imagePullSecrets not created in all namespaces

i am running it in a on-prem k8s cluster. our only registry is on ecr. so i took out the gcr and dpr configs

my deployment.yaml looks like:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: registry-creds
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      name: registry-creds
  template:
    metadata:
      labels:
        name: registry-creds
    spec:
      serviceAccountName: ecr-token-renew-sa
      containers:
      - image: upmcenterprises/registry-creds:1.10
        name: registry-creds
        imagePullPolicy: Always
        env:
          - name: AWS_ACCESS_KEY_ID
            valueFrom:
              secretKeyRef:
                name: registry-creds-ecr
                key: AWS_ACCESS_KEY_ID
          - name: AWS_SECRET_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: registry-creds-ecr
                key: AWS_SECRET_ACCESS_KEY
          - name: awsaccount
            valueFrom:
              secretKeyRef:
                name: registry-creds-ecr
                key: aws-account
          - name: awsregion
            valueFrom:
              secretKeyRef:
                name: registry-creds-ecr
                key: aws-region

and I had to create a serviceAccount because the default account does not have sufficient permissions.

the pod logs shows:

time="2020-08-28T00:25:08Z" level=info msg="------------------ [awsecr-cred] ------------------
"
time="2020-08-28T00:25:08Z" level=info msg="Getting secret; try #1 of 4"
time="2020-08-28T00:25:08Z" level=info msg="Successfully got secret for provider awsecr-cred after trying 1 time(s)"
time="2020-08-28T00:25:08Z" level=info msg="------------------ [dpr-secret] ------------------

but imagePullSecret was only added in some of the namespaces. not all.

it created imagePullSecrets on 16 namespaces out of 42 that we have.

upmc-enterprises / registry-creds

imagePullSecrets not created in all namespaces #95