 443
> protocol: "TCP"
> env:
> - name: "SYSLOG_LOGLEVEL"
> value: "DEBUG"
> readinessProbe:
> initialDelaySeconds: 20
> timeoutSeconds: 5
> periodSeconds: 30
> httpGet:
> path: /actuator/health
> port: 8080
> scheme: HTTP
> ---
> # Source: ocp-generic/templates/02_imagestream.yaml
> kind: ImageStream
> apiVersion: image.openshift.io/v1
> metadata:
> name: "test-api"
> namespace: "ocp-dev"
> labels:
> application: "test-api-dev"
> spec:
> dockerImageRepository:
> "docker-registry.default.svc:5000/ocp-dev/test-api"
> tags:
> - name: "latest"
> ---
> # Source: ocp-generic/templates/05_route.yaml
> apiVersion: route.openshift.io/v1
> kind: Route
> metadata:
> name: "test-api-dev"
> namespace: "ocp-dev"
> labels:
> application: "test-api-dev"
> spec:
> host: "test-api-dev.test.local"
> port:
> targetPort: "http"
> path: "/"
> tls:
> termination: edge
> insecureEdgeTerminationPolicy: Redirect
> certificate: |-
>
> key: |-
>
> caCertificate: |-
>
> destinationCACertificate: |-
>
> to:
> kind: Service
> name: "test-api-dev"
> weight: 100
> wildcardPolicy: None
>
> After the first deploy we noticed that the configuration of deployments
> config reports the image parameter under container section with the sha256
> value and not the image tag value.
>
Correct, that's what imagestreamtag reference resolution does: it gives
you an immutable sha reference based on where the imagestreamtag was
pointing at the time you referenced it (in this case, at the time the
deploymentconfig was created).
We also noticed that the configuration reports the lastTriggerImage
> parameter with the same value. If we tried to release a new DC the
> configuration points to the first shs256 and not the new one.
>
what do you mean "release a new DC"? Do you mean publish a new image?
If you publish a new image, you need to refresh the imagestreamtag, which
will cause it to import the new image SHA, which in turn will trigger your
deploymentconfig to redeploy with the new image.
you can use "oc import-image" to force the imagestreamtag to be refreshed,
or you can setup scheduled imports on your imagestream.
> If we remove manually from the DC YAML config the lastTriggerImage param
> and we override the image sha256 tag with the image stream tag the
> deployment work fine and doesn't change the config.
>
> Is it a normal behavior? Is it possible to avoid this config with the
> sha256?
>
if you don't want this behavior, remove the imagechangetrigger from your
deploymentconfig.
>
> Thanks a lot in advance,
> Marcello
> ___
> users mailing list
> users@lists.opensh