k8tz sidecar container: pulling from private registry fails

[hrbu]

In our project we pull images from a secured internal container-registry. Therefore we provide an imagePullSecret.

Pulling the image for the k8tz controller deployment works as expected.

Problem: Pulling the image for sidecar container usage fails.

Seems like the imagePullSecret isn't considered in that case.

[yonatankahana]

hi, can you provide me the full error message?
and show the full repository value that cutted in the image?
a print of kubectl get pod -oyaml -n <namespace> <podName> can be useful as well.

[hrbu]

Providing full error messages is not that easy ... the problem exists on multinode k8s environments only. So reproducing on my local k3d setup is not possible. For more detailed error messages I've to roll-back a pre-production environment in that error state. Would like to avoid this if possible. During investigation of the deployment incident I've seen error messages containing "access denied" when pulling the image for sidecar-container usage. Within the related pod deployment description I've missed the imagePullSecrets section for the k8tz sidecar-container.

The following screenshot is what I can provide without much effort:

[yonatankahana]

you are right, imagePullSecrets not propagated from controller to sidecars and it will cause this problem. I but I am not sure it can be fixed automatically since the secret should exist in the pod namespace. Could be that the correct way to fix it is you specify the imagePullSecrets manually on your pods or service accounts. ill check it and update you soon