imagePullSecrets not used in backup cronjob templates #78
Comments
jmbarbier
changed the title
|
Thank you for reporting this issue when imagePullSecrets are used to pull main database images. Could you please share a YAML example where your configuration does not work? |
|
thank you for your quick reply.. here is some more info : Launching this yaml file on a cluster (at scaleway.com => scw-xxx) with 1 node is fine apiVersion: v1
data:
.dockerconfigjson: REDACTED
kind: Secret
metadata:
name: registry-secret
namespace: kubegres-sandbox
type: kubernetes.io/dockerconfigjson
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kubegres-backup-issue-78-pvc
namespace: kubegres-sandbox
spec:
storageClassName: scw-bssd
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: kubegres.reactive-tech.io/v1
kind: Kubegres
metadata:
name: kubegres-issue-78
namespace: kubegres-sandbox
spec:
replicas: 1
image: my-private-registry/image:tag
imagePullSecrets:
- name: registry-secret
database:
size: 1Gi
storageClassName: scw-bssd
failover:
isDisabled: true
backup:
schedule: "*/3 * * * *"
pvcName: kubegres-backup-issue-78-pvc
volumeMount: /var/lib/backup
env:
- name: POSTGRES_PASSWORD
value: supassword
- name: POSTGRES_REPLICATION_PASSWORD
value: reppasswordBackup CronJob is created : kind: CronJob
apiVersion: batch/v1beta1
metadata:
name: backup-kubegres-issue-78
namespace: kubegres-sandbox
uid: 499fa9f5-5a59-48d9-8fa2-7b08c74ca34b
resourceVersion: '1469331142'
generation: 1
creationTimestamp: '2021-12-27T14:02:36Z'
ownerReferences:
- apiVersion: kubegres.reactive-tech.io/v1
kind: Kubegres
name: kubegres-issue-78
uid: db3cb326-bc37-434e-b3ba-44175b083eb6
controller: true
blockOwnerDeletion: true
spec:
schedule: '*/3 * * * *'
concurrencyPolicy: Forbid
suspend: false
jobTemplate:
metadata:
creationTimestamp: null
spec:
template:
metadata:
creationTimestamp: null
spec:
volumes:
- name: backup-volume
persistentVolumeClaim:
claimName: kubegres-backup-issue-78-pvc
- name: postgres-config
configMap:
name: base-kubegres-config
defaultMode: 511
containers:
- name: backup-postgres
image: my-private-registry/image:tag
args:
- sh
- '-c'
- /tmp/backup_database.sh
env:
- name: PGPASSWORD
- name: KUBEGRES_RESOURCE_NAME
value: kubegres-issue-78
- name: BACKUP_DESTINATION_FOLDER
value: /var/lib/backup
- name: BACKUP_SOURCE_DB_HOST_NAME
value: kubegres-issue-78
- name: POSTGRES_PASSWORD
value: supassword
- name: POSTGRES_REPLICATION_PASSWORD
value: reppassword
resources: {}
volumeMounts:
- name: backup-volume
mountPath: /var/lib/backup
- name: postgres-config
mountPath: /tmp/backup_database.sh
subPath: backup_database.sh
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
restartPolicy: OnFailure
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
schedulerName: default-scheduler
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 1
status:
lastScheduleTime: '2021-12-27T14:06:00Z'
lastSuccessfulTime: '2021-12-27T14:06:05Z'the imagePullSecrets is missing there.. But if i add some nodes to the cluster the backup job fails depending of which node it is scheduled : the private image have not been pulled on new nodes, so when the backup is scheduled on one of these new nodes, as the imagePullSecrets field is missing in CronJob spec, the container cannot be pulled. |
|
Thank you for those details which will help me with the investigation. |
|
Hi @alex-arica sent a PR #103 to fix this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If imagePullSecrets are used to pull main database images, they are not used for backup templates. So if the backup job is scheduled on a pod without database image, it fails pulling the image.
Manually adding imagePullSecrets to CronJob definition works but this is a dirty workaround :)
The text was updated successfully, but these errors were encountered: