https://pulumi.com logo
Title
h

handsome-state-59775

04/06/2021, 4:15 AM
What is the Pulumi equivalent of
kubectl -n $NAMESPACE patch serviceaccount default -p '{"imagePullSecrets": [{"name": "regcred"}]}'
? (azure-natice, python, pulumi_kubernetes)
b

better-shampoo-48884

04/06/2021, 6:10 AM
Not sure if there's a patch command, but would be surprised if there was one. Since both pulumi and kubernetes both operate declaratively, it would make more sense to have the the whole resource under pulumi management and then just modify that aspect and apply it again. https://www.pulumi.com/docs/reference/pkg/kubernetes/core/v1/serviceaccount/ handles serviceAccounts and allows you to set the imagePullSecrets.
w

white-balloon-205

04/07/2021, 5:18 AM
That said, this comes up a lot, and we’d love to offer a way to opt-in to patch behaviour - see https://github.com/pulumi/pulumi-kubernetes/issues/264.
h

handsome-state-59775

04/14/2021, 1:35 PM
so here's how i ended up doing it:
def patch_service_account_default(
        kubeconfig: p.Output,
        namespace: k8s.core.v1.Namespace,
        image_pull_secret_name: str,
) -> None:
    """Patches default serviceaccount of namespace with image pull secret."""
    serviceaccount_patch = p.Output.all(
            kubeconfig=kubeconfig,
            namespace_metadata=namespace.metadata,
    ).apply(
            lambda args:
            subprocess.run(
                    f"kubectl --kubeconfig=<(echo '{args['kubeconfig']}')"
                    f" -n {args['namespace_metadata']['name']}"
                    ' patch serviceaccount default'
                    ''' -p '{"imagePullSecrets": [{'''
                    f'"name": "{image_pull_secret_name}"'
                    '''}]}' ''',
                    executable='/bin/bash',
                    shell=True,
                    check=True,
                    capture_output=True,
            ),
    )

    serviceaccount_patch.apply(
            lambda results:
            p.info(
                    msg=results.stdout.decode(),
                    resource=namespace,
            ) if results.stdout else None,
    )
    serviceaccount_patch.apply(
            lambda results:
            p.error(
                    msg=results.stderr.decode(),
                    resource=namespace,
            ) if results.stderr else None,
    )
🙌 1