Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OLM doesn't add imagePullSecrets value to the operator service account after upgrading to SDK 1.34.1 #6768

Open
rahulsb opened this issue Jun 6, 2024 · 5 comments
Open

OLM doesn't add imagePullSecrets value to the operator service account after upgrading to SDK 1.34.1 #6768

rahulsb opened this issue Jun 6, 2024 · 5 comments
Labels
language/go Issue is related to a Go operator project triage/support Indicates an issue that is a support question.

Comments

@rahulsb
Copy link

rahulsb commented Jun 6, 2024

Bug Report

We recently upgraded to SDK 1.34.1 and observed that the service account created by the OLM after installing the operator on kubernetes cluster (v1.27) doesn't have the imagePullSecrets value defined.

In the service account definition file located at operator/config/rbac/service_account.yaml , it has imagePullSecret defined correctly.

What did you do?

Upgraded operator code to SDK 1.34.1, K8s v1.29 and Go 1.21.9 .

What did you expect to see?

Operator should be able to create serviceAccount as defined in the source file in operator/config/rbac/service_account.yaml

What did you see instead? Under which circumstances?

Operator creates the serviceAccount however it doesn't have the imagePullSecret key value defined.

Environment

Operator SDK v1.31.4
Go: 1.21.9
Operator K8s version: 1.29

Operator type:
Go operator
/language go

Kubernetes cluster type:

Test environment : IBM Kubernetes service v1.27

$ operator-sdk version

operator-sdk version: "v1.34.1", commit: "edaed1e5057db0349568e0b02df3743051b54e68", kubernetes version: "1.28.0", go version: "go1.21.7", GOOS: "linux", GOARCH: "amd64"

$ go version (if language is Go)

go version go1.21.9 linux/amd64

$ kubectl version

Possible Solution

Additional context
@openshift-ci openshift-ci bot added the language/go Issue is related to a Go operator project label Jun 6, 2024
@acornett21
Copy link
Contributor

HI @rahulsb Does the file in /bundle have the imagePullSecrets?

@rahulsb
Copy link
Author

rahulsb commented Jun 10, 2024
edited
Loading

HI @rahulsb Does the file in /bundle have the imagePullSecrets?

@acornett21 Which file in bundle should have it ? I do not see service_account.yaml in bundle folder.
I see manifests and metadata folder. And manifests contains CRD,CSV, configMap and webhook service files

@acornett21
Copy link
Contributor

Is this for the controllers service account? Or an additional service account?

@rahulsb
Copy link
Author

rahulsb commented Jun 11, 2024

Is this for the controllers service account? Or an additional service account?

it's Controller service account.

@acornett21
Copy link
Contributor

Since there is no SA file in the bundle for the controller this is by design, you have two options:

  • Add imagePullSecrets to you CSV that references a Secret (Secrets are an allowed type in a bundle, though I don't recommend this)
  • You can create an additional Service Account, and have that included in the bundle, then use kustomize to swap that out in the CSV.

Most operator authors go with the first option. Hope this helps.

@acornett21 acornett21 added the triage/support Indicates an issue that is a support question. label Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
language/go Issue is related to a Go operator project triage/support Indicates an issue that is a support question.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rahulsb @acornett21