Open lihongbj opened 7 months ago
@lihongbj Is this related to issue #6692 when using 1.34.0
? Or is this a separate issue you see in 1.33.0
?
@acornett21 , thanks for your quick reply. This is a separate issue found in 1.33.0 and before version.
this could be related to https://kubernetes.io/docs/concepts/security/pod-security-admission/ are the pods in question actually being created?
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten /remove-lifecycle stale
Bug Report
What did you do?
Helm operator does not update CR child serviceaccount ImagePullSecret when operator watched CR ImagePullSecret changed.
I defined a CRD kong for helm chart Kong, and use helm operator to deploy it, and a watches.yaml is also defined to watch kong.
First the helm operator pod is deployed, and then a new CR instance
kong/gateway
without ImagePullSecret is created, so childserviceaccount/gateway-kong
and childpod/ gateway-kong
are created accordingly. Because no ImagePullSecret is provided in kong/gateway, so no ImagePullSecret is inserviceaccount/gateway-kong
and the pod is hang in stateImagePullBackOff
. Then ImagePullSecret is added forkong/gateway
, but theserviceaccount/gateway-kong
with owner tokong/gateway
is not updated accordingly. And no new text are logged in helm operator pod log for this change.What did you expect to see?
When ImagePullSecret is added/changed for
kong/gateway
, theserviceaccount/gateway-kong
with owner tokong/gateway
is update accordingly by helm operator and then the child podpod/ gateway-kong
is created and running without errorImagePullBackOff
.What did you see instead? Under which circumstances?
When ImagePullSecret is added/changed for
kong/gateway
, theserviceaccount/gateway-kong
with owner tokong/gateway
is NOT update accordingly by helm operator and the child podpod/ gateway-kong
is hang inImagePullBackOff
.pod list:
helm operator log:
Environment
Operator type:
Kubernetes cluster type:
$ operator-sdk version
$ go version
(if language is Go) go: 1.21.7.$ kubectl version
Possible Solution
Additional context