fix: update container images to use quay.io for consistency and security #2069
Conversation
Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
WalkthroughThis PR updates container image references across multiple test sample application YAML files. Changes include replacing alpine, mongo, curl, and nginx images with versions sourced from alternative registries (quay.io/migtools, registry.access.redhat.com). No logic or behavioral changes; only image references updated. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~5 minutes Comment |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kaovilai The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
There was a problem hiding this comment.
Pull request overview
This PR updates container images in e2e test sample applications to use more consistent and secure registry sources. The changes migrate away from Docker Hub (docker.io) and unspecified registries to either quay.io/migtools or Red Hat's registry.access.redhat.com.
Changes:
- Replaced
docker.io/curlimages/curl:8.5.0withregistry.access.redhat.com/ubi8/ubi:latestfor utility containers - Replaced
docker.io/library/mongo:7.0withquay.io/migtools/mongo:7.0.28for MongoDB instances - Replaced unversioned
alpineandbitnamisecure/nginximages withquay.io/migtools/alpine:latestandquay.io/migtools/nginx:latest
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/e2e/sample-applications/virtual-machines/fedora-todolist/fedora-todolist.yaml | Updated curl utility and init container images to use UBI8 |
| tests/e2e/sample-applications/parks-app/manifest.yaml | Updated MongoDB images to use quay.io/migtools with specific version |
| tests/e2e/sample-applications/nginx/nginx-deployment.yaml | Updated nginx image to use quay.io/migtools |
| tests/e2e/sample-applications/mysql-persistent/mysql-persistent.yaml | Updated curl utility and init container images to use UBI8 |
| tests/e2e/sample-applications/mysql-persistent/mysql-persistent-twovol-csi.yaml | Updated curl utility and init container images to use UBI8 |
| tests/e2e/sample-applications/mysql-persistent/mysql-persistent-csi.yaml | Updated curl utility and init container images to use UBI8 |
| tests/e2e/sample-applications/mongo-persistent/mongo-persistent.yaml | Updated MongoDB and curl utility images |
| tests/e2e/sample-applications/mongo-persistent/mongo-persistent-csi.yaml | Updated MongoDB and curl utility images |
| tests/e2e/sample-applications/mongo-persistent/mongo-persistent-block.yaml | Updated MongoDB and curl utility images |
| tests/e2e/sample-applications/minimal-8csivol/minimal-8csivol.yaml | Updated alpine image to use quay.io/migtools |
| tests/e2e/sample-applications/minimal-8csivol/minimal-3csivol.yaml | Updated alpine image to use quay.io/migtools |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - image: docker.io/curlimages/curl:8.5.0 | ||
| - image: registry.access.redhat.com/ubi8/ubi:latest | ||
| name: curl-tool | ||
| command: ["/bin/sleep", "infinity"] |
There was a problem hiding this comment.
The UBI8 base image (registry.access.redhat.com/ubi8/ubi:latest) does not include curl by default, which is required by the e2e test code that executes curl commands in the curl-tool container. The container name suggests it should have curl functionality. Consider using registry.access.redhat.com/ubi8/ubi-minimal:latest with curl installed, or ensure curl is installed at runtime.
| command: ["/bin/sleep", "infinity"] | |
| command: | |
| - /bin/sh | |
| - -c | |
| - | | |
| set -e | |
| if ! command -v curl >/dev/null 2>&1; then | |
| microdnf install -y curl && microdnf clean all | |
| fi | |
| exec /bin/sleep infinity |
| - name: init-myservice | ||
| image: docker.io/curlimages/curl:8.5.0 | ||
| image: registry.access.redhat.com/ubi8/ubi:latest | ||
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] |
There was a problem hiding this comment.
The init container command uses curl but the UBI8 base image does not include curl by default. This will cause the init container to fail. Either install curl in the init container or use a different connectivity check method like /usr/bin/nc (which is available in UBI8) instead of curl.
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] | |
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until /usr/bin/nc -z -w2 mongo 27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] |
| - name: init-myservice | ||
| image: docker.io/curlimages/curl:8.5.0 | ||
| image: registry.access.redhat.com/ubi8/ubi:latest | ||
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] |
There was a problem hiding this comment.
The init container command uses curl but the UBI8 base image does not include curl by default. This will cause the init container to fail. Either install curl in the init container or use a different connectivity check method like /usr/bin/nc (which is available in UBI8) instead of curl.
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] | |
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until /usr/bin/nc -z -w2 mongo 27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] |
| - name: init-myservice | ||
| image: docker.io/curlimages/curl:8.5.0 | ||
| image: registry.access.redhat.com/ubi8/ubi:latest | ||
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] |
There was a problem hiding this comment.
The init container command uses curl but the UBI8 base image does not include curl by default. This will cause the init container to fail. Either install curl in the init container or use a different connectivity check method like /usr/bin/nc (which is available in UBI8) instead of curl.
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] | |
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until /usr/bin/nc -z -w2 mongo 27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] |
weshayutin
left a comment
weshayutin
left a comment
There was a problem hiding this comment.
