Vault-k8s imagePullSecrets

I have setup vault-k8s to pull the vault image (for injection/sidecar) from a public registry, but the image for my main workload is behind a private registry.

  1. Is there a way to use vault-k8s to retrieve the private registry’s imagePullSecrets from vault at deploy-time. At the moment, I have kubectl create a Secret in the pod’s target namespace before I apply my deployment.

  2. If (1) is not possible, what secure patterns are others in the k8s/vault community using?