Restoring workspaces does not use pull secret #1607
Description
Description
When a workspace is to be restored, the DWO does not mount the pull secret into the workspace-restore init container, unless, the pull secret is named devworkspace-backup-registry-auth
How To Reproduce
- Create a a pull secret containing credentials to a private image registry:
kind: Secret
apiVersion: v1
metadata:
name: my-secret
namespace: openshift-operators
labels:
controller.devfile.io/watch-secret: 'true'
data:
.dockerconfigjson: <redacted>
type: kubernetes.io/dockerconfigjson
- Enable backups using the global DWOC:
kind: DevWorkspaceOperatorConfig
apiVersion: controller.devfile.io/v1alpha1
metadata:
name: devworkspace-operator-config
namespace: $OPERATOR_INSTALL_NAMESPACE
config:
workspace:
backupCronJob:
enable: true
registry:
authSecret: my-secret
path: quay.io/<username>
schedule: '*/2 * * * *'
imagePullPolicy: Always
- Start a simple non-ephemeral workspace:
curl -sL https://raw.githubusercontent.com/devfile/devworkspace-operator/refs/heads/main/samples/per-workspace-storage.yaml | oc apply -f -
- Once the workspace stops running, stop it.
- Wait for up to 2 minutes to allow the backup to occur.
- Once backup has been completed, create an empty workspace with the restore attributes::
apiVersion: workspace.devfile.io/v1alpha2
kind: DevWorkspace
metadata:
name: plain-devworkspace
spec:
routingClass: basic
started: true
template:
attributes:
controller.devfile.io/restore-source-image: '<your backup image>'
controller.devfile.io/restore-workspace: 'true'
components:
- container:
command:
- tail
- '-f'
- /dev/null
image: 'quay.io/wto/web-terminal-tooling:next'
memoryLimit: 512Mi
memoryRequest: 256Mi
mountSources: true
sourceMapping: /projects
name: web-terminal
The workspace will fail to start because the workspace pod will not have the pull secret mount.
Expected behavior
The pull secret should be mounted such that the workspace-restore init container is able to use it.