THANK YOU!! Should be interesting to see these results sir :)
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 8
🤖 Fix all issues with AI agents
In `@tests/e2e/sample-applications/mongo-persistent/mongo-persistent-block.yaml`:
- Around line 239-240: The init container uses curl but the chosen base image
(image: registry.access.redhat.com/ubi8/ubi:latest) does not include curl,
causing the init command (command: ['sh', '-c', 'sleep 30; ... curl -s
--connect-timeout 2 mongo:27017 ...']) to fail; fix by either switching the init
container image to one that includes curl (or to an image where you can install
curl) or replace the curl-based connectivity check with a shell-native probe
(e.g., using bash /dev/tcp or netcat) inside the same init container command so
the port check succeeds on the UBI8 image.
In `@tests/e2e/sample-applications/mongo-persistent/mongo-persistent-csi.yaml`:
- Around line 196-197: The init container uses curl in the command string while
the base image "registry.access.redhat.com/ubi8/ubi:latest" does not include
curl, causing a "command not found" failure; fix by either switching the image
to one that contains curl (or installing curl into the image), or replace the
curl check in the command (the long command starting with 'sleep 30;
max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 ...')
with a shell-native connectivity test such as bash /dev/tcp (or nc) so the
readiness loop works without curl. Ensure the chosen approach updates the image
line ("image: registry.access.redhat.com/ubi8/ubi:latest") or modifies the
command string accordingly.
In `@tests/e2e/sample-applications/mongo-persistent/mongo-persistent.yaml`:
- Around line 209-210: The init container command uses curl but the image
registry.access.redhat.com/ubi8/ubi:latest does not include curl; update the
init container command (the command field in this manifest) to either install
curl (e.g., use microdnf to install curl before running the loop) or,
preferably, replace the curl check with a POSIX/bash TCP check using /dev/tcp
(e.g., use sh -c with a loop that tests </dev/tcp/host/port> or uses bash -c
'>/dev/tcp/mongo/27017' and checks the exit status) so the readiness loop in the
command string works without adding packages. Ensure you modify the command
string referenced in the diff accordingly (the command array that starts with
'sh', '-c', 'sleep 30; ...').
In `@tests/e2e/sample-applications/mysql-persistent/mysql-persistent-csi.yaml`:
- Around line 228-230: The init container "init-myservice" uses /usr/bin/nc
which is not present in the registry.access.redhat.com/ubi8/ubi:latest image;
update the init container command so nc is available by either installing the
nmap-ncat package at startup (e.g., run microdnf/apt install nmap-ncat before
using /usr/bin/nc) or switch the image to one that contains nc (or change the
probe to use a built-in tool like bash+>/dev/tcp or curl); ensure the change is
applied to the init container definition (name: init-myservice) and that the
readiness loop still exits with the same retry logic and exit codes.
In
`@tests/e2e/sample-applications/mysql-persistent/mysql-persistent-twovol-csi.yaml`:
- Around line 226-228: The init container "init-myservice" uses /usr/bin/nc
which is not present in the registry.access.redhat.com/ubi8/ubi:latest image;
update the init container command for "init-myservice" to either install netcat
before the connectivity loop (e.g., run dnf install -y nmap-ncat then proceed)
or replace the nc check with a shell-native check using /dev/tcp/mysql/3306 in
the command string so the readiness loop can run successfully without relying on
an external binary.
- Around line 150-152: The UBI8 image used for the curl-tool container and the
init-myservice startup relies on missing tooling (curl and nc); update the
manifest so the container image provides those binaries: either switch the
curl-tool and init container images to a distro image that includes curl and
netcat, or build/use a custom image that installs curl and nmap-ncat (e.g., via
yum install -y curl nmap-ncat) and reference that image in the container spec;
also verify the init-myservice startup command uses the correct nc path present
in the chosen image.
In `@tests/e2e/sample-applications/mysql-persistent/mysql-persistent.yaml`:
- Around line 240-243: The initContainer block (initContainers -> name:
init-myservice) currently calls /usr/bin/nc which isn't present in the ubi8/ubi
image; replace that dependency by changing the readiness check to a bash-native
TCP probe (use /bin/bash -c with a redirection test like echo >
/dev/tcp/mysql/3306 in the existing command loop) or switch the container image
to one that includes netcat (e.g., an image like ubi8/ubi-init) and update the
command accordingly so the initContainer no longer fails with "command not
found".
In
`@tests/e2e/sample-applications/virtual-machines/fedora-todolist/fedora-todolist.yaml`:
- Line 143: The UBI8 base image used for the containers (image:
registry.access.redhat.com/ubi8/ubi:latest) doesn't include netcat/curl, causing
the init container named init-myservice (which calls /usr/bin/nc) and the
curl-tool container to fail; fix by modifying the container spec(s) that
reference that image (init-myservice and curl-tool) to either use a different
image that bundles nc/curl or add a startup command that installs the missing
tools (e.g., run microdnf install -y nc curl or the appropriate package names
before using /usr/bin/nc or curl), ensuring the init container's wait command
and the curl-tool container can find the binaries.
