Skip to content

[helm] Enable pulling from private Docker registry#2692

Merged
xx789633 merged 2 commits intoapache:mainfrom
affo:la-pull-secrets
Feb 25, 2026
Merged

[helm] Enable pulling from private Docker registry#2692
xx789633 merged 2 commits intoapache:mainfrom
affo:la-pull-secrets

Conversation

@affo
Copy link
Contributor

@affo affo commented Feb 16, 2026
edited
Loading

Purpose

Linked issue: close #2691

Brief change log

  • Uses images.registry
  • Renders image.pullSecrets

Makes it possible to use an alternate registry and use pull secrets to pull the image if the registry is private.

I favored the approach of adding pull secrets directly to STS and not in the service account for bigger flexibility as the user can still link another service account to pods while pull secrets are attached to pods.

Tests

No test introduced.
Would be good to add tests once this PR lands (introduces helm unittest + github workflow).

API and Format

NO

Documentation

No new feature, it is already documented in the README.

morazow
morazow approved these changes Feb 16, 2026
View reviewed changes
Copy link
Contributor

@morazow morazow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks 🚀

xx789633
xx789633 reviewed Feb 19, 2026
View reviewed changes
Copy link
Contributor

@xx789633 xx789633 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @affo I just left some minor suggestions.

helm/templates/_helpers.tpl Outdated
Image name
*/}}
{{- define "fluss.image" -}}
{{- $image := printf "%s:%s" .Values.image.repository .Values.image.tag }}
Copy link
Contributor

@xx789633 xx789633 Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a user omits image.tag or sets it to empty, this would produce an invalid image reference like apache/fluss:. Maybe we need to add a fallback here.

Copy link
Contributor Author

@affo affo Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addressed 👍

helm/templates/_helpers.tpl Outdated
Image name
*/}}
{{- define "fluss.image" -}}
{{- $image := printf "%s:%s" .Values.image.repository .Values.image.tag }}
Copy link
Contributor

@xx789633 xx789633 Feb 19, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a user provides a purely numeric tag (e.g. tag: 1.0), printf "%s" in Helm may output apache/fluss:%!s(float64=1).

Copy link
Contributor Author

@affo affo Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what a catch! Partially addressed 🤝

@affo
Copy link
Contributor Author

affo commented Feb 24, 2026
edited
Loading

@xx789633 the latest changes now address your doubts 🤝

repository is now required.
if tag is missing, no : is added avoiding a malformed image name.

For tag formatting, unfortunately, it is not possible to discriminate 1.0 VS 1 in Go templating, as they would always render to 1 as strings. However, I added a toString that would cover 1.1 for example 🤝

Wrapping the tag in quotes in YAML is left to the user 👍
In our default values we offer a tag value wrapped in quotes.

I checked this behavior and it would be the same in Bitnami's charts.
Tested with Zookeeper 🤝

@xx789633
Copy link
Contributor

xx789633 commented Feb 24, 2026

Looks good to me.

@swuferhong
Copy link
Contributor

swuferhong commented Feb 24, 2026

LGTM overall. One more suggestion: Could you add documentation in helm/README.md explaining how to use image.registry and image.pullSecrets when configuring a private Docker registry?

@xx789633
Add private Docker registry configuration details
2c93f76 
Added instructions for using a private Docker registry and included image values reference.
@xx789633
Copy link
Contributor

xx789633 commented Feb 25, 2026

I have appended a commit to document the private docker registry. Merging....

@xx789633 xx789633 merged commit 43f76a5 into apache:main Feb 25, 2026
6 checks passed
@affo affo deleted the la-pull-secrets branch February 25, 2026 10:57
@affo
Copy link
Contributor Author

affo commented Feb 25, 2026

@xx789633 thanks for promptly acting on this one!
I was too busy yesterday to promptly address 😓

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xx789633 xx789633 xx789633 left review comments

+1 more reviewer

@morazow morazow morazow approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[helm] Enable pulling from private Docker registry

4 participants

@affo @xx789633 @swuferhong @morazow