imagePullSecrets on the collector image #696
Comments
|
@pseymournutanix That's a good point and we are aware of it. As we don't actually deploy the cr as part of this chart we should at least update the examples. Can you help with that? |
Can we actually do this? I think Operator creates a new ServiceAccount for every Collector resource? So it's a bit outside of our control, no? Based on this -> https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#opentelemetrycollectorspec
|
|
Yes it appears to be the case that a new SA is created. Rather makes the use of private registeries impossible. |
|
I think you could set serviceAccount on each Collector CR and then make that serviceAccount have a imagePullSecret. So it is possible, but outside of scope of this chart, no? |
TylerHelmuth
added
the
chart:operator
|
I am following https://opentelemetry.io/docs/k8s-operator/automatic/#create-an-opentelemetry-collector-optional and my deployment is failing for same reason. as its private reg for image. I can see deployment this is the service account used., are you saying we should add this serviceAccount with a imagePullSecret ? |
|
@pseymournutanix did you make it work? please give some pointers if the case. |
|
The OpenTelemetryCollector object does let you specify a image pull policy. Using https://opentelemetry.io/docs/k8s-operator/automatic/#create-an-opentelemetry-collector-optional as the starting point, I believe you can do And it will use that value in the deployment it makes for the collector. Since this object is created outside the opentelemetry-operator chart the chart cannot be used to set this value. I believe this is another reason to look at #562 and #69 |
|
sorry the issue is with imagePullSecret not present on the deployment and not imagePullPolicy? how will having imagePullPolicy in this way help solve the issue if secret not present in deployment and hence cannot pull image from private reg? did you mean to say imagePullSecrets? |
|
Just to make anyone trying to do what I have been doing, I did use imagePulllSecrets in the spec, and has to use --validate=false for k8s apply not to fail rather throw warning Warning: unknown field "spec.imagePullSecrets" and Deployment came up fine. |
|
Oh sorry, I mixed up the fields. It looks like the OpenTelemetryCollector custom resource does not accept The stuff about the operator chart not being able to accomplish this is still accurate. Based on open-telemetry/opentelemetry-operator#846 the current solution is to create and manage your own service account that has the That all kinda complicated, so I think it is worth commenting on that issue and asking that |
|
Hi there some plan to add the imagePullSecrets on the CR directly ? or do we have to consider to always put it in the ServiceAccount ? |
|
@TylerHelmuth , is this issue still open? Can I get more info about it? |
|
The desired state would be for the setting to be exposed on the OpenTelemetryCollector CR, so a change needs made in the otel operator repo |
|
@TylerHelmuth , I am working on the Open source for the first time, might require more context. Can you confirm this is the repo link: https://github.com/open-telemetry/opentelemetry-operator |
Hello,
The helm chart now allows
imagePullSecretsfor the operator image, but this doesn't fall into the collector (unless I am missing something).Perhaps it would be easier to add them to the service accounts if set in
.Values.imagePullSecretsThe text was updated successfully, but these errors were encountered: