Uploaded image for project: 'Red Hat Developer Hub Bugs'
  1. Red Hat Developer Hub Bugs
  2. RHDHBUGS-1824

Sidecar containers (like oauth2-proxy) not working, because Operator overrides image for all containers

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 1.2
    • None
    • Operator
    • 3
    • False
    • Hide

      None

      Show
      None
    • True
    • Hide
      Fixed https://issues.redhat.com/browse/RHIDP-1701.
      It was not possible to make Sidecar containers work if override RHDH image using RELATED_IMAGE_*` environment variable or spec.application.image.
      Show
      Fixed https://issues.redhat.com/browse/RHIDP-1701 . It was not possible to make Sidecar containers work if override RHDH image using RELATED_IMAGE_*` environment variable or spec.application.image.
    • Bug Fix
    • Proposed
    • RHDH Install&Run 3255

      What did you do exactly?

      Install the RHDH operator (1.1) and apply the following: https://gist.github.com/rm3l/01d80e728d6ae38bc75a0869247320dd 

      Context: https://redhat-internal.slack.com/archives/C05HGAR2DT5/p1710858032769609

      User wanted to add an oauth2-proxy sidecar container to the RHDH Deployment (https://janus-idp.io/blog/2023/01/17/enabling-keycloak-authentication-in-backstage), since this is currently possible with the Helm Chart.

      Suggested way is to add this sidecar container by redefining the deployment.yaml key  in a dedicated ConfigMap and then reference that CM in the CR `spec.rawRuntimeConfig.backstageConfig` field.

      Actual behavior

      The extra container is added to the Deployment created by the operator but the image has been changed by the operator:

      $ kubectl get deployment backstage-backstage-with-sidecar -o yaml | yq -r '.spec.template.spec.containers[] | (.name + ": " + .image)'
      
      backstage-backend: registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:3494d447cd81e798a65468615b8e2b4b75f491fa093e52f08381f2d45ad02dd6
      oauth2-proxy: registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:3494d447cd81e798a65468615b8e2b4b75f491fa093e52f08381f2d45ad02dd6 

      As a consequence, the sidecar container is not able to start properly.

      Expected behavior

      Currently, when the `RELATED_IMAGE_*` env vars are set in the operator environment, all images are replaced for all containers part of the Backstage Deployment: https://github.com/janus-idp/operator/blob/1.1.x/controllers/backstage_deployment.go#L196-L203 

      We should instead use a placeholder and perform replacements only where the placeholder is used. I guess the same bug applies to the PostgreSQL StatefulSet as well.

      We are doing something similar with the <POSTGRESQL_SECRET> secret name.

      Any logs, error output, etc?

      None

              gazarenk-1 Gennady Azarenkov
              rh-ee-asoro Armel Soro
              RHIDP - Install
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: