XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Undefined
Fix Version/s: 26.2.4
Affects Version/s: None
Component/s: team/cloud-native
Labels:

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
RHBK-2913
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Before reporting an issue

[x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

operator

Describe the bug

`imagePullSecrets` not used in k8s Job for automatic rolling updates

Description

I’m trying to use the new automatic rolling updates feature introduced in the Keycloak Operator.

However, it seems that the imagePullSecrets defined in the Keycloak custom resource is not applied to the Kubernetes Job used by the operator to detect whether a rolling or recreate update is needed.

This leads to the detection Job failing with an image pull error when using a private image registry:

Failed to pull image "harbor.imio.be/common/keycloak:26.2.0-imio-0": failed to pull and unpack image "harbor.imio.be/common/keycloak:26.2.0-imio-0": failed to resolve reference "harbor.imio.be/common/keycloak:26.2.0-imio-0": pull access denied, repository does not exist or may require authorization: authorization failed: no basic auth credentials

Version

26.2.0

Regression

[ ] The issue is a regression

Expected behavior

The Job created by the operator to evaluate the rolling update strategy should inherit or use the same imagePullSecrets as defined in the Keycloak CR, to allow access to private registries.

Actual behavior

The k8s Job failing with an image pull error when using a private image registry

How to Reproduce?

The keycloak tenant YAML file I used:

apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:   name: staging-kc-apps
spec:   instances: 1
  image: harbor.imio.be/common/keycloak:26.2.0-imio-0
  imagePullSecrets:

name: harbor-secret
```
  update:
```
strategy: Auto
```
  db:
```
usernameSecret:
name: keycloak-apps-secret
key: db_username
passwordSecret:
name: keycloak-apps-secret
key: db_password
port: 5432
database: common_keycloak_apps
host: 10.7.121.7
vendor: postgres
```
  hostname:
```
hostname: https://keycloak-apps.cloud.imio-test.be
admin: https://admin.keycloak-apps.cloud.imio-test.be
```
  ingress:
```
enabled: false
```
  http:
```
httpEnabled: true
tlsSecret: keycloak-apps-secret-tls
```
  additionalOptions:
```
name: metrics-enabled
value: 'true'
```
  features:
```
enabled:
preview
```
  resources:
```
requests:
cpu: 500m
memory: 1700Mi
limits:
cpu: 1000m
memory: 2000Mi

Anything else?

Let me know if you need any additional information or testing on my side.

links to

Link to original GitHub issue

Assignee:: Unassigned

Reporter:: Pavel Vlha

Team:: Keycloak Cloud Native

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/05/13 1:20 PM

Updated:: 2025/05/13 4:02 PM

Resolved:: 2025/05/13 1:21 PM

Details

Description

Before reporting an issue

Area

Describe the bug

imagePullSecrets not used in k8s Job for automatic rolling updates

Description

Version

Regression

Expected behavior

Actual behavior

How to Reproduce?

Anything else?

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

`imagePullSecrets` not used in k8s Job for automatic rolling updates