🧹 Nitpick comments (2)
tests/e2e/sample-applications/minimal-8csivol/minimal-8csivol.yaml (1)
40-40: This is a sample test application; using:latesttag here is acceptable. If stricter reproducibility is required, consider pinning to a specific version or digest (e.g.,quay.io/migtools/alpine:3.18), but this is optional for test samples.tests/e2e/sample-applications/mongo-persistent/mongo-persistent-block.yaml (1)
168-170: Container name "curl-tool" is misleading without curl installed.The UBI8 base image doesn't include
curlby default. Since this container only runssleep infinity, it won't fail at runtime, but the name "curl-tool" suggests curl should be available for debugging purposes. Consider either:
- Using
registry.access.redhat.com/ubi8/ubi-minimalwith curl installed, or- Renaming the container to reflect its actual purpose (e.g.,
debug-shell)
📜 Review details
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting
📒 Files selected for processing (11)
tests/e2e/sample-applications/minimal-8csivol/minimal-3csivol.yamltests/e2e/sample-applications/minimal-8csivol/minimal-8csivol.yamltests/e2e/sample-applications/mongo-persistent/mongo-persistent-block.yamltests/e2e/sample-applications/mongo-persistent/mongo-persistent-csi.yamltests/e2e/sample-applications/mongo-persistent/mongo-persistent.yamltests/e2e/sample-applications/mysql-persistent/mysql-persistent-csi.yamltests/e2e/sample-applications/mysql-persistent/mysql-persistent-twovol-csi.yamltests/e2e/sample-applications/mysql-persistent/mysql-persistent.yamltests/e2e/sample-applications/nginx/nginx-deployment.yamltests/e2e/sample-applications/parks-app/manifest.yamltests/e2e/sample-applications/virtual-machines/fedora-todolist/fedora-todolist.yaml
🧰 Additional context used
📓 Path-based instructions (1)
**
⚙️ CodeRabbit configuration file
-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.
Files:
tests/e2e/sample-applications/virtual-machines/fedora-todolist/fedora-todolist.yamltests/e2e/sample-applications/mongo-persistent/mongo-persistent-block.yamltests/e2e/sample-applications/minimal-8csivol/minimal-3csivol.yamltests/e2e/sample-applications/mysql-persistent/mysql-persistent-csi.yamltests/e2e/sample-applications/minimal-8csivol/minimal-8csivol.yamltests/e2e/sample-applications/mongo-persistent/mongo-persistent.yamltests/e2e/sample-applications/nginx/nginx-deployment.yamltests/e2e/sample-applications/parks-app/manifest.yamltests/e2e/sample-applications/mysql-persistent/mysql-persistent-twovol-csi.yamltests/e2e/sample-applications/mongo-persistent/mongo-persistent-csi.yamltests/e2e/sample-applications/mysql-persistent/mysql-persistent.yaml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Agent
🔇 Additional comments (11)
tests/e2e/sample-applications/minimal-8csivol/minimal-3csivol.yaml (1)
56-56: Image migration to quay.io is appropriate.The change from Docker Hub's
alpinetoquay.io/migtools/alpine:latestaligns with the PR's goal of using a controlled registry for consistency and security. The image exists and is properly maintained.tests/e2e/sample-applications/nginx/nginx-deployment.yaml (1)
40-40: Consider pinning the image tag for test determinism, but note this pattern is used consistently across all test fixtures in the suite. Using:latestcan cause e2e test variance if the remote image changes. If pinning is required, apply it comprehensively to all test sample images intests/e2e/sample-applications/rather than selectively.tests/e2e/sample-applications/mongo-persistent/mongo-persistent-csi.yaml (2)
70-70: LGTM!The mongo image update to
quay.io/migtools/mongo:7.0.28aligns with the PR objective for consistency and security.
125-127: LGTM!The container only runs
sleep infinity, so the image change is acceptable despite the misleading container name.tests/e2e/sample-applications/mongo-persistent/mongo-persistent.yaml (2)
83-83: LGTM!The mongo image update is consistent with the PR objective.
138-140: LGTM!The container only runs
sleep infinity, so the image change is acceptable.tests/e2e/sample-applications/parks-app/manifest.yaml (2)
97-97: LGTM!Using the mongo image for the init container is appropriate since the script relies on
mongosh/mongoclients, which are included in this image.
270-270: LGTM!The mongo image update is consistent with the PR objective and the probes use
mongoshwhich is available in this image.tests/e2e/sample-applications/mysql-persistent/mysql-persistent.yaml (1)
171-173: Note:curl-toolcontainer may lack curl binary.The container is named "curl-tool" but
ubi8/ubi:latestdoesn't include curl by default. Since the container's purpose is justsleep infinity(likely for exec-based debugging), this won't break functionality. However, if curl is needed for debugging, it won't be available without installing it manually.The image change from docker.io to registry.access.redhat.com aligns with the PR's goal of using consistent, secure registries.
tests/e2e/sample-applications/mongo-persistent/mongo-persistent-block.yaml (1)
74-74: LGTM!The MongoDB image migration to
quay.io/migtools/mongo:7.0.28is consistent with the PR objectives and improves version specificity by using an exact patch version instead of a floating minor tag.Also applies to: 105-105
tests/e2e/sample-applications/mysql-persistent/mysql-persistent-csi.yaml (1)
158-160: I need the review comment to rewrite. Please provide the original review comment and the context (code changes, file information, etc.) that requires verification.
✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.
| image: registry.access.redhat.com/ubi8/ubi:latest | ||
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] |
There was a problem hiding this comment.
Init container will fail: UBI8 base image does not include curl.
The init-myservice container command uses curl to check MongoDB connectivity, but registry.access.redhat.com/ubi8/ubi:latest does not include curl by default. This will cause the init container to fail with command not found, preventing the pod from starting.
