All Policies

Add imagePullSecrets for Containers and InitContainers

Images coming from certain registries require authentication in order to pull them, and the kubelet uses this information in the form of an imagePullSecret to pull those images on behalf of your Pod. This policy searches for images coming from a registry called `corp.reg.com` referenced by either one of the containers or one of the init containers and, if found, will mutate the Pod to add an imagePullSecret called `my-secret`.

Policy Definition

/other/add-imagepullsecrets-for-containers-and-initcontainers/add-imagepullsecrets-for-containers-and-initcontainers.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: add-imagepullsecrets-for-containers-and-initcontainers
 5  annotations:
 6    policies.kyverno.io/title: Add imagePullSecrets for Containers and InitContainers
 7    policies.kyverno.io/category: Sample
 8    policies.kyverno.io/subject: Pod
 9    policies.kyverno.io/minversion: 1.6.0
10    kyverno.io/kyverno-version: 1.6.2
11    kyverno.io/kubernetes-version: "1.23"
12    policies.kyverno.io/description: >-
13      Images coming from certain registries require authentication in order to pull them,
14      and the kubelet uses this information in the form of an imagePullSecret to pull
15      those images on behalf of your Pod. This policy searches for images coming from a
16      registry called `corp.reg.com` referenced by either one of the containers or one 
17      of the init containers and, if found, will mutate the Pod to add an
18      imagePullSecret called `my-secret`.
19spec:
20  rules:
21  - name: add-imagepullsecret
22    match:
23      any:
24      - resources:
25          kinds:
26          - Pod
27    preconditions:
28      any:
29      - key: "corp.reg.com"
30        operator: AnyIn
31        value: "{{ images.initContainers.*.registry || `[]` }}"
32      - key: "corp.reg.com"          
33        operator: AnyIn
34        value: "{{ images.containers.*.registry }}"
35    mutate:
36      patchStrategicMerge:
37        spec:
38          imagePullSecrets:
39          - name: my-secret