Does registry cred operator can take care of adding imagepullsecret to such non default service accounts during their creation so that pods can use it?

titansoft-pte-ltd / imagepullsecret-patcher

A simple Kubernetes client-go application that creates and patches imagePullSecrets to service accounts in all Kubernetes namespaces to allow cluster-wide authenticated access to private container registry.

https://medium.com/titansoft-engineering/kubernetes-cluster-wide-access-to-private-container-registry-with-imagepullsecret-patcher-b8b8fb79f7e5

MIT License

256 stars 91 forks source link

Does registry cred operator can take care of adding imagepullsecret to such non default service accounts during their creation so that pods can use it? #25

Open sushantsj opened 3 years ago

sushantsj commented 3 years ago

Problem Statement: nginx ingress controller and prometheus operator is trying to create their own Service Accounts in namespace and pods are using those service accounts. So I am facing docker pull limit issue. Does registry cred operator can take care of adding imagepullsecret to such non default service accounts during their creation so that pods can use it?If yes then are we missing something from the steps mentioned in your github, let me know Thank you

awoimbee commented 3 years ago

Yes, it's quite obvious from the code https://github.com/titansoft-pte-ltd/imagepullsecret-patcher/blob/bdf0891920920d3e789a5b5bbf0ea041ad385746/main.go#L183 You need to set CONFIG_ALLSERVICEACCOUNT

But since this project in simply a for loop running every 10s, there will be a delay between service account creation and secret provisioning