Consider one of these alternatives:
- Use an image that includes curl (e.g.,
registry.access.redhat.com/ubi8/ubi-minimalwith curl installed, or keep the original curl image) - Replace curl with a tool available in UBI8, such as using bash's
/dev/tcpfor port checking
🐛 Option 2: Replace curl with bash /dev/tcp
initContainers:
- name: init-myservice
image: registry.access.redhat.com/ubi8/ubi:latest
- command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"']
+ command: ['bash', '-c', 'sleep 30; max_attempts=180; attempt=0; until timeout 2 bash -c "</dev/tcp/mongo/27017" 2>/dev/null || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"']📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| image: registry.access.redhat.com/ubi8/ubi:latest | |
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] | |
| image: registry.access.redhat.com/ubi8/ubi:latest | |
| command: ['bash', '-c', 'sleep 30; max_attempts=180; attempt=0; until timeout 2 bash -c "</dev/tcp/mongo/27017" 2>/dev/null || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] |
🤖 Prompt for AI Agents
In `@tests/e2e/sample-applications/mongo-persistent/mongo-persistent-block.yaml`
around lines 239 - 240, The init container uses curl but the chosen base image
(image: registry.access.redhat.com/ubi8/ubi:latest) does not include curl,
causing the init command (command: ['sh', '-c', 'sleep 30; ... curl -s
--connect-timeout 2 mongo:27017 ...']) to fail; fix by either switching the init
container image to one that includes curl (or to an image where you can install
curl) or replace the curl-based connectivity check with a shell-native probe
(e.g., using bash /dev/tcp or netcat) inside the same init container command so
the port check succeeds on the UBI8 image.
| image: registry.access.redhat.com/ubi8/ubi:latest | ||
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] |
There was a problem hiding this comment.
curl is not available in the ubi8/ubi base image.
The init container command uses curl to check MongoDB connectivity, but registry.access.redhat.com/ubi8/ubi:latest does not include curl by default. This will cause the init container to fail with a "command not found" error.
Consider one of these alternatives:
- Use
registry.access.redhat.com/ubi8/ubi-minimaland install curl, or - Use a different connectivity check that doesn't require curl (e.g., bash's
/dev/tcp), or - Use an image that includes curl
🐛 Proposed fix using bash /dev/tcp instead of curl
- name: init-myservice
image: registry.access.redhat.com/ubi8/ubi:latest
- command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"']
+ command: ['bash', '-c', 'sleep 30; max_attempts=180; attempt=0; until timeout 2 bash -c "cat < /dev/null > /dev/tcp/mongo/27017" 2>/dev/null || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"']📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| image: registry.access.redhat.com/ubi8/ubi:latest | |
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] | |
| image: registry.access.redhat.com/ubi8/ubi:latest | |
| command: ['bash', '-c', 'sleep 30; max_attempts=180; attempt=0; until timeout 2 bash -c "cat < /dev/null > /dev/tcp/mongo/27017" 2>/dev/null || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] |
🤖 Prompt for AI Agents
In `@tests/e2e/sample-applications/mongo-persistent/mongo-persistent-csi.yaml`
around lines 196 - 197, The init container uses curl in the command string while
the base image "registry.access.redhat.com/ubi8/ubi:latest" does not include
curl, causing a "command not found" failure; fix by either switching the image
to one that contains curl (or installing curl into the image), or replace the
curl check in the command (the long command starting with 'sleep 30;
max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 ...')
with a shell-native connectivity test such as bash /dev/tcp (or nc) so the
readiness loop works without curl. Ensure the chosen approach updates the image
line ("image: registry.access.redhat.com/ubi8/ubi:latest") or modifies the
command string accordingly.
| image: registry.access.redhat.com/ubi8/ubi:latest | ||
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] |
There was a problem hiding this comment.
curl is not available in the ubi8/ubi base image.
Same issue as in mongo-persistent-csi.yaml — the init container command relies on curl, which is not installed in the base UBI image. This will break the init container.
🐛 Proposed fix using bash /dev/tcp instead of curl
- name: init-myservice
image: registry.access.redhat.com/ubi8/ubi:latest
- command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"']
+ command: ['bash', '-c', 'sleep 30; max_attempts=180; attempt=0; until timeout 2 bash -c "cat < /dev/null > /dev/tcp/mongo/27017" 2>/dev/null || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"']📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| image: registry.access.redhat.com/ubi8/ubi:latest | |
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until curl -s --connect-timeout 2 mongo:27017 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] | |
| image: registry.access.redhat.com/ubi8/ubi:latest | |
| command: ['bash', '-c', 'sleep 30; max_attempts=180; attempt=0; until timeout 2 bash -c "cat < /dev/null > /dev/tcp/mongo/27017" 2>/dev/null || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mongo DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mongo after $max_attempts attempts"; exit 1; fi; echo "mongo DB port reachable"'] |
🤖 Prompt for AI Agents
In `@tests/e2e/sample-applications/mongo-persistent/mongo-persistent.yaml` around
lines 209 - 210, The init container command uses curl but the image
registry.access.redhat.com/ubi8/ubi:latest does not include curl; update the
init container command (the command field in this manifest) to either install
curl (e.g., use microdnf to install curl before running the loop) or,
preferably, replace the curl check with a POSIX/bash TCP check using /dev/tcp
(e.g., use sh -c with a loop that tests </dev/tcp/host/port> or uses bash -c
'>/dev/tcp/mongo/27017' and checks the exit status) so the readiness loop in the
command string works without adding packages. Ensure you modify the command
string referenced in the diff accordingly (the command array that starts with
'sh', '-c', 'sleep 30; ...').
