Simple Go application that takes to the Kubernetes API to add (multiple) ImagePullSecrets to all
ServiceAccounts in the cluster.
This project was started because of the issue that credentials to private container registry cannot be
provided on a clusterwide level (cf. stackoverflow issue).
Others suggested manually pulling images to your nodes, patching Service Accounts manually or adapting the docker/config.json
of each cluster's node (cf. here).
This project was inspired by titansoft-pte-ltd/imagepullsecret-patcher which, however, only allows to add one private container registry secret to the cluster's service accounts.
It is at best used in conjunction with mittwald/kubernetes-replicator. Thus this is the complete approach:
- Install mittwald/kubernetes-replicator
- Create container registry secrets in the
kube-systemnamespace
kubectl -n kube-system create secret docker-registry <SECRET_NAME_1> --docker-server=<registry.server.de> --docker-username=<username> --docker-password=<password>
kubectl -n kube-system create secret docker-registry <SECRET_NAME_2> --docker-server=<registry.server.de> --docker-username=<username> --docker-password=<password>- Patch secrets to make them replicable by mittwald/kubernetes-replicator
kubectl -n kube-system patch secret <SECRET_NAME_1> -p '{"metadata": {"annotations": {"replicator.v1.mittwald.de/replicate-to": ".*"}}}'
kubectl -n kube-system patch secret <SECRET_NAME_2> -p '{"metadata": {"annotations": {"replicator.v1.mittwald.de/replicate-to": ".*"}}}'- Add your secrets' names to the
REGISTRY_SECRET_NAMESenvironment variable indeployment/deployment.yaml. - Install neutryno/serviceaccount-patcher
kubectl apply -f https://raw.githubusercontent.com/neutryno/imagepullsecret-serviceaccount-patcher/master/deployment/rbac.yaml
kubectl apply -f https://raw.githubusercontent.com/neutryno/imagepullsecret-serviceaccount-patcher/master/deployment/deployment.yamldocker buildx build . -t neutryno/imagepullsecret-serviceaccount-patcher --platform linux/amd64,linux/arm64 --no-cache