OLM doesn't add imagePullSecrets value to the operator service account after upgrading to SDK 1.34.1

rahulsb commented 4 weeks ago

Bug Report

We recently upgraded to SDK 1.34.1 and observed that the service account created by the OLM after installing the operator on kubernetes cluster (v1.27) doesn't have the imagePullSecrets value defined.

In the service account definition file located at operator/config/rbac/service_account.yaml , it has imagePullSecret defined correctly.

What did you do?

Upgraded operator code to SDK 1.34.1, K8s v1.29 and Go 1.21.9 .

What did you expect to see?

Operator should be able to create serviceAccount as defined in the source file in operator/config/rbac/service_account.yaml

What did you see instead? Under which circumstances?

Operator creates the serviceAccount however it doesn't have the imagePullSecret key value defined.

Environment

Operator SDK v1.31.4 Go: 1.21.9 Operator K8s version: 1.29

Operator type: Go operator /language go

Kubernetes cluster type:

Test environment : IBM Kubernetes service v1.27

$ operator-sdk version

operator-sdk version: "v1.34.1", commit: "edaed1e5057db0349568e0b02df3743051b54e68", kubernetes version: "1.28.0", go version: "go1.21.7", GOOS: "linux", GOARCH: "amd64"

$ go version (if language is Go)

go version go1.21.9 linux/amd64

$ kubectl version

Possible Solution

Additional context

acornett21 commented 4 weeks ago

HI @rahulsb Does the file in /bundle have the imagePullSecrets?

rahulsb commented 3 weeks ago

HI @rahulsb Does the file in /bundle have the imagePullSecrets?

@acornett21 Which file in bundle should have it ? I do not see service_account.yaml in bundle folder. I see manifests and metadata folder. And manifests contains CRD,CSV, configMap and webhook service files

acornett21 commented 3 weeks ago

Is this for the controllers service account? Or an additional service account?

rahulsb commented 3 weeks ago

Is this for the controllers service account? Or an additional service account?

it's Controller service account.

acornett21 commented 3 weeks ago

Since there is no SA file in the bundle for the controller this is by design, you have two options:

Add imagePullSecrets to you CSV that references a Secret (Secrets are an allowed type in a bundle, though I don't recommend this)
You can create an additional Service Account, and have that included in the bundle, then use kustomize to swap that out in the CSV.

Most operator authors go with the first option. Hope this helps.

operator-framework / operator-sdk