As far as I know, usually the default serviceAccount is responsible for pulling the images. To easily add imagePullSecrets to a serviceAccount you can use the patch command:

kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "mySecret"}]}'

It's possible to use kubectl patch in a script that inserts imagePullSecrets on serviceAccounts across all namespaces.

If it´s too complicated to manage multiple namespaces you can have look at kubernetes-replicator, which syncs resources between namespaces.

Solution 2:
This section of the doc explains how you can set the private registry on a node basis:

Here are the recommended steps to configuring your nodes to use a private registry. In this example, run these on your desktop/laptop:

1. Run docker login [server] for each set of credentials you want to use. This updates $HOME/.docker/config.json.
2. View $HOME/.docker/config.json in an editor to ensure it contains just the credentials you want to use.

3. Get a list of your nodes, for example:

   • If you want the names:
     nodes=$(kubectl get nodes -o jsonpath='{range.items[*].metadata}{.name} {end}')

   • If you want to get the IPs:
     nodes=$(kubectl get nodes -o jsonpath='{range .items[*].status.addresses[?(@.type=="ExternalIP")]}{.address} {end}')

4. Copy your local .docker/config.json to one of the search paths list above. for example:

   for n in $nodes; do scp ~/.docker/config.json root@$n:/var/lib/kubelet/config.json; done

Solution 3:
A (very dirty!) way I discovered to not need to set up an imagePullSecret on a deployment / serviceAccount basis is to:

1. Set ImagePullPolicy: IfNotPresent
2. Pulling the image in each node
   2.1. manually using docker pull myrepo/image:tag.
   2.2. using a script or a tool like docker-puller to automate that process.

Well, I think I don't need to explain how ugly is that.

PS: If it helps, I found an issue on kubernetes/kops about the feature of creating a global configuration for private registry.