6

I have a set of kubernetes config files that work in one environment. I'm looking to deploy into another environment where I need to add an imagePullSecrets entry to all of the Deployment configs.

I can do:

regcred-1.yaml:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: deployment-1
spec:
  template:
    spec:
      imagePullSecrets:
      - name: regcred

kustomization.yaml:

bases:
  - ../base

patchesStrategicMerge:
  - regcred-1.yaml

and that will patch only deployment-1.

Is there a way to apply the patch to all deployments?

Job Evers
  • 4,077
  • 5
  • 20
  • 26

3 Answers3

8

Using Inline Patch:

kind: Kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
resources:
  - ../../base
patches:
  - target:
      kind: Deployment
    patch: |-
      - op: add
        path: /spec/template/spec/imagePullSecrets
        value: [{ name: image-pull-secret }]

Reference: Patching multiple resources at once.

albertocavalcante
  • 437
  • 5
  • 11
5

Something like this seems to work to append an imagePullSecret:

patches:
    -   target:
            kind: Deployment
        patch: |-
            - op: add
              path: /spec/template/spec/imagePullSecrets/-
              value:
                name: regcred
    -   target:
            kind: CronJob
        patch: |-
            - op: replace
              path: /spec/jobTemplate/spec/template/spec/imagePullSecrets
              value:
                - name: regcred

Or more simply, you can just run this once:

kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "regcred"}]}'
mpen
  • 272,448
  • 266
  • 850
  • 1,236
4

You could use patches field instead of patchesStrategicMerge in order to patch multiple resources.

Based on this demo example you can do this by specifiyng patch and target selector: 

patches:
- path: <PatchFile>   target:
    group: <Group>
    version: <Version>
    kind: <Kind>
    name: <Name>
    namespace: <Namespace>
    labelSelector: <LabelSelector>
    annotationSelector: <AnnotationSelector>

In this case your kustomization.yaml should look like this: 

bases:
  - ../base

patches:
- path: regcred-1.yaml
 target:
   kind: Deployment

Let me know if that solved your case.

acid_fuji
  • 6,287
  • 7
  • 22
  • Unfortunately `patches` is deprecated. I tried `patchesJson6902` and it seems also only want a target that points to a single Kubernetes object, not multiple. – Job Evers Dec 09 '19 at 16:49
  • deprecation note: https://github.com/kubernetes-sigs/kustomize/blob/master/docs/v2.0.0.md#patches – Job Evers Dec 09 '19 at 16:53
  • Indeed but when i look at the newer releases i can see that there is option to do that. [Here is release note for 3.1.0](https://github.com/kubernetes-sigs/kustomize/blob/master/docs/v3.1.0.md#extended-patches) – acid_fuji Dec 10 '19 at 07:22
  • 1
    Thanks! I didn't realize that the kustomize that comes bundled with kubectl is only version 2.0.3. I installed the most recent release and the `patches` key worked great! – Job Evers Dec 11 '19 at 17:19
  • If my answer was helpful would you consider accepting and [upvoting it](https://stackoverflow.com/help/why-vote)? – acid_fuji Dec 12 '19 at 08:21
  • 1
    documented here: https://kubernetes-sigs.github.io/kustomize/api-reference/kustomization/patches/ – CpILL Aug 27 '20 at 04:12