AWX Operator doesn't respect when a image_pull_secrets is specified, creates redhat-operator-pull-secret regardless.

[dticknor1]

Please confirm the following

• [X] I agree to follow this project's code of conduct.
• [X] I have checked the current issues for duplicates.
• [X] I understand that the AWX Operator is open source software provided for free and that I might not receive a timely response.

Bug Summary

The Deploying a specific version AWX documentation lists that an "image_pull_secrets" value can be specified to use a custom container image pull secret.

However, the operator does not respect this, and creates the redhat-operators-pull-secret regardless of if the above spec is specified.

This causes duplication of pull secrets, with the custom and the default image pull secret being created.

Proposing that we add a when condition to https://github.com/ansible/awx-operator/blob/devel/playbooks/awx.yml#L29 to only create the redhat-operator-pull-secret when image_pull_secrets is null.

AWX Operator version

2.12.2

AWX version

23.6.0

Kubernetes platform

kubernetes

Kubernetes/Platform version

1.28

Modifications

yes

Steps to reproduce

specify a custom image location and a image_pull_secrets

Expected results

When a custom image_pull_secrets is specified, the operator should utilize this pull secret, and not create the default redhat-operators-pull-secret

Actual results

The redhat-operators-pull-secret is created regardless of whether a custom image_pulls_secret is specfied.

Additional information

No response

Operator Logs

No response

[kurokobo]

@dticknor1 F.Y.I., redhat-operators-pull-secret is for the Operator itself and not for any AWX related pods: https://github.com/ansible/awx-operator/blob/6baf3a174d86d73d356d0ab7c9fb89822d532ed9/config/manager/manager.yaml#L79-L80 The secret is completely independent of image_pull_secrets and is completely dummy as a workaround to avoid kubelet to report errors.

Contexts:

• https://github.com/ansible/awx-operator/issues/922
• https://github.com/ansible/awx-operator/pull/952

This is valid RFE and it is preferable to have no dummy secrets, but there is no real harm if there is.

[Keith-Nowosielski-SJSU]

@dticknor1 F.Y.I., redhat-operators-pull-secret is for the Operator itself and not for any AWX related pods:

https://github.com/ansible/awx-operator/blob/6baf3a174d86d73d356d0ab7c9fb89822d532ed9/config/manager/manager.yaml#L79-L80

The secret is completely independent of image_pull_secrets and is completely dummy as a workaround to avoid kubelet to report errors. Contexts:

• redhat-operators-pull-secret is referenced but not created #922
• Pre-create dummy rh secret to avoid errors #952

This is valid RFE and it is preferable to have no dummy secrets, but there is no real harm if there is.

Are you sure? I'm currently trying to stand up new deployment (really migrate but I can't even get a new deployment up). I'm getting this issue.

Warning FailedToRetrieveImagePullSecret Pod/awx-operator-controller-manager- Unable to retrieve some image pull secrets (redhat-operators-pull-secret); attempting to pull the image may not succeed.