Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DevWorkspace operator should not ignore SA dockercon if additional pullSecret is configured #459

Closed
sleshchenko opened this issue Jun 16, 2021 · 2 comments
Closed

DevWorkspace operator should not ignore SA dockercon if additional pullSecret is configured #459

sleshchenko opened this issue Jun 16, 2021 · 2 comments
Assignees
@JPinkney
Labels
sprint/current Is assigned to issues which are planned to work on in the current team sprint
Milestone
v0.9.0

Comments

@sleshchenko
Copy link
Member

Issue is well described in https://issues.redhat.com/browse/CRW-1925
The main idea - after users configures pull secret, they are not able to use internal registry without adding explicitly SA token into that pull secret.

I suppose it's not handled in DWO as well, so DWO should mount additional pull secret in addition to workspace SA dockerconf but not instead.
@sparkoo
Copy link
Member

sparkoo commented Jun 17, 2021

Issue is that when we don't define imagePullSecret for the workspace deployment, OpenShift adds default one for the service account. That's why OpenShift registry works at first. Once we define custom user imagePullSecret, OpenShift does not add it's default one, thus we cannot authenticate against openshift registry anymore.

The code responsible for provisioning image pull secrets lives here https://github.com/eclipse-che/che-server/blob/main/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/ImagePullSecretProvisioner.java#L66 and combined into deployment here https://github.com/eclipse-che/che-server/blob/main/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/environment/PodMerger.java#L74. It is possible to define multiple pull secrets for the deployment, so I think we should be able to always include the che-workspace SA dockerfcg secret in the deployment.

@sparkoo sparkoo mentioned this issue Jun 18, 2021
Closed
5 tasks
@sleshchenko sleshchenko mentioned this issue Jul 28, 2021
Closed
7 tasks
@sleshchenko sleshchenko added sprint/current Is assigned to issues which are planned to work on in the current team sprint and removed sprint/next labels Jul 29, 2021
@sleshchenko sleshchenko added this to the v0.9.0 milestone Jul 29, 2021
@sleshchenko sleshchenko mentioned this issue Aug 26, 2021
Closed
1 task
@JPinkney JPinkney mentioned this issue Aug 30, 2021
Merged
3 tasks
@sleshchenko
Copy link
Member Author

fixed by #566

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JPinkney JPinkney

Labels
sprint/current Is assigned to issues which are planned to work on in the current team sprint
Projects
None yet
Milestone
v0.9.0
Development

No branches or pull requests
3 participants
@sparkoo @sleshchenko @JPinkney