search

redpanda-data / helm-charts

Redpanda Helm Chart
http://redpanda.com
Apache License 2.0
77 stars 96 forks source link

Redpanda console not using imagePullsecrets #1579

Closed bck01215 closed 2 weeks ago

bck01215 commented 3 weeks ago

What happened?

Image pull secrets not applied to console deployments

What did you expect to happen?

Image pull secrets to be applied to all pods created by helm

How can we reproduce it (as minimally and precisely as possible)?. Please include values file.

```yaml COMPUTED VALUES: affinity: {} auditLogging: clientMaxBufferSize: 16777216 enabled: false enabledEventTypes: null excludedPrincipals: null excludedTopics: null listener: internal partitions: 12 queueDrainIntervalMs: 500 queueMaxBufferSizePerShard: 1048576 replicationFactor: null auth: sasl: bootstrapUser: mechanism: SCRAM-SHA-256 enabled: false mechanism: SCRAM-SHA-512 secretRef: redpanda-users users: [] clusterDomain: cluster.local commonLabels: {} config: cluster: {} node: crash_loop_limit: 5 pandaproxy_client: {} rpk: {} schema_registry_client: {} tunable: compacted_log_segment_size: 67108864 kafka_connection_rate_limit: 1000 log_segment_size_max: 268435456 log_segment_size_min: 16777216 max_compacted_log_segment_size: 536870912 connectors: auth: sasl: enabled: false mechanism: scram-sha-512 secretRef: "" userName: "" commonLabels: {} connectors: additionalConfiguration: "" bootstrapServers: "" brokerTLS: ca: secretNameOverwrite: "" secretRef: "" cert: secretNameOverwrite: "" secretRef: "" enabled: false key: secretNameOverwrite: "" secretRef: "" groupID: connectors-cluster producerBatchSize: 131072 producerLingerMS: 1 restPort: 8083 schemaRegistryURL: "" secretManager: connectorsPrefix: "" consolePrefix: "" enabled: false region: "" storage: remote: read: config: false offset: false status: false write: config: false offset: false status: false replicationFactor: config: -1 offset: -1 status: -1 topic: config: _internal_connectors_configs offset: _internal_connectors_offsets status: _internal_connectors_status container: javaGCLogEnabled: "false" resources: javaMaxHeapSize: 2G limits: cpu: "1" memory: 2350Mi request: cpu: "1" memory: 2350Mi securityContext: allowPrivilegeEscalation: false deployment: annotations: {} budget: maxUnavailable: 1 create: false extraEnv: [] extraEnvFrom: [] livenessProbe: failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 nodeAffinity: {} nodeSelector: {} podAffinity: {} podAntiAffinity: custom: {} topologyKey: kubernetes.io/hostname type: hard weight: 100 priorityClassName: "" progressDeadlineSeconds: 600 readinessProbe: failureThreshold: 2 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 3 timeoutSeconds: 5 restartPolicy: Always revisionHistoryLimit: 10 schedulerName: "" securityContext: fsGroup: 101 fsGroupChangePolicy: OnRootMismatch runAsUser: 101 strategy: type: RollingUpdate terminationGracePeriodSeconds: 30 tolerations: [] topologySpreadConstraints: - maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: ScheduleAnyway enabled: false fullnameOverride: "" global: {} image: pullPolicy: IfNotPresent repository: docker.redpanda.com/redpandadata/connectors tag: "" imagePullSecrets: [] logging: level: warn monitoring: annotations: {} enabled: false labels: {} namespaceSelector: any: true scrapeInterval: 30s nameOverride: "" service: annotations: {} name: "" ports: - name: prometheus port: 9404 serviceAccount: annotations: {} create: false name: "" storage: volume: - emptyDir: medium: Memory sizeLimit: 5Mi name: rp-connect-tmp volumeMounts: - mountPath: /tmp name: rp-connect-tmp test: create: false tolerations: [] console: affinity: {} annotations: {} automountServiceAccountToken: true autoscaling: enabled: