Add imagePullSecrets

Images coming from certain registries require authentication in order to pull them, and the kubelet uses this information in the form of an imagePullSecret to pull those images on behalf of your Pod. This policy searches for images coming from a registry called `corp.reg.com` and, if found, will mutate the Pod to add an imagePullSecret called `my-secret`.

Policy Definition

/other/add-imagepullsecrets/add-imagepullsecrets.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: add-imagepullsecrets
 5  annotations:
 6    policies.kyverno.io/title: Add imagePullSecrets
 7    policies.kyverno.io/category: Sample
 8    policies.kyverno.io/subject: Pod
 9    policies.kyverno.io/minversion: 1.6.0
10    policies.kyverno.io/description: >-
11      Images coming from certain registries require authentication in order to pull them,
12      and the kubelet uses this information in the form of an imagePullSecret to pull
13      those images on behalf of your Pod. This policy searches for images coming from a
14      registry called `corp.reg.com` and, if found, will mutate the Pod to add an
15      imagePullSecret called `my-secret`.
16spec:
17  rules:
18  - name: add-imagepullsecret
19    match:
20      any:
21      - resources:
22          kinds:
23          - Pod
24    mutate:
25      patchStrategicMerge:
26        spec:
27          containers:
28          - <(image): "corp.reg.com/*"
29          imagePullSecrets:
30          - name: my-secret

Create policy issue