search

titansoft-pte-ltd / imagepullsecret-patcher

A simple Kubernetes client-go application that creates and patches imagePullSecrets to service accounts in all Kubernetes namespaces to allow cluster-wide authenticated access to private container registry.
https://medium.com/titansoft-engineering/kubernetes-cluster-wide-access-to-private-container-registry-with-imagepullsecret-patcher-b8b8fb79f7e5
MIT License
256 stars 91 forks source link

secret not accepted #26

Closed Morriz closed 2 years ago

Morriz commented 3 years ago

Hi, I don't see much output with CONFIG_DEBUG enabled, but the app complains about this pullsecret:

apiVersion: v1
kind: Secret
type: kubernetes.io/dockerconfigjson
metadata:
  name: pullsecret-patcher
  labels:
    helm.sh/chart: pullsecret-patcher-0.1.0
    app.kubernetes.io/name: pullsecret-patcher
    app.kubernetes.io/instance: pullsecret-patcher
    app.kubernetes.io/version: "0.1.0"
    app.kubernetes.io/managed-by: Helm
data:
  .dockerconfigjson: "eyJhdXRocyI6eyJkb2NrZXIuaW8iOnsidXNlcm5hbWUiOiJvdG9taSIsInBhc3N3b3JkIjoiYmxhZGlibGEiLCJlbWFpbCI6Im5vdEB1cy5lZCIsImF1dGgiOiJiM1J2YldrNllteGhaR2xpYkdFPSJ9fX0="

Why would it? It is a valid pull secret (password in it does not work for obvious reasons).

omBratteng commented 2 years ago

@Morriz I think it's because of the auth uri, your config file has docker.io, whilst I think it should be https://index.docker.io/v1/.

You could run this, though supplied with your own credentials and see if that works.

kubectl create secret docker-registry pullsecret-patcher \
    --docker-username=mygithubusername \
    --docker-password=mygithubreadtoken \
    --docker-email=mygithubemail \
    --dry-run=client -o yaml
Morriz commented 2 years ago

tnx...but we already decided to use a more surgical approach and do management on dropped pull secrets

omBratteng commented 2 years ago

@Morriz could you close the issue then?

Morriz commented 2 years ago

sure