false maxReplicas: 100 minReplicas: 1 targetCPUUtilizationPercentage: 80 commonLabels: {} config: kafka: brokers: - redpanda-0.redpanda.redpanda.svc.cluster.local.:9093 - redpanda-1.redpanda.redpanda.svc.cluster.local.:9093 - redpanda-2.redpanda.redpanda.svc.cluster.local.:9093 sasl: enabled: false schemaRegistry: enabled: true tls: caFilepath: /mnt/cert/schemaregistry/default/ca.crt certFilepath: "" enabled: true insecureSkipTlsVerify: false keyFilepath: "" urls: - https://redpanda-0.redpanda.redpanda.svc.cluster.local.:8081 - https://redpanda-1.redpanda.redpanda.svc.cluster.local.:8081 - https://redpanda-2.redpanda.redpanda.svc.cluster.local.:8081 tls: caFilepath: /mnt/cert/kafka/default/ca.crt certFilepath: "" enabled: true insecureSkipTlsVerify: false keyFilepath: "" redpanda: adminApi: enabled: true tls: caFilepath: /mnt/cert/adminapi/default/ca.crt certFilepath: "" enabled: true insecureSkipTlsVerify: false keyFilepath: "" urls: - https://redpanda.redpanda.svc.cluster.local.:9644 configmap: create: false console: config: {} deployment: create: false enabled: true enterprise: licenseSecretRef: key: "" name: "" extraContainers: [] extraEnv: [] extraEnvFrom: [] extraVolumeMounts: [] extraVolumes: [] fullnameOverride: "" global: {} image: pullPolicy: IfNotPresent registry: docker.redpanda.com repository: redpandadata/console tag: "" imagePullSecrets: [] ingress: annotations: {} enabled: false hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] initContainers: extraInitContainers: "" livenessProbe: failureThreshold: 3 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 nameOverride: "" nodeSelector: {} podAnnotations: checksum-redpanda-chart/config: ab4d0a5d0092e822da4d61941d4c8b49bd9202d2baa598cd791929bc8c15255f podLabels: {} podSecurityContext: fsGroup: 99 runAsUser: 99 priorityClassName: "" readinessProbe: failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 replicaCount: 1 resources: {} secret: create: false enterprise: {} kafka: {} login: github: {} google: {} jwtSecret: "" oidc: {} okta: {} redpanda: adminApi: {} secretMounts: [] securityContext: runAsNonRoot: true service: annotations: {} port: 8080 type: ClusterIP serviceAccount: annotations: {} automountServiceAccountToken: true create: true name: "" strategy: {} tests: enabled: true tolerations: [] topologySpreadConstraints: [] enterprise: license: "" licenseSecretRef: {} external: annotations: io.cilium/lb-ipam-ips: 10.253.5.33 enabled: true service: enabled: true type: LoadBalancer fullnameOverride: "" image: pullPolicy: IfNotPresent repository: docker.redpanda.com/redpandadata/redpanda tag: "" imagePullSecrets: - name: docker-auth license_key: "" license_secret_ref: {} listeners: admin: external: default: advertisedPorts: - 31644 port: 9645 tls: cert: external port: 9644 tls: cert: default requireClientAuth: false http: authenticationMethod: null enabled: true external: default: advertisedPorts: - 30082 authenticationMethod: null port: 8083 tls: cert: external requireClientAuth: false kafkaEndpoint: default port: 8082 tls: cert: default requireClientAuth: false kafka: authenticationMethod: null external: default: advertisedPorts: - 31092 authenticationMethod: null port: 9094 tls: cert: external port: 9093 tls: cert: default requireClientAuth: false rpc: port: 33145 tls: cert: default requireClientAuth: false schemaRegistry: authenticationMethod: null enabled: true external: default: advertisedPorts: - 30081 authenticationMethod: null port: 8084 tls: cert: external requireClientAuth: false kafkaEndpoint: default port: 8081 tls: cert: default requireClientAuth: false logging: logLevel: info usageStats: enabled: true monitoring: enabled: false labels: {} scrapeInterval: 30s nameOverride: "" nodeSelector: kafka: "true" post_install_job: affinity: {} enabled: true podTemplate: annotations: {} labels: {} spec: containers: - env: [] name: post-install securityContext: {} securityContext: {} rackAwareness: enabled: false nodeAnnotation: topology.kubernetes.io/zone rbac: annotations: {} enabled: false resources: cpu: cores: 8 memory: container: max: 24Gi serviceAccount: annotations: {} create: false name: "" statefulset: additionalRedpandaCmdFlags: [] additionalSelectorLabels: {} annotations: {} budget: maxUnavailable: 1 extraVolumeMounts: "" extraVolumes: "" initContainerImage: repository: busybox tag: latest initContainers: configurator: extraVolumeMounts: "" resources: {} extraInitContainers: "" fsValidator: enabled: false expectedFS: xfs extraVolumeMounts: "" resources: {} setDataDirOwnership: enabled: false extraVolumeMounts: "" resources: {} setTieredStorageCacheDirOwnership: extraVolumeMounts: "" resources: {} tuning: extraVolumeMounts: "" resources: {} livenessProbe: failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 nodeSelector: {} podAffinity: {} podAntiAffinity: custom: {} topologyKey: kubernetes.io/hostname type: hard weight: 100 podTemplate: annotations: {} labels: {} spec: containers: - env: [] name: redpanda securityContext: {} securityContext: {} priorityClassName: "" readinessProbe: failureThreshold: 3 initialDelaySeconds: 1 periodSeconds: 10 successThreshold: 1 replicas: 3 securityContext: fsGroup: 101 fsGroupChangePolicy: OnRootMismatch runAsUser: 101 sideCars: configWatcher: enabled: true extraVolumeMounts: "" resources: {} securityContext: {} controllers: createRBAC: true enabled: false healthProbeAddress: :8085 image: repository: docker.redpanda.com/redpandadata/redpanda-operator tag: v2.2.4-24.2.5 metricsAddress: :9082 resources: {} run: - all securityContext: {} startupProbe: failureThreshold: 120 initialDelaySeconds: 1 periodSeconds: 10 terminationGracePeriodSeconds: 90 tolerations: [] topologySpreadConstraints: - maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: ScheduleAnyway updateStrategy: type: RollingUpdate storage: hostPath: /opt/redpanda/data persistentVolume: annotations: {} enabled: true labels: {} nameOverwrite: "" size: 800Gi storageClass: local-path tiered: config: cloud_storage_cache_size: 5368709120 cloud_storage_enable_remote_read: true cloud_storage_enable_remote_write: true cloud_storage_enabled: false credentialsSecretRef: accessKey: configurationKey: cloud_storage_access_key secretKey: configurationKey: cloud_storage_secret_key hostPath: "" mountType: emptyDir persistentVolume: annotations: {} labels: {} storageClass: "" tests: enabled: true tls: certs: default: caEnabled: true external: caEnabled: true default: caEnabled: false issuerRef: kind: ClusterIssuer name: letsencrypt-prod enabled: true tolerations: [] tuning: tune_aio_events: true ```

Anything else we need to know?

No response

Which are the affected charts?

No response

Chart Version(s)

```console ❯ helm -n redpanda list NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION redpanda redpanda 1 2024-10-24 16:20:29.339074 -0400 EDT deployed redpanda-5.9.7 v24.2.7 ```

Cloud provider

JIRA Link: K8S-404

RafalKorepta commented 2 weeks ago

@bck01215 I see the confusion. As far as I can see you provided the following values.

imagePullSecrets:
  - name: docker-auth

That imagePullSecrets is not passed to subcharts. If you would like to use that docker-auth credentials to Console and Connectors subchart you should add the following values to your helm chart values.

imagePullSecrets:
- name: docker-auth
console:
  imagePullSecrets:
  - name: docker-auth

If you will find any problem with that please re-open this issue.