-
Bug
-
Resolution: Done
-
Critical
-
None
What did you do exactly?
Install the RHDH operator (1.1) and apply the following: https://gist.github.com/rm3l/01d80e728d6ae38bc75a0869247320dd
Context: https://redhat-internal.slack.com/archives/C05HGAR2DT5/p1710858032769609
User wanted to add an oauth2-proxy sidecar container to the RHDH Deployment (https://janus-idp.io/blog/2023/01/17/enabling-keycloak-authentication-in-backstage), since this is currently possible with the Helm Chart.
Suggested way is to add this sidecar container by redefining the deployment.yaml key in a dedicated ConfigMap and then reference that CM in the CR `spec.rawRuntimeConfig.backstageConfig` field.
Actual behavior
The extra container is added to the Deployment created by the operator but the image has been changed by the operator:
$ kubectl get deployment backstage-backstage-with-sidecar -o yaml | yq -r '.spec.template.spec.containers[] | (.name + ": " + .image)'
backstage-backend: registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:3494d447cd81e798a65468615b8e2b4b75f491fa093e52f08381f2d45ad02dd6
oauth2-proxy: registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:3494d447cd81e798a65468615b8e2b4b75f491fa093e52f08381f2d45ad02dd6
As a consequence, the sidecar container is not able to start properly.
Expected behavior
Currently, when the `RELATED_IMAGE_*` env vars are set in the operator environment, all images are replaced for all containers part of the Backstage Deployment: https://github.com/janus-idp/operator/blob/1.1.x/controllers/backstage_deployment.go#L196-L203
We should instead use a placeholder and perform replacements only where the placeholder is used. I guess the same bug applies to the PostgreSQL StatefulSet as well.
We are doing something similar with the <POSTGRESQL_SECRET> secret name.
Any logs, error output, etc?
None
- links to