Skip to content

fix: update ose-cli image version #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
minmzzhang merged 2 commits into from
Mar 24, 2026
Merged

fix: update ose-cli image version #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0543671
fix: update ose-cli image version
minmzzhang Mar 23, 2026
ba621c1
refactor: use OpenShift built-in cli ImageStream instead of ose-cli
minmzzhang Mar 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/linters/.checkov.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ skip-check:
- CKV_K8S_38
# CKV_K8S_40: Job uses OpenShift namespace default UID (high UID assigned at runtime, no anyuid needed)
- CKV_K8S_40
# CKV_K8S_14: ImageStream tag tracks the cluster version; no fixed tag by design
- CKV_K8S_14
# CKV_K8S_43: Image digest; chart uses tag, digest is deployment-specific
- CKV_K8S_43
# CKV_SECRET_6: False positives - templates use placeholders, script refs to cluster secrets only
Expand Down
2 changes: 1 addition & 1 deletion .trivyignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# AVD-KSV-0125: registry.redhat.io trusted; S3 job uses ose-cli from Red Hat
# AVD-KSV-0125: S3 job uses OpenShift built-in cli ImageStream (cluster-internal registry)
AVD-KSV-0125
# AVD-KSV-0113: S3 setup Role intentionally needs secret get/create/patch for quay config bundle
AVD-KSV-0113
Expand Down
2 changes: 1 addition & 1 deletion Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: quay
description: Red Hat Quay Registry Resources
type: application
version: 0.1.1
version: 0.1.2
appVersion: "3.9"
home: https://github.com/validatedpatterns/quay-chart
maintainers:
Expand Down
46 changes: 23 additions & 23 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

<!-- markdownlint-disable MD013 -->

![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.9](https://img.shields.io/badge/AppVersion-3.9-informational?style=flat-square)
![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.9](https://img.shields.io/badge/AppVersion-3.9-informational?style=flat-square)

<!-- markdownlint-enable MD013 -->

Expand All @@ -28,28 +28,28 @@ This chart is used to serve as the template for Validated Patterns Charts

## Values

| Key | Type | Default | Description |
| -------------------------------------------- | ------ | ---------------------------------------------- | ----------- |
| job.image | string | `"registry.redhat.io/openshift4/ose-cli:4.15"` | |
| job.resources.limits.cpu | string | `"500m"` | |
| job.resources.limits.memory | string | `"256Mi"` | |
| job.resources.requests.cpu | string | `"50m"` | |
| job.resources.requests.memory | string | `"128Mi"` | |
| objectStorage.objectBucketClaim.bucketName | string | `"quay-datastore"` | |
| objectStorage.objectBucketClaim.name | string | `"quay-bucket"` | |
| objectStorage.objectBucketClaim.storageClass | string | `"openshift-storage.noobaa.io"` | |
| quay.configBundleSecret.deploy | bool | `true` | |
| quay.configBundleSecret.name | string | `"quay-init-config-bundle-secret"` | |
| quay.namespace | string | `"quay-enterprise"` | |
| quay.setup.admin.email | string | `"quayadmin@example.com"` | |
| quay.setup.admin.name | string | `"quayadmin"` | |
| quay.setup.user.email | string | `"developer1@myorg.com"` | |
| quay.setup.user.name | string | `"developer1"` | |
| quay.storage.clairpostgres.size | string | `"50Gi"` | |
| quay.storage.postgres.size | string | `"50Gi"` | |
| quay_config.org.email | string | `"devel@myorg.com"` | |
| quay_config.org.name | string | `"devel"` | |
| quay_config.repo | string | `"example"` | |
| Key | Type | Default | Description |
| -------------------------------------------- | ------ | ------------------------------------------------------------------ | ----------- |
| job.image | string | `"image-registry.openshift-image-registry.svc:5000/openshift/cli"` | |
| job.resources.limits.cpu | string | `"500m"` | |
| job.resources.limits.memory | string | `"256Mi"` | |
| job.resources.requests.cpu | string | `"50m"` | |
| job.resources.requests.memory | string | `"128Mi"` | |
| objectStorage.objectBucketClaim.bucketName | string | `"quay-datastore"` | |
| objectStorage.objectBucketClaim.name | string | `"quay-bucket"` | |
| objectStorage.objectBucketClaim.storageClass | string | `"openshift-storage.noobaa.io"` | |
| quay.configBundleSecret.deploy | bool | `true` | |
| quay.configBundleSecret.name | string | `"quay-init-config-bundle-secret"` | |
| quay.namespace | string | `"quay-enterprise"` | |
| quay.setup.admin.email | string | `"quayadmin@example.com"` | |
| quay.setup.admin.name | string | `"quayadmin"` | |
| quay.setup.user.email | string | `"developer1@myorg.com"` | |
| quay.setup.user.name | string | `"developer1"` | |
| quay.storage.clairpostgres.size | string | `"50Gi"` | |
| quay.storage.postgres.size | string | `"50Gi"` | |
| quay_config.org.email | string | `"devel@myorg.com"` | |
| quay_config.org.name | string | `"devel"` | |
| quay_config.repo | string | `"example"` | |

<!-- markdownlint-enable MD013 MD034 MD060 -->

Expand Down
2 changes: 1 addition & 1 deletion templates/quay-s3-credentials-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ spec:
automountServiceAccountToken: true
containers:
- name: setup-s3-credentials
image: {{ .Values.job.image | default "registry.redhat.io/openshift4/ose-cli:4.15" }}
image: {{ .Values.job.image | default "image-registry.openshift-image-registry.svc:5000/openshift/cli" }}
imagePullPolicy: Always
securityContext:
allowPrivilegeEscalation: false
Expand Down
6 changes: 4 additions & 2 deletions values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,10 @@ quay:
size: 50Gi # Default and minimum size is 50 Gi

job:
# Use a version tag; avoid :latest for production (CKV_K8S_14)
image: registry.redhat.io/openshift4/ose-cli:4.15
# Uses OpenShift built-in cli ImageStream; auto-updates with the cluster
# Override with e.g. registry.redhat.io/openshift4/ose-cli-rhel9:v4.20
# if the internal image registry is not available
image: image-registry.openshift-image-registry.svc:5000/openshift/cli
resources:
requests:
cpu: 50m
Expand Down
Loading