Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

imagePullSecrets not created in all namespaces #95

Open
lamb84 opened this issue Aug 28, 2020 · 1 comment
Open

imagePullSecrets not created in all namespaces #95

lamb84 opened this issue Aug 28, 2020 · 1 comment

Comments

@lamb84
Copy link

lamb84 commented Aug 28, 2020
edited

i am running it in a on-prem k8s cluster.
our only registry is on ecr. so i took out the gcr and dpr configs

my deployment.yaml looks like:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: registry-creds
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      name: registry-creds
  template:
    metadata:
      labels:
        name: registry-creds
    spec:
      serviceAccountName: ecr-token-renew-sa
      containers:
      - image: upmcenterprises/registry-creds:1.10
        name: registry-creds
        imagePullPolicy: Always
        env:
          - name: AWS_ACCESS_KEY_ID
            valueFrom:
              secretKeyRef:
                name: registry-creds-ecr
                key: AWS_ACCESS_KEY_ID
          - name: AWS_SECRET_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: registry-creds-ecr
                key: AWS_SECRET_ACCESS_KEY
          - name: awsaccount
            valueFrom:
              secretKeyRef:
                name: registry-creds-ecr
                key: aws-account
          - name: awsregion
            valueFrom:
              secretKeyRef:
                name: registry-creds-ecr
                key: aws-region

and I had to create a serviceAccount because the default account does not have sufficient permissions.

the pod logs shows:

time="2020-08-28T00:25:08Z" level=info msg="------------------ [awsecr-cred] ------------------
"
time="2020-08-28T00:25:08Z" level=info msg="Getting secret; try #1 of 4"
time="2020-08-28T00:25:08Z" level=info msg="Successfully got secret for provider awsecr-cred after trying 1 time(s)"
time="2020-08-28T00:25:08Z" level=info msg="------------------ [dpr-secret] ------------------

but imagePullSecret was only added in some of the namespaces. not all.

it created imagePullSecrets on 16 namespaces out of 42 that we have.
@lamb84 lamb84 changed the title imagePullSecrets not created after running the pod imagePullSecrets not created in all namespaces Aug 28, 2020
@lamb84
Copy link
Author

lamb84 commented Aug 30, 2020
edited

this issue went away after I set argSkipKubeSystem in main.go to false

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lamb84