Kubernetes cluster-wide access to private container registry with imagepullsecret-patcher
TL;DR
Kubernetes allows us to configure private container registry credentials with imagePullSecrets on a per Pod or per Namespace basis. However, as cluster admins, we might want to reduce time spent on maintenance work and complete it once and for all.
We open-sourced a simple Kubernetes application called imagepullsecret-patcher, which automatically creates and patches imagePullSecrets to default service accounts in all Kubernetes namespaces to allow cluster-wide authenticated access to private container registry.
Background
Recently in Titansoft, we built a couple of on-premise Kubernetes clusters and started to run workloads on them. The clusters need to access our private container registry on Google Cloud to pull our private docker images.
We can do so by first creating a Kubernetes Secret with the docker config.
kubectl create secret docker-registry image-pull-secret \
-n <your-namespace> \
--docker-server=<your-registry-server> \
--docker-username=<your-name> \
--docker-password=<your-password> \
--docker-email=<your-email>As a side note, Google Container Registry (GCR) supports JSON key file authenication…
