Description:
According to the official CRD, innodbcluster should take a configuration parameter "imageRepository", which should specify the container registry from where to pull container images. When set, only mysql-server is pulled from the set registry, but the sidecar tries to pull mysql/mysql-operator:8.0.26-2.0.2 from dockerhub. Due to our security policy, it will never be able to do that. 

How to repeat:
Install kubernetes mysql operator and innodb cluster according to the official "documentation".

https://github.com/mysql/mysql-operator

kubectl apply -f https://raw.githubusercontent.com/mysql/mysql-operator/trunk/deploy/deploy-crds.yaml
kubectl apply -f https://raw.githubusercontent.com/mysql/mysql-operator/trunk/deploy/deploy-operator.yaml

apiVersion: mysql.oracle.com/v2alpha1
kind: InnoDBCluster
metadata:
  name: aosint-mysql-cluster
  namespace: aosint-mysql
spec:
  secretName: mysql-passwords
  imageRepository: 327449139264.dkr.ecr.eu-west-1.amazonaws.com/mysql
  instances: 3
  router:
    instances: 2

Suggested fix:
Make sure the imageRepository setting is respected, better yet - allow each image to be set independently

The documentation for this is completely non-existent, not a single line of documentation for anything other than the passwords secret...

Thanks for the report, our k8s team will take a look

Posted by developer:
 
Hi,
could be it be that your repository is authenticated and there were not image pull secrets set?
I could not reproduce with your manifests. There is slight indentation error but when fixed it creates the cluster with a private container registry.

Perhaps you should consider creating a validation hook to ensure people don't typo things?