Skip to content

[bug] Regression: OCIRepositories can no longer specify tag@digest  #1471

New issue
New issue
Closed
Closed
[bug] Regression: OCIRepositories can no longer specify tag@digest #1471
@maboehm

Description

@maboehm
maboehm
opened on May 3, 2024

After upgrading flux from v2.1.x to v2.2.x the source controller can no longer pull OCIRepositories that specify a tag and digest like:

spec:
  ref:
    tag: 6.6.2@sha256:6ca1d018a562caa81bfee3c56c41d255b085bbdb30da79e09849559680df8675

which produces this beautiful status error:

failed to determine artifact digest: GET https://github.com/-/v2/packages/container/package/stefanprodan%!F(MISSING)manifests%!F(MISSING)podinfo%!F(MISSING)manifests%!F(MISSING)6.6.2: unexpected status code 404 Not Found: Not Found

I tested this in a new kind cluster on a public registry to verify the change:

Example 
➜ kubectl apply -f https://github.com/fluxcd/flux2/releases/download/v2.1.2/install.yaml
namespace/flux-system created
...

➜ cat <<EOF | kubectl apply -f -
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
  name: podinfo
  namespace: default
spec:
  interval: 5m0s
  url: oci://ghcr.io/stefanprodan/manifests/podinfo
  ref:
    tag: 6.6.2@sha256:6ca1d018a562caa81bfee3c56c41d255b085bbdb30da79e09849559680df8675
EOF
ocirepository.source.toolkit.fluxcd.io/podinfo created

➜ kubectl get ocirepo -A
NAMESPACE   NAME      URL                                            READY   STATUS                                                                                                 AGE
default     podinfo   oci://ghcr.io/stefanprodan/manifests/podinfo   True    stored artifact for digest 'sha256:6ca1d018a562caa81bfee3c56c41d255b085bbdb30da79e09849559680df8675'   52s

➜ kubectl apply -f https://github.com/fluxcd/flux2/releases/download/v2.2.3/install.yaml
namespace/flux-system unchanged
resourcequota/critical-pods configured
...

➜ kubectl get ocirepo -A
NAMESPACE   NAME      URL                                            READY   STATUS                                                                                                                                                                                                                                                                            AGE
default     podinfo   oci://ghcr.io/stefanprodan/manifests/podinfo   False   failed to determine artifact digest: GET https://github.com/-/v2/packages/container/package/stefanprodan%!!(MISSING)F(MISSING)manifests%!!(MISSING)F(MISSING)podinfo%!!(MISSING)F(MISSING)manifests%!!(MISSING)F(MISSING)6.6.2: unexpected status code 404 Not Found: Not Found   116s

➜ cat <<EOF | kubectl apply -f -
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
  name: podinfo
  namespace: default
spec:
  interval: 5m0s
  url: oci://ghcr.io/stefanprodan/manifests/podinfo
  ref:
    tag: 6.6.2
EOF
ocirepository.source.toolkit.fluxcd.io/podinfo configured

➜ kubectl get ocirepo -A
NAMESPACE   NAME      URL                                            READY   STATUS                                                                                                       AGE
default     podinfo   oci://ghcr.io/stefanprodan/manifests/podinfo   True    stored artifact for digest '6.6.2@sha256:6ca1d018a562caa81bfee3c56c41d255b085bbdb30da79e09849559680df8675'   3m23s

The changelog did not indicate any intended change in that regard. This is probably a side effect of changing from crane to remote: #1244

Thanks for taking a look :)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions