Fix inconsistent imagePullSecrets inputs

rappizs commented 1 year ago

Description

Fixes https://github.com/banzaicloud/koperator/issues/999

Type of Change

[x] Bug Fix

Checklist

[x] I have read the contributing guidelines
[x] Existing issues have been referenced (where applicable)
[x] I have verified this change is not present in other open pull requests
[x] Functionality is documented
[x] All code style checks pass
[x] New code contribution is covered by automated tests
[x] All new and existing tests pass

CLAassistant commented 1 year ago

All committers have signed the CLA.

bartam1 commented 1 year ago

LGTM but is there any reason why we need both? I mean adding imagePullSecret in deployment and serviceaccount same time.

rappizs commented 1 year ago

LGTM but is there any reason why we need both?

The Deployment is for the kafka-operator itself and the ServiceAccount is for the Prometheus auth proxy. As far as I understand the Deployment uses a different ServiceAccount. Correct me @pregnor if I'm wrong.

pregnor commented 1 year ago

LGTM but is there any reason why we need both?

The Deployment is for the kafka-operator itself and the ServiceAccount is for the Prometheus auth proxy. As far as I understand the Deployment uses a different ServiceAccount. Correct me @pregnor if I'm wrong.

https://github.com/banzaicloud/koperator/blob/4b4ea64892334f1cd6c8d07f5bcb9f372ab4cbce/charts/kafka-operator/templates/authproxy-rbac.yaml#L11 https://github.com/banzaicloud/koperator/blob/4b4ea64892334f1cd6c8d07f5bcb9f372ab4cbce/charts/kafka-operator/templates/_helpers.tpl#L48 https://github.com/banzaicloud/koperator/blob/7edcd84cef2c267bb8c788c7278e1ab57f55dfc5/charts/kafka-operator/values.yaml#L74 This is the kafka-operator-authproxy serviceAccount we are giving access to the images.

The other place for the imagePullSecret is at the Koperator deployment: https://github.com/banzaicloud/koperator/blob/4b4ea64892334f1cd6c8d07f5bcb9f372ab4cbce/charts/kafka-operator/templates/operator-deployment-with-webhook.yaml#L139 But the serviceAccount used there is different: https://github.com/banzaicloud/koperator/blob/4b4ea64892334f1cd6c8d07f5bcb9f372ab4cbce/charts/kafka-operator/templates/operator-deployment-with-webhook.yaml#L143 https://github.com/banzaicloud/koperator/blob/4b4ea64892334f1cd6c8d07f5bcb9f372ab4cbce/charts/kafka-operator/templates/_helpers.tpl#L37 which is kafka-operator: https://github.com/banzaicloud/koperator/blob/4b4ea64892334f1cd6c8d07f5bcb9f372ab4cbce/charts/kafka-operator/values.yaml#L38.

So we need the imagePullSecrets definition at both places.

banzaicloud / koperator