For Kubernetes Deployment we can specify imagePullSecrets to allow it to pull Docker images from our private registry. But as far as I can tell, StatefulSet doesn't support this?
How can I supply a pullsecret to my StatefulSet?
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis
namespace: {{ .Values.namespace }}
labels:
app: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
serviceName: redis-service
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: redis
spec:
terminationGracePeriodSeconds: 10
# imagePullSecrets not valid here for StatefulSet :-(
containers:
- image: {{ .Values.image }}
StatefulSet supports imagePullSecrets. You can check it as follows.
$ kubectl explain statefulset.spec.template.spec --api-version apps/v1
:
imagePullSecrets <[]Object>
ImagePullSecrets is an optional list of references to secrets in the same
namespace to use for pulling any of the images used by this PodSpec. If
specified, these secrets will be passed to individual puller
implementations for them to use. For example, in the case of docker, only
DockerConfig type secrets are honored. More info:
https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
:
For instance, you can try if the following sample StatefulSet can create in your cluster first.
$ kubectl create -f - <<EOF
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: web
spec:
serviceName: "nginx"
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
imagePullSecrets:
- name: YOUR-PULL-SECRET-NAME
containers:
- name: nginx
image: k8s.gcr.io/nginx-slim:0.8
ports:
- containerPort: 80
name: web
EOF
$ kubectl get pod web-0 -o yaml | \
grep -E '^[[:space:]]+imagePullSecrets:' -A1
imagePullSecrets:
- name: YOUR-PULL-SECRET-NAME