Alauda Container Platform

Add ImagePullSecrets to ServiceAccount

If the image repository requires authentication, you need to add the corresponding ImagePullSecrets to the ServiceAccount used by the application. This ensures that the application can successfully pull images from the private repository.

TOC

Create an ImagePullSecret

To create an ImagePullSecret, please refer to Creating a Secret for detailed steps on creating an ImagePullSecret.

Add an ImagePullSecret to a ServiceAccount

If the Pod of your application uses the ServiceAccount example, you can add the ImagePullSecret to the example ServiceAccount in the namespace where your application is located.

Edit the ServiceAccount example with patch command:

kubectl patch serviceaccount example -p '{"imagePullSecrets": [{"name": "my-registry-creds"}]}' -n <namespace>

Replace <namespace> with the namespace where your application is located, and my-registry-creds with the name of the ImagePullSecret you created.

You can verify the addition of the ImagePullSecret by describing the ServiceAccount:

kubectl describe serviceaccount example -n <namespace>
Name:                example
Namespace:           <namespace>
Labels:              <none>
Annotations:         <none>
Image pull secrets:  my-registry-creds
Mountable secrets:   <none>
Tokens:              <none>
Events:              <none>

You should see the Image pull secrets section showing the added secret.

NOTE

Note: If your Pod does not specify a ServiceAccount, it will use the default ServiceAccount in the namespace by default. You can add the ImagePullSecret to the default ServiceAccount in the same way.

Verify that imagePullSecrets are set for new Pods

When you create a new Pod that uses the ServiceAccount example, the Pod will automatically use the ImagePullSecrets specified in the ServiceAccount.

You can verify this by run the command:

kubectl get pod <pod-name> -n <namespace> -o=jsonpath='{.spec.imagePullSecrets}'