Sometimes it is necessary to run an additional pod along with the main pod, for example, for debugging purposes, or in an additional init container, for example, to establish a connection to external services like Hashicorp Vault, Hashicorp Consul, etc.
Often, a docker image for the container is located in a private registry. To access a private registry from Kubernetes, it is required to specify imagePullPolicy and imagePullSecret. This article explains how to configure this feature in the HiveMQ Platform Operator (new) Helm chart.
\uD83D\uDCD8 Instructions
There are two options: specifying pullPolicy and pullSecret globally at the HiveMQ Platform Operator level or at the HiveMQ Platform level.
Option 1: Define global
imagePullSecretsin the Platform Operator, that are applied to all managed HiveMQ Platforms.HiveMQ Platform Operator Helm chart:
global: rbac: create: true # Create a PodSecurityPolicy, cluster role, role binding and service account for the HiveMQ pods and assign the service account to them. # Disabled by default. PodSecurityPolicy has been removed from Kubernetes versions starting with v1.25 https://kubernetes.io/docs/concepts/security/pod-security-policy/ pspEnabled: false pspAnnotations: {} securityContext: runAsNonRoot: true runAsUser: 1000 allowedCapabilities: [] # Image pull secrets for operator, hivemq or other images. imagePullSecrets: [] <-- applied dynamically on all managed platforms # - name: hivemq-pull-secretOption 2: Configure
pullPolicyandpullSecretin the HiveMQ Platformimage:section, and they apply to all containers (including sidecars and init containers).HiveMQ Platform values.yaml
# HiveMQ Platform container image configuration image: repository: docker.io/hivemq name: hivemq4 tag: 4.31.0 pullPolicy: IfNotPresent <-- applied to all containers pullSecretName: "" <-- applied to all containers