Story

As an operator user trying to deploy RHDH on a non-Openshift cluster like EKS, I want to be able to specify the image pull secrets to use for the Database, so that I can run RHDH with the supported PostgreSQL image coming from registry.redhat.io and which requires authentication. The downstream bundle of the RHDH operator uses a PostgreSQL image coming from registry.redhat.com and I want to be able to use that image as well.

At this time, the Custom Resource allows me to specify image pull secrets, but those will be applied to the main Backstage pod only, not the database:

$ cat .asoro/aws-eks-cr-non-olm.yaml
apiVersion: rhdh.redhat.com/v1alpha1
kind: Backstage
metadata:
 # TODO: this the name of your RHDH instance
  name: my-rhdh
spec:
  application:
    imagePullSecrets:
    - "rhdh-pull-secret"
    route:
      enabled: false 
  database:
    # DB is enabled by default, but I cannot specify image pull secrets
    enableLocalDb: true

Acceptance Criteria (Proposal)

• Similar to the spec.application.imagePullSecrets field in the CR, add a new spec.database.imagePullSecrets field in the CR
• Make sure this new field is reconciled properly

Notes

• A possible workaround is to patch the operator config ConfigMap to add the image pull secrets to the "db-statefulset.yaml" key directly, but this will affect all instances managed by the operator. Furthermore, we need to make sure such manual configuration is not overwritten when the operator is upgraded.
• Another possible workaround is to manually patch the default service account of the namespace where RHDH is installed to add the required image pull secrets, like below. The problem is that this affects all resources created in that namespace and making use of that default service account.

$ kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "rhdh-pull-secret"}]}' -n my-rhdh