search

nabsul / k8s-ecr-login-renew

Renews Docker login credentials for an AWS ECR container registry.
MIT License
205 stars 49 forks source link

Update the default service account #36

Closed Startouf closed 1 year ago

Startouf commented 2 years ago

I have seen many versions of this script where the default service account of each namespace would be updated with the image pull secrets to avoid replacing chart values

Maybe this could be added as an optional feature ?

kubectl patch serviceaccount default -p '{"imagePullSecrets":[{"name":"'$DOCKER_SECRET_NAME'"}]}'
nabsul commented 2 years ago

This is a fantastic idea, and I only recently learned that it even existed as a possibility :-)

I definitely think it should be added as an option, and it shouldn't be too hard.

nabsul commented 1 year ago

I thought about this a little more, and I think this is not really the responsibility of this tool. The cronjob simply refreshes the docker secret periodically to keep it from expiring.

It is left up to the Kubernetes cluster owner to use that secret, either as a pull secret in the deployment/pod/chart, or as a default secret on the service account. The tool doesn't really care (or impact) which approach you take.

I'll close this for now, but if you think I've misunderstood this suggestion, please feel free to reopen.