| - name: init-myservice | ||
| image: docker.io/curlimages/curl:8.5.0 | ||
| image: registry.access.redhat.com/ubi8/ubi:latest | ||
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until /usr/bin/nc -z -w 1 mysql 3306 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mysql DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mysql after $max_attempts attempts"; exit 1; fi; echo "mysql DB port reachable"'] |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
find . -type f -name "*mysql-persistent-csi.yaml" | head -20Repository: openshift/oadp-operator
Length of output: 141
🏁 Script executed:
cd tests/e2e/sample-applications/mysql-persistent 2>/dev/null && wc -l mysql-persistent-csi.yamlRepository: openshift/oadp-operator
Length of output: 96
🏁 Script executed:
sed -n '225,235p' tests/e2e/sample-applications/mysql-persistent/mysql-persistent-csi.yamlRepository: openshift/oadp-operator
Length of output: 804
🌐 Web query:
UBI 8 ubi latest image nmap-ncat nc binary availability default
💡 Result:
Short answer: UBI 8 images do NOT include the ncat/nc binary by default. You must install the nmap-ncat package from the UBI/RHEL repositories (using dnf in the standard UBI image or microdnf in UBI‑minimal) to get ncat/nc. [1][2]
Example (in ubi8/ubi-minimal):
- podman run -it registry.access.redhat.com/ubi8/ubi-minimal /bin/bash
- microdnf install nmap-ncat # then run ncat or ncat --version. [1][2]
Sources:
- Red Hat UBI documentation (adding packages to UBI containers; microdnf/dnf usage). [1]
- Package listings / RPMs for nmap-ncat (RHEL/CentOS/Alma repos showing nmap-ncat package). [2]
Init container will fail: /usr/bin/nc is not available in UBI 8 by default.
The command on line 230 uses /usr/bin/nc, but ubi:latest does not include the nmap-ncat package. The init container will fail immediately with a "command not found" error, blocking pod startup. Install nmap-ncat at startup or use an image that includes it.
Example fix (install nmap-ncat at startup)
initContainers:
- name: init-myservice
image: registry.access.redhat.com/ubi8/ubi:latest
+ securityContext:
+ runAsUser: 0
+ runAsGroup: 0
command:
- ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until /usr/bin/nc -z -w 1 mysql 3306 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mysql DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mysql after $max_attempts attempts"; exit 1; fi; echo "mysql DB port reachable"']
+ ['bash', '-c', 'microdnf -y install nmap-ncat && sleep 30; max_attempts=180; attempt=0; until /usr/bin/nc -z -w 1 mysql 3306 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mysql DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mysql after $max_attempts attempts"; exit 1; fi; echo "mysql DB port reachable"']📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: init-myservice | |
| image: docker.io/curlimages/curl:8.5.0 | |
| image: registry.access.redhat.com/ubi8/ubi:latest | |
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until /usr/bin/nc -z -w 1 mysql 3306 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mysql DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mysql after $max_attempts attempts"; exit 1; fi; echo "mysql DB port reachable"'] | |
| - name: init-myservice | |
| image: registry.access.redhat.com/ubi8/ubi:latest | |
| securityContext: | |
| runAsUser: 0 | |
| runAsGroup: 0 | |
| command: ['bash', '-c', 'microdnf -y install nmap-ncat && sleep 30; max_attempts=180; attempt=0; until /usr/bin/nc -z -w 1 mysql 3306 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mysql DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mysql after $max_attempts attempts"; exit 1; fi; echo "mysql DB port reachable"'] |
🤖 Prompt for AI Agents
In `@tests/e2e/sample-applications/mysql-persistent/mysql-persistent-csi.yaml`
around lines 228 - 230, The init container "init-myservice" uses /usr/bin/nc
which is not present in the registry.access.redhat.com/ubi8/ubi:latest image;
update the init container command so nc is available by either installing the
nmap-ncat package at startup (e.g., run microdnf/apt install nmap-ncat before
using /usr/bin/nc) or switch the image to one that contains nc (or change the
probe to use a built-in tool like bash+>/dev/tcp or curl); ensure the change is
applied to the init container definition (name: init-myservice) and that the
readiness loop still exits with the same retry logic and exit codes.
| - image: registry.access.redhat.com/ubi8/ubi:latest | ||
| name: curl-tool | ||
| command: ["/bin/sleep", "infinity"] |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n tests/e2e/sample-applications/mysql-persistent/mysql-persistent-twovol-csi.yaml | head -160Repository: openshift/oadp-operator
Length of output: 5495
🏁 Script executed:
cat -n tests/e2e/sample-applications/mysql-persistent/mysql-persistent-twovol-csi.yaml | sed -n '140,240p'Repository: openshift/oadp-operator
Length of output: 3761
🌐 Web query:
UBI 8 ubi latest image curl netcat included
💡 Result:
Short answer: The official UBI 8 "ubi" (standard) image does not include curl or netcat (nmap-ncat) by default, but both packages are available from the UBI 8 repositories and can be installed into the image (yum/dnf in the standard image; minimal/micro images may use microdnf or require enabling repos). [1][2][3]
How to verify / install:
- Verify inside a running container: rpm -q curl nmap-ncat
- Install (standard UBI): yum install -y curl nmap-ncat
- Install (minimal/micro): microdnf install curl nmap-ncat (or use dnf if present).
