Menu
I can run this command to create a docker registry secret for a kubernetes cluster:
kubectl create secret docker-registry regsecret \ --docker-server=docker.example.com \ --docker-username=kube \ --docker-password=PW_STRING \ [email protected] \ --namespace mynamespace I would like to create the same secret from a YAML file. Does anyone know how this can be set in a YAML file?
I need this as a YAML file so that it can be used as a Helm template, which allows for a Helm install command such as this (simplified) one:
helm install ... --set docker.user=peter,docker.pw=foobar,docker.email=... 
338
Create a Secret by providing credentials on the command line <your-registry-server> is your Private Docker Registry FQDN. Use https://index.docker.io/v1/ for DockerHub. <your-name> is your Docker username. <your-pword> is your Docker password.
To create a Kubernetes secret, apply one of the following methods: Use kubectl for a command-line based approach. Create a configuration file for the secret. Use a generator, such as Kustomize to generate the secret.
Create a Secret based on existing Docker credentials. A Kubernetes cluster uses the Secret of kubernetes.io/dockerconfigjson type to authenticate with a container registry to pull a private image. If you already ran docker login, you can copy that credential into Kubernetes: kubectl create secret generic regcred --from-file=.
When you do not have a Docker config file, or you want to use kubectl to create a Docker registry Secret, you can do: kubectl create secret docker-registry secret-tiger-docker --docker-username=tiger --docker-password=pass113 [email protected] This command creates a Secret of type kubernetes.io/dockerconfigjson.
When using the CLI format basically you're using a generator of the yaml before posting it to the server-side. Since Kubernetes is client-server app with REST API in between, and the actions need to be atomic, the posted YAML needs to contain the content of the file, and best way to do that is by embedding it as a base64 format in-line.
The program in a container is responsible for reading the secrets from the files. When a secret currently consumed in a volume is updated, projected keys are eventually updated as well. The kubelet checks whether the mounted secret is fresh on every periodic sync.
You can write that yaml by yourself, but it will be faster to create it in 2 steps using kubectl:
yaml.Here is an example of a command that will save a secret into a 'docker-secret.yaml' file for kubectl version < 1.18 (check the version by kubectl version --short|grep Client):
kubectl create secret docker-registry --dry-run=true $secret_name \ --docker-server=<DOCKER_REGISTRY_SERVER> \ --docker-username=<DOCKER_USER> \ --docker-password=<DOCKER_PASSWORD> \ --docker-email=<DOCKER_EMAIL> -o yaml > docker-secret.yaml For kubectl version >= 1.18:
kubectl create secret docker-registry --dry-run=client $secret_name \ --docker-server=<DOCKER_REGISTRY_SERVER> \ --docker-username=<DOCKER_USER> \ --docker-password=<DOCKER_PASSWORD> \ --docker-email=<DOCKER_EMAIL> -o yaml > docker-secret.yaml You can apply the file like any other Kubernetes 'yaml':
kubectl apply -f docker-secret.yaml
UPD, as a question has been updated.
If you are using Helm, here is an official documentation about how to create an ImagePullSecret.
From a doc:
values.yaml file like so:imageCredentials: registry: quay.io username: someone password: sillyness {{- define "imagePullSecret" }} {{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }} {{- end }} Secret manifest:apiVersion: v1 kind: Secret metadata: name: myregistrykey type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ template "imagePullSecret" . }} You can kubectl apply the output of an imperative command in one line:
kubectl create secret docker-registry --dry-run=true $secret_name \ --docker-server=<DOCKER_REGISTRY_SERVER> \ --docker-username=<DOCKER_USER> \ --docker-password=<DOCKER_PASSWORD> \ --docker-email=<DOCKER_EMAIL> -o yaml | kubectl apply -f - If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
