Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Operator does not use pod_service_account_definition for creating service account for the Cluster #2602

Open
thanasis-liapis opened this issue Apr 10, 2024 · 1 comment
Open

Operator does not use pod_service_account_definition for creating service account for the Cluster #2602

thanasis-liapis opened this issue Apr 10, 2024 · 1 comment

Comments

@thanasis-liapis
Copy link

Please, answer some short questions which should help us to understand your problem / question better?

  • Which image of the operator are you using? e.g. registry.opensource.zalan.do/acid/postgres-operator:v1.11.0
    • operator:v1.10.1
  • Where do you run it - cloud or metal? Kubernetes or OpenShift? [AWS K8s | GCP ... | Bare Metal K8s]
    • Kubernetes on OpenStack Cloud
  • Are you running Postgres Operator in production? [yes | no]
    • Not yet
  • Type of issue? [Bug report, question, feature request, etc.]
    • Bug report??

Some general remarks when posting a bug report:

  • Please, check the operator, pod (Patroni) and postgresql logs first. When copy-pasting many log lines please do it in a separate GitHub gist together with your Postgres CRD and configuration manifest.
  • If you feel this issue might be more related to the Spilo docker image or Patroni, consider opening issues in the respective repos.

Dear contributors of the operator,

I am trying to create an automated deployment using the postgres operator for PostgreSQL clusters. The K8S cluster I am running in has several security policies I have to overcome. One of them is the use of internal repositories to download my images. These internal repos require authentication/autorization, so I am required to use imagePullSecrets for the Postgresql cluster's pods. After several tries in the operator, I realized that it does not support using imagePullSecrets setting for the cluster (resource kind: postgres). So, alternatively, I thought of using the service account used for creating the cluster, and adding to this account's definition the imagePullSecrets setting. I tried to do this by the pod_service_account_definition setting of the operator. However, I again saw that for some reason, this setting is not used. Instead, regardless of what I put there, the service account created and used for the cluster is pgzalando-pod-sa which I cannot find where it is set.

Please, could someone elaborate and indicate where this name is set and how can I use the pod_service_account_definition so I can enable imagePullSecrets?

Any further information at your disposal.

Thank you in advance!
@thanasis-liapis
Copy link
Author

Same for operator v1.11.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@thanasis-liapis