postgres-operator icon indicating copy to clipboard operation
postgres-operator copied to clipboard
verified publisher icon zalando

Operator does not use pod_service_account_definition for creating service account for the Cluster

Open thanasis-liapis opened this issue 1 year ago • 2 comments

Please, answer some short questions which should help us to understand your problem / question better?

  • Which image of the operator are you using? e.g. registry.opensource.zalan.do/acid/postgres-operator:v1.11.0
    • operator:v1.10.1
  • Where do you run it - cloud or metal? Kubernetes or OpenShift? [AWS K8s | GCP ... | Bare Metal K8s]
    • Kubernetes on OpenStack Cloud
  • Are you running Postgres Operator in production? [yes | no]
    • Not yet
  • Type of issue? [Bug report, question, feature request, etc.]
    • Bug report??

Some general remarks when posting a bug report:

  • Please, check the operator, pod (Patroni) and postgresql logs first. When copy-pasting many log lines please do it in a separate GitHub gist together with your Postgres CRD and configuration manifest.
  • If you feel this issue might be more related to the Spilo docker image or Patroni, consider opening issues in the respective repos.

Dear contributors of the operator,

I am trying to create an automated deployment using the postgres operator for PostgreSQL clusters. The K8S cluster I am running in has several security policies I have to overcome. One of them is the use of internal repositories to download my images. These internal repos require authentication/autorization, so I am required to use imagePullSecrets for the Postgresql cluster's pods. After several tries in the operator, I realized that it does not support using imagePullSecrets setting for the cluster (resource kind: postgres). So, alternatively, I thought of using the service account used for creating the cluster, and adding to this account's definition the imagePullSecrets setting. I tried to do this by the pod_service_account_definition setting of the operator. However, I again saw that for some reason, this setting is not used. Instead, regardless of what I put there, the service account created and used for the cluster is pgzalando-pod-sa which I cannot find where it is set.

Please, could someone elaborate and indicate where this name is set and how can I use the pod_service_account_definition so I can enable imagePullSecrets?

Any further information at your disposal.

Thank you in advance!

thanasis-liapis avatar Apr 10 '24 09:04 thanasis-liapis

Same for operator v1.11.0

thanasis-liapis avatar Apr 10 '24 13:04 thanasis-liapis

https://github.com/zalando/postgres-operator/issues/2721#issuecomment-2277764377 see here this is working in our side with newest and also older versions

teimyBr avatar Aug 09 '24 21:08 teimyBr