What I have
I have used Kube secrets for private Docker registry authentication in the default namespace. That works as expected. For example:
$ kubectl get secret regsecret
NAME TYPE DATA AGE
regsecret kubernetes.io/dockerconfigjson 1 30m
Which is referenced in my deployment.yml as shown in the snippet below:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 1
template:
...
spec:
containers:
- name: bootstrap-nginx
image: quay.io/example/nginx:latest
...
imagePullSecrets:
- name: regsecretHere's my question
I need to create the regsecret above in a namepsace, for example, myns as shown below:
$ kubectl get secret regsecret --namespace=myns
NAME TYPE DATA AGE
regsecret kubernetes.io/dockerconfigjson 1 30m
With this, how do I reference regsecret from myns namespace into my deployment spec? If I use imagePullSecrets as shown above, it fails saying that Kubernetes could not pull the image (the secret regsecret could not be found). Is there a way to reference "fully qualified" secret name in imagePullSecrets?
By design, there is no way to accomplish this. You will need to create the regsecret in the same namespace where your Deployment is.
ImagePullSecretsis an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored.
See also: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod