matheusfm
commented
3 weeks ago Hi @recroutgr, Thank you for your detailed feature request. It makes sense and we understand the need for this enhancement. We'll take a closer look into it. Contributions are always welcome.
Feature Description
We want to have a possibility to inject imagePullSecrets values into scanning CroJob definitions (marvin, popeye and trivy). Currently, helm values for imagePullSecrets filed is injected only in Deployment for zora-operator.
Is your feature request related to a problem?
We want to use a private registry for all images related to the Zora project. For that we need to use imagePullSecrets. In values file of Zora helm chart we found a field responsible for that - https://github.com/undistro/zora/blob/98e8e91efa170f7dfa7afc026785606608ac418a/charts/zora/values.yaml#L57 But apparently it works only for zora-operator deployment, not for scan jobs (marvin, popeye, trivy). We also found out that CRD for clusterscan object (from which render of cronjob happens from my understanding - https://github.com/undistro/zora/blob/v0.8.4/charts/zora/crds/zora.undistro.io_plugins.yaml ) doesn't even have imagePullSecrets field, so it's not possible to add it there manually without editing the codebase. Therefore, cluster cannot pull images from private registry to run scans and corresponding pods go into CrashLoopBackOff state.
What alternatives have you considered?
We haven't found any other way to inject imagePullSecret field into scan definition (CronJob/Job/Pod) without external interventions. We came up with temporary solution: We use mutations inside Zora namespace to inject imagePullSecrets values into CronJobs definition. It works well but it's still a workaround.