Sources:
- Red Hat UBI image overview (what's included / base vs minimal). [Red Hat Ecosystem / UBI overview]. [1]
- UBI content and repositories (ubi-8-baseos-rpms / ubi-8-appstream-rpms). [2]
- UBI 8 image listing (redhat/ubi8). [3]
🏁 Script executed:
cat -n tests/e2e/sample-applications/mysql-persistent/mysql-persistent-twovol-csi.yaml | sed -n '226,228p'Repository: openshift/oadp-operator
Length of output: 601
UBI 8 image lacks required tooling; netcat absence will prevent pod startup.
Both containers use registry.access.redhat.com/ubi8/ubi:latest, which does not include curl or netcat by default. Line 227-228 explicitly calls /usr/bin/nc in the init-myservice startup command—this will fail immediately, preventing the pod from starting. Line 150-152's curl-tool container will also lack curl if used for e2e testing. Either install the required tools (e.g., yum install -y curl nmap-ncat) in a custom image or switch to an image that includes them.
🤖 Prompt for AI Agents
In
`@tests/e2e/sample-applications/mysql-persistent/mysql-persistent-twovol-csi.yaml`
around lines 150 - 152, The UBI8 image used for the curl-tool container and the
init-myservice startup relies on missing tooling (curl and nc); update the
manifest so the container image provides those binaries: either switch the
curl-tool and init container images to a distro image that includes curl and
netcat, or build/use a custom image that installs curl and nmap-ncat (e.g., via
yum install -y curl nmap-ncat) and reference that image in the container spec;
also verify the init-myservice startup command uses the correct nc path present
in the chosen image.
| - name: init-myservice | ||
| image: docker.io/curlimages/curl:8.5.0 | ||
| image: registry.access.redhat.com/ubi8/ubi:latest | ||
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until /usr/bin/nc -z -w 1 mysql 3306 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mysql DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mysql after $max_attempts attempts"; exit 1; fi; echo "mysql DB port reachable"'] |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
UBI8 ubi image netcat nc availability /usr/bin/nc
💡 Result:
Short answer: UBI8 images do not include /usr/bin/nc by default. You can add netcat using the RHEL packages (e.g., install nmap-ncat from AppStream) or the netcat package from EPEL — both provide an nc binary. Example install: dnf install -y nmap-ncat (or enable EPEL and install netcat). [1][2][3]
Sources:
- UBI8 image info and types (no mention of nc in base files). [1]
- nmap-ncat (RHEL/AppStream) provides /usr/bin/nc and /usr/bin/ncat. [2]
- netcat (OpenBSD) RPM for EL8 provides /usr/bin/nc (available via EPEL). [3]
🏁 Script executed:
rg '/usr/bin/nc|nc -z' tests/Repository: openshift/oadp-operator
Length of output: 2169
🏁 Script executed:
# Check if any of these files have dnf install or netcat installation commands
rg -A 5 -B 5 'init-myservice|dnf install|nmap-ncat|apt-get.*netcat' tests/e2e/sample-applications/mysql-persistent/Repository: openshift/oadp-operator
Length of output: 4689
🏁 Script executed:
# Check if there's a custom image or Dockerfile that might install netcat
fd -e Dockerfile -e dockerfile tests/e2e/sample-applications/mysql-persistent/Repository: openshift/oadp-operator
Length of output: 560
🏁 Script executed:
fd --full-path 'tests/e2e/sample-applications/mysql-persistent/.*Dockerfile'Repository: openshift/oadp-operator
Length of output: 49
🏁 Script executed:
# Check for any installation of netcat in the init commands more carefully
rg 'dnf install|yum install|apt-get' tests/e2e/sample-applications/Repository: openshift/oadp-operator
Length of output: 180
Install netcat or use an alternative approach to verify MySQL connectivity.
The init-myservice container uses /usr/bin/nc to check the MySQL port, but netcat is not included in the registry.access.redhat.com/ubi8/ubi:latest image by default. The init container will fail at startup.
Either install netcat in the init container command (e.g., dnf install -y nmap-ncat) before running the connectivity check, or use an alternative approach such as checking via shell redirection (/dev/tcp/mysql/3306) which doesn't require external tools.
🤖 Prompt for AI Agents
In
`@tests/e2e/sample-applications/mysql-persistent/mysql-persistent-twovol-csi.yaml`
around lines 226 - 228, The init container "init-myservice" uses /usr/bin/nc
which is not present in the registry.access.redhat.com/ubi8/ubi:latest image;
update the init container command for "init-myservice" to either install netcat
before the connectivity loop (e.g., run dnf install -y nmap-ncat then proceed)
or replace the nc check with a shell-native check using /dev/tcp/mysql/3306 in
the command string so the readiness loop can run successfully without relying on
an external binary.
