Extend the same concept for imagePullSecrets as well

[rajivml]

HI,

Can we have this extended for imagePullSecrets as well, because in order to access an private registry , secret is also required.. If the same can be added through webhooks, that would be great

[phenixblue]

Hey @rajivml, thanks for reaching out. I think this feature is outside the scope of the project right now. I'll leave this open for a bit and see if anyone else comments to support this.

[phenixblue]

@rajivml I'm revisiting this to think through how it might work.

Still not sure it fits here, but wanted to get a better idea on what the expected functionality is.

Is the expectation that there would be some central source of image pull secrets (ie. all in one namespace), or would you want to be able to grab secrets from any namespace potentially?

My first thought was to add a second maps config file specific to imagePullSecrets that would follow a format like this:

<registry_fqdn>:<namespace>.<secret_name>

Example with multiple maps:

default:namespace.image-pull-secret1
quay.io:namespace2.quay-image-pull-secret

There are a lot of edges with this given that it would be replicating secrets across namespace bounds, but that may be ok in your environment.