Create and manage secrets to pull images from private registry (ECR or Docker Hub) for kubernetes pod
imagepullsecrets-manager works as a kubernetes cronjob and easily creates and manages secrets to use as imagePullSecrets.
To pull images from a private registry, you must authenticate to that registry.
There are several ways to authenticate the registry, you can use imagePullSecrets among them.
By default, imagePullSecrets are created if they don't exist.
if there are imagePullSecrets, They will be updated differently depending on the type.
(imagepullsecrets-manager manages only secret created by itself.)
- ECR
- If the ECR token expires, update token and update imagePullSecrets.
 
- If the ECR token expires, update token and update 
- DOCKER
- If the secret configuration is updated, update imagePullSecrets.
 
- If the secret configuration is updated, update 
Also, imagePullSecrets are deleted when they are deleted from configuration.
- kubectl
- helm
imagepullsecrets-manager is deployed using helm.
it automatically creates and manages secrets by referring to the config(in helm value).
Edit the helm value(default or create custom value) to config imagepullsecrets-manager.
in config.secrets section, add repository credential required to create imagePullSecrets.
If you don't know imagePullSecrets, see the documentation.
https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
name: imagepullsecrets-manager
namespace: default
image:
    name: nigasa12/imagepullsecrets-manager
    version: <image-version>
imagePullPolicy: IfNotPresent
job_schedule: "* * * * *" # every minute
successfulJobsHistoryLimit: 10
config:
  credentials:
    - name: ecr-dev
      kubernetes_namespace: default
      type: ECR
      credential:
        aws_access_key_id: foobargem
        aws_secret_access_key: foobargem
        aws_ecr_repository_region: ap-northeast-2
    - name: docker-example
      kubernetes_namespace: default
      type: DOCKER
      credential:
        docker_registry: docker.io
        docker_user: foobargem
        docker_password: password
        docker_email: [email protected]
- using default value
helm install imagepullsecrets-manager ./helm- using custom value
vim {path}/values.yaml
helm install imagepullsecrets-manager -f values.yaml /{path}/helmhelm upgrade imagepullsecrets-manager {-f values.yaml} ./helm
