Is there a way to add imagePullSecrets to the default ServiceAccount through a Template?
As @user6242207 mentioned in comments
What I ended up using was to create a new Service Account with the template, add the secrets I needed and link the Service Account to all DC's that needed it.
Just to clarify, there is Kubernetes documentation which describes everything step by step.
1.Create an imagePullSecret
Create an imagePullSecret, as described in Specifying ImagePullSecrets on a Pod.
kubectl create secret docker-registry myregistrykey --docker-server=DUMMY_SERVER \ --docker-username=DUMMY_USERNAME --docker-password=DUMMY_DOCKER_PASSWORD \ --docker-email=DUMMY_DOCKER_EMAIL
Verify it has been created.
kubectl get secrets myregistrykey
2.Add image pull secret to service account
Modify the default service account for the namespace to use this secret as an imagePullSecret.
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "myregistrykey"}]}'
You can instead use kubectl edit, or manually edit the YAML manifests as shown below:
kubectl get serviceaccounts default -o yaml > ./sa.yaml
3.You can also verify the results
Now, when a new Pod is created in the current namespace and using the default ServiceAccount, the new Pod has its spec.imagePullSecrets field set automatically:
kubectl run nginx --image=nginx --restart=Neverkubectl get pod nginx -o=jsonpath='{.spec.imagePullSecrets[0].name}{"\n"}'
The output should be:
myregistrykey
If you use Open Shift then this documentation could be more useful.