Create and manage secrets to pull images from private registry (ECR or Docker Hub) for kubernetes pod
imagepullsecrets-manager works as a kubernetes cronjob and easily creates and manages secrets to use as imagePullSecrets.
To pull images from a private registry, you must authenticate to that registry.
There are several ways to authenticate the registry, you can use imagePullSecrets among them.
By default, imagePullSecrets are created if they don't exist.
if there are imagePullSecrets, They will be updated differently depending on the type.
(imagepullsecrets-manager manages only secret created by itself.)
- ECR
- If the ECR token expires, update token and update
imagePullSecrets.
- If the ECR token expires, update token and update
- DOCKER
- If the secret configuration is updated, update
imagePullSecrets.
- If the secret configuration is updated, update
Also, imagePullSecrets are deleted when they are deleted from configuration.
- kubectl
- helm
imagepullsecrets-manager is deployed using helm.
it automatically creates and manages secrets by referring to the config(in helm value).
Edit the helm value(default or create custom value) to config imagepullsecrets-manager.
in config.secrets section, add repository credential required to create imagePullSecrets.
If you don't know imagePullSecrets, see the documentation.
https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
name: imagepullsecrets-manager
namespace: default
image:
name: nigasa12/imagepullsecrets-manager
version: <image-version>
imagePullPolicy: IfNotPresent
job_schedule: "* * * * *" # every minute
successfulJobsHistoryLimit: 10
config:
credentials:
- name: ecr-dev
kubernetes_namespace: default
type: ECR
credential:
aws_access_key_id: foobargem
aws_secret_access_key: foobargem
aws_ecr_repository_region: ap-northeast-2
- name: docker-example
kubernetes_namespace: default
type: DOCKER
credential:
docker_registry: docker.io
docker_user: foobargem
docker_password: password
docker_email: [email protected]
- using default value
helm install imagepullsecrets-manager ./helm- using custom value
vim {path}/values.yaml
helm install imagepullsecrets-manager -f values.yaml /{path}/helmhelm upgrade imagepullsecrets-manager {-f values.yaml} ./helm