In some cases, you may need to run an additional pod alongside the main pod—for example, for debugging purposes—or an additional init container, for instance, to establish a connection to external services like HashiCorp Vault or HashiCorp Consul.
When using a Docker image from a private registry, you'll need to configure imagePullPolicy and imagePullSecrets to access the private registry from Kubernetes. This article explains how to configure these settings in the HiveMQ Platform Operator Helm chart.
\uD83D\uDCD8 Instructions
There are two options for configuring imagePullSecrets: globally at the HiveMQ Platform Operator level or at the HiveMQ Platforms' level.
Option 1: Define global
imagePullSecretsin the Platform Operator, that are applied to all managed HiveMQ Platforms.HiveMQ Platform Operator Helm chart:
global: rbac: create: true # Create a PodSecurityPolicy, cluster role, role binding and service account for the HiveMQ pods and assign the service account to them. # Disabled by default. PodSecurityPolicy has been removed from Kubernetes versions starting with v1.25 https://kubernetes.io/docs/concepts/security/pod-security-policy/ pspEnabled: false pspAnnotations: {} securityContext: runAsNonRoot: true runAsUser: 1000 allowedCapabilities: [] # Image pull secrets for operator, hivemq or other images. imagePullSecrets: [] <-- applied dynamically on all managed platforms # - name: hivemq-pull-secretOption 2: Configure
pullPolicyandpullSecretin the HiveMQ Platformimage:section, and they apply to all containers (including sidecars and init containers).HiveMQ Platform values.yaml
# HiveMQ Platform container image configuration image: repository: docker.io/hivemq name: hivemq4 tag: 4.31.0 pullPolicy: IfNotPresent <-- applied to all containers pullSecretName: "" <-- applied to all containers