search

titansoft-pte-ltd / imagepullsecret-patcher

A simple Kubernetes client-go application that creates and patches imagePullSecrets to service accounts in all Kubernetes namespaces to allow cluster-wide authenticated access to private container registry.
https://medium.com/titansoft-engineering/kubernetes-cluster-wide-access-to-private-container-registry-with-imagepullsecret-patcher-b8b8fb79f7e5
MIT License
256 stars 91 forks source link

managedonly setting does not work correctly #35

Open tstraley opened 1 year ago

tstraley commented 1 year ago

When the managedonly configuration setting is enabled, this tool ends up skipping those secrets that are properly managed by imagepullsecret-patcher, and does actually overwrite secrets that are not managed by it.

It appears to be a simple bug in the evaluation here: https://github.com/titansoft-pte-ltd/imagepullsecret-patcher/blob/master/main.go#L156

This should actually be

        if configManagedOnly && !isManagedSecret(secret) {
            return fmt.Errorf("[%s] Secret is present but unmanaged", namespace)
        }
tstraley commented 1 year ago

This project does not appear to be actively maintained, so I'm just going to leave this issue here for others to be aware. If PRs start getting acknowledged again in the future here, I can submit a PR to fix this.