I've got a problem that I cannot solve nicely it seems. I've got a Kubernetes cluster running on GCP and a custom HELM chart helm/foo. I have multiple instances of the chart running with different names and need to change it so it each runs in its own namespace. Not really hard as it's just a parameter to helm:
helm install --name bar --namespace bar helm/foo
Inside the chart there are several things, among them a deployment with an imagePullSecret provided:
imagePullSecret: scrt
This works nicely when deploying to default namespace, or rather, the same namespace as the secret is located in. But fails when a namespace is provided as the namespace "bar" doesn't have access to "scrt" which is in default namespace.
To solve this many sources do something like here: https://stackoverflow.com/questions/46297949/kubernetes-sharing-secret-across-namespaces where the secret is copied between namespaces. This is a fine solution if you have a script running the whole show but no feasible for me as N instances of chart helm/test are deployed by Terraform.
So my question is: how can I create a new imagePullSecret from an existing one using only helm/yaml? I could package the json file in the chart but would like to avoid having secrets outside of K8.
Thanks!