8000 Keycloak operator with update strategy to Auto: missing imagePullSecrets · Issue #39015 · keycloak/keycloak · GitHub 8000
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Keycloak operator with update strategy to Auto: missing imagePullSecrets #39015
New issue
New issue
Closed
#39032
Closed
Keycloak operator with update strategy to Auto: missing imagePullSecrets#39015
#39032
Assignees
shawkins
Labels
area/operatorKeycloak.X Operatorkind/bugCategorizes a PR related to a bugpriority/normalrelease/26.2.1release/26.3.0status/auto-bumpstatus/auto-expireteam/cloud-native
@alexnuttinck

Description

@alexnuttinck
alexnuttinck
opened on Apr 16, 2025

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

operator

Describe the bug

imagePullSecrets not used in k8s Job for automatic rolling updates

Description

I’m trying to use the new automatic rolling updates feature introduced in the Keycloak Operator.

However, it seems that the imagePullSecrets defined in the Keycloak custom resource is not applied to the Kubernetes Job used by the operator to detect whether a rolling or recreate update is needed.

This leads to the detection Job failing with an image pull error when using a private image registry:

Failed to pull image "harbor.imio.be/common/keycloak:26.2.0-imio-0": failed to pull and unpack image "harbor.imio.be/common/keycloak:26.2.0-imio-0": failed to resolve reference "harbor.imio.be/common/keycloak:26.2.0-imio-0": pull access denied, repository does not exist or may require authorization: authorization failed: no basic auth credentials

Version

26.2.0

Regression

  • The issue is a regression

Expected behavior

The Job created by the operator to evaluate the rolling update strategy should inherit or use the same imagePullSecrets as defined in the Keycloak CR, to allow access to private registries.

Actual behavior

The k8s Job failing with an image pull error when using a private image registry

How to Reproduce?

The keycloak tenant YAML file I used:

apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
  name: staging-kc-apps
spec:
  instances: 1
  image: harbor.imio.be/common/keycloak:26.2.0-imio-0
  imagePullSecrets:
    - name: harbor-secret
  update:
    strategy: Auto 
  db:
    usernameSecret:
      name: keycloak-apps-secret
      key: db_username
    passwordSecret:
      name: keycloak-apps-secret
      key: db_password
    port: 5432
    database: common_keycloak_apps
    host: 10.7.121.7
    vendor: postgres
  hostname:
    hostname: https://keycloak-apps.cloud.imio-test.be
    admin: https://admin.keycloak-apps.cloud.imio-test.be
  ingress:
    enabled: false
  http:
    httpEnabled: true
    tlsSecret: keycloak-apps-secret-tls
  additionalOptions:
    - name: metrics-enabled 
      value: 'true'
  features:
    enabled:
      - preview
  resources:
    requests:
      cpu: 500m
      memory: 1700Mi
    limits:
      cpu: 1000m
      memory: 2000Mi

Anything else?

Let me know if you need any additional information or testing on my side.

Metadata

Metadata

Assignees

Labels

area/operatorKeycloak.X Operatorkind/bugCategorizes a PR related to a bugpriority/normalrelease/26.2.1release/26.3.0status/auto-bumpstatus/auto-expireteam/cloud-native

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    0