This message was deleted.
# kubernetess
sparse-intern-71089
04/06/2021, 4:15 AMThis message was deleted.
b
better-shampoo-48884
04/06/2021, 6:10 AMNot sure if there's a patch command, but would be surprised if there was one. Since both pulumi and kubernetes both operate declaratively, it would make more sense to have the the whole resource under pulumi management and then just modify that aspect and apply it again. https://www.pulumi.com/docs/reference/pkg/kubernetes/core/v1/serviceaccount/ handles serviceAccounts and allows you to set the imagePullSecrets.
w
white-balloon-205
04/07/2021, 5:18 AM
That said, this comes up a lot, and we’d love to offer a way to opt-in to patch behaviour - see https://github.com/pulumi/pulumi-kubernetes/issues/264.
h
handsome-state-59775
04/14/2021, 1:35 PMIs it possible to get sample code for this:
https://github.com/pulumi/pulumi-kubernetes/issues/264#issuecomment-819522599
handsome-state-59775
04/16/2021, 6:49 AMso here's how i ended up doing it:
Copy code
def patch_service_account_default(
kubeconfig: p.Output,
namespace: k8s.core.v1.Namespace,
image_pull_secret_name: str,
) -> None:
"""Patches default serviceaccount of namespace with image pull secret."""
serviceaccount_patch = p.Output.all(
kubeconfig=kubeconfig,
namespace_metadata=namespace.metadata,
).apply(
lambda args:
subprocess.run(
f"kubectl --kubeconfig=<(echo '{args['kubeconfig']}')"
f" -n {args['namespace_metadata']['name']}"
' patch serviceaccount default'
''' -p '{"imagePullSecrets": [{'''
f'"name": "{image_pull_secret_name}"'
'''}]}' ''',
executable='/bin/bash',
shell=True,
check=True,
capture_output=True,
),
)
serviceaccount_patch.apply(
lambda results:
p.info(
msg=results.stdout.decode(),
resource=namespace,
) if results.stdout else None,
)
serviceaccount_patch.apply(
lambda results:
p.error(
msg=results.stderr.decode(),
resource=namespace,
) if results.stderr else None,
)🙌 1
3 Views