| initContainers: | ||
| - name: init-myservice | ||
| image: docker.io/curlimages/curl:8.5.0 | ||
| image: registry.access.redhat.com/ubi8/ubi:latest | ||
| command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until /usr/bin/nc -z -w 1 mysql 3306 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mysql DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mysql after $max_attempts attempts"; exit 1; fi; echo "mysql DB port reachable"'] |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
UBI8 UBI image netcat nc nmap-ncat default packages included
💡 Result:
Short answer: UBI8 images do not include netcat (nc) / nmap-ncat by default. The UBI images ship a minimal set of packages (ubi, ubi-minimal, etc.) and provide Red Hat UBI BaseOS/AppStream repositories so you can install nmap-ncat (provided as the nmap-ncat package) with yum or microdnf. [1][2][3]
References
- UBI image types / package behavior (microdnf in minimal; package counts). [1]
- UBI images enable UBI BaseOS/AppStream repos so packages can be installed into the image. [2]
- nmap-ncat (ncat) is packaged for EL8 (available as nmap-ncat RPM for RHEL/derivatives). [3]
🏁 Script executed:
# First, let's examine the actual file to understand the context better
cat -n tests/e2e/sample-applications/mysql-persistent/mysql-persistent.yaml | head -250 | tail -20Repository: openshift/oadp-operator
Length of output: 1169
🌐 Web query:
Red Hat UBI8 ubi:latest image contents packages included
💡 Result:
Short answer: The UBI8 "ubi:latest" (standard) image is a small, supported subset of RHEL‑8 userland that includes a curated set of core GNU/Linux and system utilities (tar, gzip, vi, coreutils, glibc, openssl, yum/dnf tooling, etc.) and is preconfigured to use the UBI 8 BaseOS and AppStream repositories. The exact package list varies by image build/tag (Red Hat rebuilds periodically), so to get the authoritative list for the specific ubi:latest you pull, run rpm -qa inside the image or inspect the image manifest. [1][2][3]
How to see the exact packages yourself
- Pull and run the image, then list installed RPMs:
- docker pull registry.access.redhat.com/ubi8/ubi:latest
- docker run --rm -it registry.access.redhat.com/ubi8/ubi:latest bash
- rpm -qa
This shows the image's installed packages. [1][4]
Why the list can change
- Red Hat publishes UBI images on a cadence and rebuilds images with errata; repository metadata (and thus available/installed packages) can change between tags. For available RPMs and repo URLs see /etc/yum.repos.d/ubi.repo inside the container or browse the UBI repositories. [1][2]
References
- Red Hat knowledgebase: Universal Base Images — repos, rpm commands and how to list packages. [1]
- Red Hat Developer: UBI overview and what’s included; counts and flavors (ubi, ubi-minimal, ubi-micro). [2]
- Red Hat Ecosystem Catalog (ubi8 image entry / tag info). [3]
- RHEL docs: adding software to a UBI container (microdnf/yum usage and rpm -qa). [4]
Sources
[1] Red Hat Customer Portal — Universal Base Images (UBI): Images, repositories, packages, and source code.
[2] Red Hat Developer — Universal Base Images (what’s included, image flavors and package counts).
[3] Red Hat Ecosystem Catalog — Red Hat Universal Base Image 8 (ubi8) image entry.
[4] Red Hat documentation — Adding software to a UBI container (rpm -qa, yum/microdnf).
🏁 Script executed:
# Let's also check if there are any other test files or scripts that might shed light on this
find tests -name "*.yaml" -o -name "*.yml" | head -10Repository: openshift/oadp-operator
Length of output: 887
Remove /usr/bin/nc dependency or include netcat in the image.
The init-myservice container uses /usr/bin/nc to verify MySQL connectivity, but ubi8/ubi:latest does not include netcat by default and must be installed separately. This will cause the initContainer to fail with "command not found", blocking the deployment.
Replace with a bash-native TCP check: /bin/bash -c 'echo > /dev/tcp/mysql/3306', or use an image that includes netcat (e.g., ubi8/ubi-init).
🤖 Prompt for AI Agents
In `@tests/e2e/sample-applications/mysql-persistent/mysql-persistent.yaml` around
lines 240 - 243, The initContainer block (initContainers -> name:
init-myservice) currently calls /usr/bin/nc which isn't present in the ubi8/ubi
image; replace that dependency by changing the readiness check to a bash-native
TCP probe (use /bin/bash -c with a redirection test like echo >
/dev/tcp/mysql/3306 in the existing command loop) or switch the container image
to one that includes netcat (e.g., an image like ubi8/ubi-init) and update the
command accordingly so the initContainer no longer fails with "command not
found".
| successThreshold: 1 | ||
| failureThreshold: 40 # 40x30sec before restart pod | ||
| - image: docker.io/curlimages/curl:8.5.0 | ||
| - image: registry.access.redhat.com/ubi8/ubi:latest |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n tests/e2e/sample-applications/virtual-machines/fedora-todolist/fedora-todolist.yaml | sed -n '140,210p'Repository: openshift/oadp-operator
Length of output: 2780
🌐 Web query:
What tools are included in registry.access.redhat.com/ubi8/ubi latest image contents
💡 Result:
Short answer — the UBI8 "ubi" (standard) image is a small RHEL-based userland that includes package-management and common OS utilities. Notable tools shipped in the standard ubi8 image include:
- yum (DNF front-end tools: yum, yum-config-manager, yumdownloader). [1]
- systemd (init support in the standard image). [1]
- Common GNU utilities: tar, gzip, vi, etc. [1][2]
- Filesystem/ACL utilities: getfacl and other acl tools. [1]
- Device/volume tools: dmsetup and related device-mapper utilities, dmidecode. [1]
- Access to UBI yum repositories so you can install additional RPMs. [1][2]
Notes: the exact package list can change between image releases; for the authoritative, up‑to‑date contents check the Red Hat Ecosystem Catalog entry for ubi8 or inspect a pulled image (e.g., podman run --rm registry.access.redhat.com/ubi8/ubi rpm -qa). [2][3]
Sources: Red Hat container docs and UBI catalog. [1][2][3]
🌐 Web query:
does UBI8 base image include nc netcat curl tools by default
💡 Result:
Short answer: No—UBI8 images do not reliably include netcat (nc) by default, and whether curl is present depends on the variant.
