You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
Overview of the Issue
consul-k8s/charts/consul/templates/gateway-resources-serviceaccount.yaml is missing imagePullSecrets, which breaks the usage of private docker registries, as the Gateway Resources Job cannot pull the consul-k8s-control-plane image from private registries without these secrets.
Note, other service accounts do include the imagePullSecrets, and therefore other pods can successfully pull from the private registry.
Reproduction Steps
Run a helm install with the following values.yaml file:
The <release-name>-gateway-resources job cannot launch containers, as it cannot pull the image from the private registry, due to missing imagePullSecrets on the service account the job uses.
Logs
The container cannot produce logs as it doesn't start, so kubernetes events for the pod from command kubectl -n consul describe pod consul-gateway-resources-2fz5z are provided:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 53m default-scheduler Successfully assigned consul/consul-gateway-resources-2fz5z to k8s05
Normal Pulling 52m (x4 over 53m) kubelet Pulling image "<private-registry>.com/dockerhub/hashicorp/consul-k8s-control-plane:latest"
Warning Failed 52m (x4 over 53m) kubelet Failed to pull image "<private-registry>.com/dockerhub/hashicorp/consul-k8s-control-plane:latest": failed to pull and unpack image "<private-registry>.com/dockerhub/hashicorp/consul-k8s-control-plane:latest": failed to resolve reference "<private-registry>.com/dockerhub/hashicorp/consul-k8s-control-plane:latest": pull access denied, repository does not exist or may require authorization: authorization failed: no basic auth credentials
Warning Failed 52m (x4 over 53m) kubelet Error: ErrImagePull
Warning Failed 51m (x6 over 53m) kubelet Error: ImagePullBackOff
Normal BackOff 3m24s (x218 over 53m) kubelet Back-off pulling image "<private-registry>.com/dockerhub/hashicorp/consul-k8s-control-plane:latest"
Expected behavior
The helm install can successfully pull images from the private registry, and run the gateway-resources job.
Environment details
Kubernetes version: v1.29.3
Cluster: Self-hosted, built using kubeadm
The text was updated successfully, but these errors were encountered:
Additionally, a similar problem occurs after adding the CR API Gateway if we have images in a private registry:
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: api-gateway
namespace: consul
spec:
gatewayClassName: consul
listeners:
...
Once you add it, it creates itself
ServiceAccount and deployment pointing to the ServiceAccount that invokes the pods of a given API Gateway. In the above ServiceAccount is also missing imagePullSecrets
Init Container (consul-connect-inject-init) can't pull image from private registry.
Community Note
Overview of the Issue
consul-k8s/charts/consul/templates/gateway-resources-serviceaccount.yaml
is missingimagePullSecrets
, which breaks the usage of private docker registries, as the Gateway Resources Job cannot pull theconsul-k8s-control-plane
image from private registries without these secrets.Note, other service accounts do include the
imagePullSecrets
, and therefore other pods can successfully pull from the private registry.Reproduction Steps
values.yaml
file:<release-name>-gateway-resources
job cannot launch containers, as it cannot pull the image from the private registry, due to missing imagePullSecrets on the service account the job uses.Logs
The container cannot produce logs as it doesn't start, so kubernetes events for the pod from command
kubectl -n consul describe pod consul-gateway-resources-2fz5z
are provided:Expected behavior
The helm install can successfully pull images from the private registry, and run the gateway-resources job.
Environment details
The text was updated successfully, but these errors were encountered: