Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Just let me specify imagePullSecret #381

Open
roy-work opened this issue Mar 12, 2024 · 3 comments
Open

Just let me specify imagePullSecret #381

roy-work opened this issue Mar 12, 2024 · 3 comments
Labels
O-community

Comments

@roy-work
Copy link

roy-work commented Mar 12, 2024
edited by cockroach-jira-scripts
Loading

Is your feature request related to a problem? Please describe.

In our k8s cluster, we use a private registry. There's already a secret in that cluster, let's call it the-pull-secret, with the pull secret.

All of the pre-existing pods use that secret; now we'd like to add Cockroach to that cluster. Unlike most other charts out there, which just permit specifying an imagePullSecret in their values.yaml, Cockroach instead does this:

      imagePullSecrets:
      {{- if .Values.image.credentials }}
        - name: {{ template "cockroachdb.fullname" . }}.db.registry
      {{- end }}

So … as written, this means I cannot use the secret I already have; its name will never match.

Worse … setting image.credentials means that the Helm chart now generates a Secret object. Many of us (myself included) are doing some form of IaC: we essentially commit Helm inputs (e.g., ArgoCD), and sometimes Helm outputs (e.g., Flux) to Git. This makes it really clear what's changing in k8s's state, and offers trivial rollbacks of bad deployments.

However, it means that there cannot be secrets in Helm values.yaml files, or in the output of the template. (It's fine if it's optional; as long as I have a means to not put it there.)

Describe the solution you'd like
We already have means to get secrets, such as the pull secret, securely to the cluster. (E.g., we use sealed-secrets.) I just need the chart to allow me to say "this secret, exactly" for the pull secret, and to not attempt to generate that secret.

Describe alternatives you've considered
N/A

Additional context
See also ArgoCD, Flux, sealed-secrets

Jira issue: CRDB-36651
@blathers-crl blathers[crl]
Copy link

blathers-crl bot commented Mar 12, 2024

Hello, I am Blathers. I am here to help you get the issue triaged.

I was unable to automatically find someone to ping.

If we have not gotten back to your issue within a few business days, you can try the following:

  • Join our community slack channel and ask on #cockroachdb.
  • Try find someone from here if you know they worked closely on the area and CC them.

🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.

@roy-work
Copy link
Author

(I'm also not able to find the source code to the Helm chart in this repository? Despite this being listed as the location of such by the chart itself, in its Chart.yaml, as fetched from the Helm repository.)

@jlinder
Copy link
Contributor

jlinder commented Mar 27, 2024

Hi @roy-work, the cockroach helm chart is located in https://github.com/cockroachdb/helm-charts. Since this issue is about the helm chart, I'm moving it to that repository.

@jlinder jlinder transferred this issue from cockroachdb/cockroach Mar 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
O-community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jlinder @roy-work