- ubi (standard) contains more utilities and is more likely to include curl; ubi-minimal/ubi-micro are intentionally slim and may not include curl by default. (developers.redhat.com)
- Community/CI evidence shows some ubi8-minimal tags ship curl (so curl can appear in some builds), but netcat/nc is not listed as a default package in the minimal images. To confirm for a specific tag run: docker run --rm -it
rpm -q curl nc (or docker run ... which nc). (gitlab.com)
If you want, tell me which UBI8 tag (ubi, ubi-minimal, ubi-micro, or exact image:tag) and I’ll check that tag specifically.
Citations:
- 1: https://developers.redhat.com/articles/2021/11/30/build-lightweight-and-secure-container-images-using-rhel-ubi?utm_source=openai
- 2: https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/4171?utm_source=openai
🌐 Web query:
UBI8 ubi minimal vs standard image what packages included
💡 Result:
Short answer — difference and what’s included
-
UBI8 (standard, image name "ubi")
- Full YUM/DNF stack, standard RHEL userland utilities (tar, gzip, vi, etc.), OpenSSL crypto stack and more complete OS tooling. Intended as a general-purpose base for most apps. (~190 packages in typical UBI8 standard image). [1][2][3]
-
UBI8 minimal (image name "ubi-minimal")
- Minimized pre‑installed content set to keep image size small, no SUID binaries, and a tiny package manager (microdnf) instead of the full yum/dnf tooling. Omits systemd/init, many shell/utilities and Python runtime; intended when you add only the deps you need. (~100 packages; ~92 MB uncompressed vs ~215 MB for standard). [2][3][4]
-
(Related) UBI8 micro
- Even smaller: essentially no package manager included (for maximal minimalism/multi‑stage builds). Use build tools on host. [1][2]
Sources: Red Hat/UBI docs and Red Hat Developer articles describing "ubi" vs "ubi-minimal" (package counts, size and included tooling). [1][2][3][4]
References
[1] Red Hat blog: Introducing Red Hat Universal Base Image.
[2] Red Hat Documentation — Building, running, and managing containers (UBI minimal description).
[3] Red Hat Developer article / UBI comparison (table with sizes and package counts).
[4] Red Hat Universal Base Image FAQ / Catalog.
The UBI8 base image does not include nc; the init container will fail.
The init-myservice container explicitly calls /usr/bin/nc to wait for MySQL availability. UBI8 standard does not ship netcat by default, so this init container will crash and block the Deployment. The curl-tool container will likewise be unusable. Install these tools via microdnf in the container command, or use an image that includes them.
Suggested remediation
- - image: registry.access.redhat.com/ubi8/ubi:latest
+ - image: registry.access.redhat.com/ubi8/ubi:latest
name: curl-tool
- command: ["/bin/sleep", "infinity"]
+ command: ['sh', '-c', 'microdnf install -y curl nmap-ncat && sleep infinity']
...
- - name: init-myservice
- image: registry.access.redhat.com/ubi8/ubi:latest
- command: ['sh', '-c', 'sleep 30; max_attempts=180; attempt=0; until /usr/bin/nc -z -w 1 mysql 3306 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mysql DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mysql after $max_attempts attempts"; exit 1; fi; echo "mysql DB port reachable"']
+ - name: init-myservice
+ image: registry.access.redhat.com/ubi8/ubi:latest
+ command: ['sh', '-c', 'microdnf install -y nmap-ncat && sleep 30; max_attempts=180; attempt=0; until /usr/bin/nc -z -w 1 mysql 3306 || [ $attempt -ge $max_attempts ]; do attempt=$((attempt+1)); echo "Attempt $attempt/$max_attempts: Trying to connect to mysql DB port"; sleep 5; done; if [ $attempt -ge $max_attempts ]; then echo "ERROR: Failed to connect to mysql after $max_attempts attempts"; exit 1; fi; echo "mysql DB port reachable"']Also applies to: 202-203
🤖 Prompt for AI Agents
In
`@tests/e2e/sample-applications/virtual-machines/fedora-todolist/fedora-todolist.yaml`
at line 143, The UBI8 base image used for the containers (image:
registry.access.redhat.com/ubi8/ubi:latest) doesn't include netcat/curl, causing
the init container named init-myservice (which calls /usr/bin/nc) and the
curl-tool container to fail; fix by modifying the container spec(s) that
reference that image (init-myservice and curl-tool) to either use a different
image that bundles nc/curl or add a startup command that installs the missing
tools (e.g., run microdnf install -y nc curl or the appropriate package names
before using /usr/bin/nc or curl), ensuring the init container's wait command
and the curl-tool container can find the binaries.
|
/retest |
1 similar comment
|
/retest |
|
@kaovilai: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
2 participants
Signed-off-by: Tiger Kaovilai tkaovila@redhat.com
Why the changes were made
pull rate limits in ci
Mirrors automation live here
https://github.com/migtools/mig-demo-apps/tree/master/.github/workflows
How to test the changes made
retest?