matgeroe
commented
2 years ago Hi, I haven't tested this but I suppose you could enter both registries in a single .dockerconfigjson, as your image pull patch secret source
The format suggest that you can, as the registry is used as a key:
{"auths":{"your.private.registry.example.com":{"username":"janedoe","password":"xxxxxxxxxxx","email":"jdoe@example.com","auth":"c3R...zE2"}}}
https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#inspecting-the-secret-regcred
As for issues with deploying it twice, as long as you give them different names with the flag secretname, it should work.
You will have to specify the pullsecret on each deployment though, because the patcher will set the secret as the default secret in the service account in each namespace, if run two instances, they absolutely will overwrite each other. It is my understanding that when you create a new namespace, the patcher will detect it and do its thing, which one of the patchers will get there last, will determine the default secret, so that's not reliable.
kubectl patch serviceaccount default \ -p "{\"imagePullSecrets\": [{\"name\": \"image-pull-secret\"}]}" \ -n <your-namespace>
https://github.com/titansoft-pte-ltd/imagepullsecret-patcher#why
dwarburt
We're migrating from one private registry to another and need to pull images from both during the transition. It seems like we'll be able to just deploy the image pull secret patcher twice, so there is one dedicated to each secret. Is this reasonable or we may face some problems?