Skip to content

Support for Image pull secret in the open telemetry collector spec #4376

New issue
New issue
Open
#4377
Open
Support for Image pull secret in the open telemetry collector spec#4376
#4377
Labels
area:collectorIssues for deploying collectorenhancementNew feature or request
@Hritik003

Description

@Hritik003
Hritik003
opened on Sep 23, 2025

Component(s)

Collector

Is your feature request related to a problem? Please describe.

In dark site or air-gapped environments, pulling container images often requires authentication against private registries (e.g., Harbor, Artifactory, ECR, ACR, GCR). Currently, when deploying the OpenTelemetry Collector via the Operator, the spec does not allow defining imagePullSecrets directly.

This limitation creates friction for users because:

  • Images tied to a specific OTEL version may not be publicly accessible.
  • Attempts to pull these images without proper secrets can lead to ImagePullBackOff or ErrImagePull errors.

Describe the solution you'd like

Add support for an imagePullSecrets field in the OpenTelemetryCollector spec.

For example:

apiVersion: opentelemetry.io/v1beta1
kind: OpenTelemetryCollector
metadata:
  name: otel-collector
spec:
  image: my.private.registry/otel-collector:0.135.0
  imagePullSecrets:
    - name: my-registry-secret

This allows cluster operators to provide pull secrets declaratively within the CRD, without extra service account configuration.

Describe alternatives you've considered

ServiceAccount + Secrets

apiVersion: opentelemetry.io/v1beta1
kind: OpenTelemetryCollector
spec:
  serviceAccount: otel-collector-sa
  • With this approach, the service account must be pre-configured to mount the secret.
  • It works, but requires manual steps outside the OTEL spec, making automation and GitOps harder.

Having imagePullSecrets at the spec level aligns with Kubernetes best practices for workloads and avoids external dependencies.

Additional context

Many Kubernetes operators (e.g., Prometheus Operator, Cert-Manager, kserve) already expose imagePullSecrets in their CRDs for similar reasons. Adding this field improves parity, reduces friction in enterprise deployments, and lowers the barrier to adoption in environments with strict registry policies.

Tip:

React with 👍 to help prioritize this issue. Please add comments if you have similar use cases (e.g., ECR/ACR private registries, on-prem dark sites).

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:collectorIssues for deploying collectorenhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions