new(falco): adding imagePullSecrets at the service account level #824
Conversation
poiana
added
kind/bug
|
Can you run |
leogr
force-pushed
the
charts/falco/sa-imagepullsecrets
branch
from
7221429 to
bf0d3c0
Compare
|
Hey @megalucio! Thanks again for your contribution! As I mentioned in the other PR (#811), I believe this addition might be redundant. The chart already supports imagePullSecrets at the pod level, which should cover all use cases for the Falco application. Adding it at the serviceAccount level would mean duplicating the same configuration in two places. That said, if you have a specific use case where this feature solves a problem that the current chart doesn’t address, I’d love to hear more! Always happy to improve things where needed. 🚀 Looking forward to your thoughts! |
Hello, thanks for looking into this but in my opinion this is not redundant but just adds the possibility of configure it at both he the pod and the service account level, the same way Kubernetes does and it is not considered redundant. I would argue the later is actually better practice since this approach simplifies management and ensures consistency across deployments. In our case, for our cluster we set this up at the service account level. In order to be consistent with the rest of the configuration of the cluster it makes more sense for us to set it up in the same way and I do not see the disadvantage of adding this possibility to Falco as well. |
megalucio
force-pushed
the
charts/falco/sa-imagepullsecrets
branch
from
bf0d3c0 to
f2d682d
Compare
Signed-off-by: Ignacio Íñigo <[email protected]>
megalucio
force-pushed
the
charts/falco/sa-imagepullsecrets
branch
from
0afd164 to
f3884b4
Compare
Signed-off-by: Leonardo Grasso <[email protected]>
|
/hold cancel I fixed the chart version, and I'm going to merge this shortly. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: leogr, megalucio The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
LGTM label has been added. Git tree hash: 834173838b66abe33bc3d1e1e59a10f26ab192c2
|
What type of PR is this?
/kind feature
kind chart-release
Any specific area of the project related to this PR?
/area falco-chart
What this PR does / why we need it:
For most use cases, it is recommended to specify imagePullSecrets at the ServiceAccount level if all pods using that ServiceAccount need access to the same image pull secrets. This approach simplifies management and ensures consistency across your deployments.
This pull request includes updates to the Falco Helm Chart to add support for image pull secrets at the service account level. The most important changes include updating the chart version, adding a new configuration option for image pull secrets, and documenting this new feature.
Feature Addition:
charts/falco/templates/serviceaccount.yaml: Added the ability to specifyimagePullSecretsfor the service account.charts/falco/values.yaml: Introduced a new configuration optionserviceAccount.imagePullSecretsto support credentials for pulling images from private registries.Documentation Updates:
charts/falco/README.md: Updated the table of configurable parameters to includeserviceAccount.imagePullSecrets.charts/falco/CHANGELOG.md: Documented the new feature in the changelog for version 4.19.1.Version Bump:
charts/falco/Chart.yaml: Bumped the chart version from 4.19.0 to 4.19.1.Which issue(s) this PR fixes:
Special notes for your reviewer:
I've already fixed the corrisponding labels in GitHub
Checklist