imagesPullSecret used in Helm template but not defined in CRD schema

[mfchanou]

What happened?

There is an inconsistency between the Helm chart templates and the Config CRD schema regarding image pull secret configuration.

The Helm template for kai-config.yaml sets the following field:

spec: global: imagesPullSecret: <string>

However, in the configs.kai.scheduler CRD schema, this field is not defined.
Instead, the CRD defines:

spec: global: additionalImagePullSecrets: []string

So the chart writes a field that is not part of the CRD’s OpenAPI schema

Affected Versions

Observed in:

Chart version 0.12.7

Chart version 0.12.10

(The same mismatch exists in both.)

Details

From Helm template (templates/kai-config.yaml):

{{- if .Values.global.imagePullSecrets }} imagesPullSecret: {{ index .Values.global.imagePullSecrets 0 | default "" }} {{- end }}
This produces:

spec.global.imagesPullSecret # string

From CRD (configs.kai.scheduler):

additionalImagePullSecrets: description: ImagePullSecrets defines the container registry additional secret credentials type: array items: type: string
There is no imagesPullSecret (string) field defined in the CRD schema.

Why this is a problem ?

• The field written by the chart is not validated by the CRD schema.
• It does not appear in kubectl explain.
• It is unclear whether the controller still reads imagesPullSecret (legacy) or expects additionalImagePullSecrets (current schema).
• This creates ambiguity for users upgrading or trying to follow the CRD as the source of truth.

What did you expect to happen?

Expected Behavior

The Helm chart and CRD schema should be aligned. One of the following should happen

• Preferred (array of strings)

Update the Helm template to use:
spec.global.additionalImagePullSecrets

• Or, if imagesPullSecret is still intentionally supported:
  Add it to the CRD schema with proper type and documentation.

Actual Behavior

• Helm chart writes spec.global.imagesPullSecret (string)
• CRD schema only defines spec.global.additionalImagePullSecrets (array)
• Mismatch between declared API and generated resource

Happy to help test a fix or validate behavior once clarified which field is the intended one going forward.

Environment

• Kubernetes version: 1.30
• KAI Scheduler version: 0.12.7
• Cloud provider or hardware configuration:
• Tools that you are using KAI together with
• Anything else that is relevant

[faizan-exe]

Can this be assigned to me?

I think we just need to remove additional from ImagePullSecrets []string json:"additionalImagePullSecrets,omitempty" in global.go

[enoodle]

@faizan-exe changing a field name might cause issues with upgrades. We might have to add another field and deprecate this one. We have to make sure that we do it in a way that will not break current deployments that set this field.

[gshaibi]

@faizan-exe thanks for your interest!
I’ve assigned this to you - please make sure to address @enoodle’s concern as well.

[mfchanou]

any news regarding this? we're a bit stuck by this issue. I can actually do the PR and let you review it if that's possible