Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to pass imagePullSecrets for the mover pods #1296

Open
dheerajjoshim opened this issue Jun 6, 2024 · 5 comments
Open

Unable to pass imagePullSecrets for the mover pods #1296

dheerajjoshim opened this issue Jun 6, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@dheerajjoshim
Copy link

Describe the bug
Mover pods fail with an ErrImagePull error when the images are present in the secure registry. VolSync controller exposes the imagePullSecrets variable in the helm chart. However the same is not used while creating the jobs during the reconciliation.

Steps to reproduce
Use secure registries to deploy the VolSync controller and mover pods

Expected behaviour
Either one of the following

  • The imagePullSecrets specified during the controller deployment is reused during the mover job creation.
  • The imagePullSecrets specified during the controller deployment is reused during the mover service account creation.
  • A separate environment variable to pass the imagePullSecrets to the controller which can then be used while creating the jobs.

Additional context
The workaround is to add an image pull secret to the mover service accounts after the job creation. The pod will eventually be up and running.
@dheerajjoshim dheerajjoshim added the bug Something isn't working label Jun 6, 2024
@tesshuflower
Copy link
Contributor

hi @dheerajjoshim thanks we will have to see whether we should expose this as an option on the replicationsource/dest or not. Getting the imagePullSecrets from the controller itself may not work as the secrets need to be local to the namespace the mover pod runs in.

One thing you can do right now if you don't want to modify the serviceaccount after it's created by volsync is to use your own.

Each mover spec has a moverServiceAccount field you can use if you want to use your own service account instead of VolSync creating it for you.

@dheerajjoshim
Copy link
Author

@tesshuflower Yes. Maybe reusing the secret from the VolSync controller namespace is not possible in all cases.

That said, I wasn't aware of the moverServiceAccount configuration of the replicators. Seems like it is missing in the documentation. I can't find anything related to it in the docs

@tesshuflower
Copy link
Contributor

I think it may not have been documented as it was originally added for an internal use-case. Nonetheless, you can still use it if you wish. Each spec.[movertype]. section has a moverServiceAccount field, for example here for restic:

volsync/config/crd/bases/volsync.backube_replicationsources.yaml

Line 676 in e40dad2

moverServiceAccount:

tesshuflower added a commit to tesshuflower/volsync that referenced this issue Jun 12, 2024
@tesshuflower
document moverServiceAccount
81bac26 
For: backube#1296

Signed-off-by: Tesshu Flower <[email protected]>
@tesshuflower tesshuflower mentioned this issue Jun 12, 2024
Merged
@tesshuflower
Copy link
Contributor

@dheerajjoshim I've created a PR to add info about the moverServiceAccount to the documentation (#1303).

You can see the docs built in the PR here: https://volsync--1303.org.readthedocs.build/en/1303/usage/moverserviceaccount.html

Could you let me know if you have any feedback? Anything missing when it comes to your scenario?

@dheerajjoshim
Copy link
Author

Hi @tesshuflower
The documentation changes look good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
VolSync project tracking
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dheerajjoshim @tesshuflower