registry-creds
registry-creds copied to clipboard
Published
20 hours ago •
upmc-enterprises
upmc-enterprises
imagePullSecrets not created in all namespaces
i am running it in a on-prem k8s cluster. our only registry is on ecr. so i took out the gcr and dpr configs
my deployment.yaml looks like:
apiVersion: apps/v1
kind: Deployment
metadata:
name: registry-creds
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
name: registry-creds
template:
metadata:
labels:
name: registry-creds
spec:
serviceAccountName: ecr-token-renew-sa
containers:
- image: upmcenterprises/registry-creds:1.10
name: registry-creds
imagePullPolicy: Always
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: registry-creds-ecr
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: registry-creds-ecr
key: AWS_SECRET_ACCESS_KEY
- name: awsaccount
valueFrom:
secretKeyRef:
name: registry-creds-ecr
key: aws-account
- name: awsregion
valueFrom:
secretKeyRef:
name: registry-creds-ecr
key: aws-region
and I had to create a serviceAccount because the default account does not have sufficient permissions.
the pod logs shows:
time="2020-08-28T00:25:08Z" level=info msg="------------------ [awsecr-cred] ------------------
"
time="2020-08-28T00:25:08Z" level=info msg="Getting secret; try #1 of 4"
time="2020-08-28T00:25:08Z" level=info msg="Successfully got secret for provider awsecr-cred after trying 1 time(s)"
time="2020-08-28T00:25:08Z" level=info msg="------------------ [dpr-secret] ------------------
but imagePullSecret was only added in some of the namespaces. not all.
it created imagePullSecrets on 16 namespaces out of 42 that we have.
