Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing ImagePullSecret in VolSync Jobs Causes imagePullBackOff Error #1457

Open
Sanjeeth8733 opened this issue Nov 15, 2024 · 1 comment
Open

Missing ImagePullSecret in VolSync Jobs Causes imagePullBackOff Error #1457

Sanjeeth8733 opened this issue Nov 15, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@Sanjeeth8733
Copy link

Sanjeeth8733 commented Nov 15, 2024
edited
Loading

Description:

The VolSync controller pod in the common namespace spawns jobs across both primary and secondary sites for replication. However, these spawned jobs lack an imagePullSecret, which leads to imagePullBackOff errors for the replicator pods as they fail to pull the required images.

Issue Details:

There is currently no Helm chart parameter that can be configured to inject imagePullSecret into the job specs spawned by the VolSync controller. This lack of customization prevents the job from accessing private images when required.

The existing workaround involves patching the service accounts utilized by these jobs to add the necessary imagePullSecret. While effective temporarily, this approach introduces manual intervention needs, especially during switchover events where the secondary site becomes the new primary, and source service accounts are recreated without the secret.

Suggested Solution:

We request a feature in the VolSync Helm chart to support injecting imagePullSecrets directly into the job specifications. This would eliminate the need for manual patches on service accounts.

Additional Information:

Documentation updates have been made to outline this workaround, but we are awaiting an official fix from the VolSync team to streamline the process.
@Sanjeeth8733 Sanjeeth8733 added the enhancement New feature or request label Nov 15, 2024
@tesshuflower
Copy link
Contributor

I think part of the issue with setting something in the helm charts is that VolSync is a cluster scoped operator and so setting some parameter such as a secret name may not apply to all namespaces.

If we want to set an image pull secret on any mover pod, that secret needs to exist in the namespace the replicationsource or replicationdestination CR is in.

Is there an issue with using your own service account? I think this is the best way to use your own imagepullsecret. It sounds like perhaps the issue is around trying to wait for volsync to create a service account and then patching it? You can actually create your own service account and then use this rather than having volsync create one. See info in the docs here: https://volsync.readthedocs.io/en/stable/usage/moverserviceaccount.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
VolSync project tracking
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Sanjeeth8733 @tesshuflower