Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow multiple pullSecrets in OpenLibertyApplication CR #661

Open
hhue13 opened this issue Dec 4, 2024 · 3 comments
Open

Allow multiple pullSecrets in OpenLibertyApplication CR #661

hhue13 opened this issue Dec 4, 2024 · 3 comments

Comments

@hhue13
Copy link

hhue13 commented Dec 4, 2024

Allow multiple pullSecrets in OpenLibertyApplication custom resource

Currently the OpenLibertyApplication CRD allows to specify a secret (namely one to be precise) of type docker-registry if the image needs to pulled from a private registry. This secret gets added to the imagePullSecrets list of the serviceAccount if the serviceAccount is created by the OpenLiberty operator.

However there are situations when multiple pull secrets are required. For example we need to use initContainers for which we have to pull the image from a different registry than the registry from which we pull the application image.

In our specific use case the build pipeline pushes the application images to an internal Artifactory registry and therefore the application images need to be pulled from there. However for the initContainer of the pod we need an image from another registry (for example registry.redhat.io). Therefore we need to two different secrets being used to pull the images for the pod.

Describe the solution you'd like

Imho the one way to implement this would be to change the pullSecret field so that it can be either a String or a List (but honestly I am not sure if that's possible) so that multiple secrets can be specified. If the operator can handle this, this would enhance the CRD to accept multiple pull secrets and the operator would need to add all secrets from the list to the imagePullSecrets list of the serviceAccount created by the operator.

If it is not possible to enhance the pullSecret field to be either a String or a List introducing a new field (for example named pullSecrets) which accepts a list of secrets which are then added the list to the imagePullSecrets list of the serviceAccount created by the operator.
@hhue13
Copy link
Author

hhue13 commented Dec 4, 2024
edited
Loading

Just learned that we can address multiple registries in one secret (although oc create secret allows to specify the data for one registry from the command line only).

So all we'd need to do would be to create a config.json covering multiple registries and then create a secret specifying that file via the --from-file parameter.

@hhue13 hhue13 closed this as completed Dec 4, 2024
@hhue13
Copy link
Author

hhue13 commented Dec 4, 2024
edited
Loading

Create a .dockerconfigjson file and use it to address multiple registries in one secret

@hhue13 hhue13 reopened this Jan 23, 2025
@hhue13
Copy link
Author

hhue13 commented Jan 23, 2025

Hello,I'm reopening the case as the workaround proposed above is working but hard to implement in a GitOps environment. It is much easier to have multiple secrets created than creating a config.json and then create the secret out of it. So wondering how others are evaluating this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hhue13