Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing ServiceAccountName configuration for secret-splunk-validation-hook pod #780

Closed
philipsabri opened this issue May 9, 2023 · 1 comment · Fixed by #781
Closed

Missing ServiceAccountName configuration for secret-splunk-validation-hook pod #780

philipsabri opened this issue May 9, 2023 · 1 comment · Fixed by #781
Assignees
@philipsabri
Labels
bug Something isn't working

Comments

@philipsabri
Copy link
Contributor

Describe the issue you're reporting

Hi, I believe we're missing the ServiceAccountName configuration for the secret-splunk-validation-hook pod. Is there a reason it hasn't been added to the pod?

Since the imagePullSecrets are added to the ServiceAccount, it would be helpful to use it on the hook pod when pulling the image from a private registry.
@philipsabri philipsabri mentioned this issue May 9, 2023
Merged
@jvoravong jvoravong added the bug Something isn't working label May 9, 2023
@omrozowicz-splunk omrozowicz-splunk mentioned this issue Aug 3, 2023
Merged
@jvoravong jvoravong mentioned this issue Aug 9, 2023
Closed
@jvoravong jvoravong reopened this Aug 9, 2023
@jvoravong
Copy link
Contributor

Sorry I didn't notice automation closed this ticket.

Updates:

  • Verified in the latest version of OpenShift using the default service account works with the validation hook pod, I was concerned it wouldn't since they have higher security standards.
  • Created the potential solution I was thinking of (link above) for this issue. While this solution would work I did find some drawbacks and don't think this is the way to go at this time. We might need it in the future.
  • After more research, I do think we can go forward with the following fix.
    • Remove the service account in the validation hook
    • If the user provided imagePullSecrets, add them to the validation hook pod spec.
    • @omrozowicz-splunk feel free to tackle this if you have time.

@jvoravong jvoravong mentioned this issue Aug 15, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@philipsabri philipsabri

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add ServiceAccountName to secret-splunk-validation-hook pod philipsabri/splunk-otel-collector-chart
2 participants
@philipsabri @jvoravong