Note: Bundle images that require authentication to pull are handled by this method. Other images required by an Operator or its Operands might require access to private registries as well. OLM does not handle placing the secrets in target tenant namespaces for this scenario, but authentication credentials can be added to the global cluster pull secret or individual namespace service accounts to enable the required access. Alternatively, if providing access to the entire cluster is not permissible, the pull secret can be added to the default service accounts of the target tenant namespaces.
However, from this kube doc, it looks like the operator SA created takes priority over the default SA, and therefore the pull secretes patched on the default SA does not do anything.
This part of the doc says:
However, from this kube doc, it looks like the operator SA created takes priority over the default SA, and therefore the pull secretes patched on the default SA does not do anything.