-
Notifications
You must be signed in to change notification settings - Fork 2
/
patch-image-pull-secrets.sh
executable file
·42 lines (36 loc) · 1.68 KB
/
patch-image-pull-secrets.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/bash
# This utility script adds 'imagePullSecrets: - name: regcred' to each Deployment and StatefulSet in the cluster.
# We could also patch DaemonSets but they don't seem to need the patching, so we skip them for now.
# NOTE: This should be safe to run multiple times on the same cluster.
# If a deployment/statefulset has already been patched, repatching it should be a no-op.
# Compatible with both Deployments and StatefulSets
DEPLOYMENT_PATCH="spec:
template:
spec:
imagePullSecrets:
- name: regcred"
echo "Applying patch:"
echo "$DEPLOYMENT_PATCH"
echo ""
for ns in $(kubectl get namespaces -o name | sed 's,namespace/,,g'); do
# explicitly avoid touching anything these namespaces since they shouldn't need patching in practice
if [ "$ns" = "default" -o "$ns" = "kube-node-lease" -o "$ns" = "kube-public" ]; then
echo "Skipping namespace: $ns"
echo ""
continue
fi
echo "Patching namespace: $ns"
# in kube-system, only patch opstrace-controller, leave everything else alone
if [ "$ns" = "kube-system" ]; then
kubectl patch deployment -n kube-system opstrace-controller --patch "$DEPLOYMENT_PATCH"
continue
fi
for deployment in $(kubectl get deployments -n $ns -o name | sed 's,deployment.apps/,,g'); do
kubectl patch deployment -n $ns $deployment --patch "$DEPLOYMENT_PATCH"
done
for statefulset in $(kubectl get statefulsets -n $ns -o name | sed 's,statefulset.apps/,,g'); do
kubectl patch statefulset -n $ns $statefulset --patch "$DEPLOYMENT_PATCH"
done
echo ""
done
echo "Done! You may need to manually delete some StatefulSet pods for them to pick up the imagePullSecret"