OpenShift internal registry does not work when user set container registry credentials

[sparkoo]

Describe the bug

In case workspace has an image from OpenShift internal registry and at the same time user has defined some container registry credentials, workspace won't start with error Error reading manifest latest in image-registry.openshift-image-registry.svc:5000/crw-image/crw: unauthorized: authentication required'.

Analysis

The pull image credentials are defined in kubernetes with dockercfg secret (https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets) and it's set in Pod spec as imagePullSecrets (https://kubernetes.io/docs/concepts/configuration/secret/#using-imagepullsecrets). On OpenShift, when there is no imagePullSecrets defined, OpenShift will add the default one for the used ServiceAccount, so that it can authenticate against internal OpenShift registry. However, when there is at least one secret explicitly defined, OpenShift do nothing.

When user set container registry credentials, we put it into the workspace deployment and thus OpenShift does NOT add the default one for internal registry and we fail with unauthorized error.

I believe that fix will be to include the service account's dockercfg secret all the time in our code.

Che version

• latest

Steps to reproduce

The steps are nicely described here https://issues.redhat.com/browse/CRW-1925
One shortcut is to tag locally any docker image and push it into user's namespace registry, so you don't have to bother with permissions and build.

Expected behavior

Workspace should start with image from internal registry.

Runtime

• Openshift (include output of oc version)

Screenshots

Installation method

• chectl

Environment

• Cloud
  • rhpds

Eclipse Che Logs

Additional context

https://issues.redhat.com/browse/CRW-1925
devfile/devworkspace-operator#459