Create kubernetes docker-registry secret from yaml file?
You can kubectl apply the output of an imperative command in one line:
kubectl create secret docker-registry --dry-run=true $secret_name \
--docker-server=<DOCKER_REGISTRY_SERVER> \
--docker-username=<DOCKER_USER> \
--docker-password=<DOCKER_PASSWORD> \
--docker-email=<DOCKER_EMAIL> -o yaml | kubectl apply -f -
In case someone also just wants to have a mapping of kubectl command to yaml file:
kubectl create secret docker-registry --dry-run=true dockerhostsecretname \
--docker-server=localhost \
--docker-username=root \
--docker-password=toor \
[email protected] -o yaml
gives me
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyJsb2NhbGhvc3QiOnsidXNlcm5hbWUiOiJyb290IiwicGFzc3dvcmQiOiJ0b29yIiwiZW1haWwiOiJyb290QHRvb3IubmwiLCJhdXRoIjoiY205dmREcDBiMjl5In19fQ==
kind: Secret
metadata:
creationTimestamp: null
name: dockerhostsecretname
type: kubernetes.io/dockerconfigjson
The base64 string for the password:
eyJhdXRocyI6eyJsb2NhbGhvc3QiOnsidXNlcm5hbWUiOiJyb290IiwicGFzc3dvcmQiOiJ0b29yIiwiZW1haWwiOiJyb290QHRvb3IubmwiLCJhdXRoIjoiY205dmREcDBiMjl5In19fQ
decodes as:
{"auths":{"localhost":{"username":"root","password":"toor","email":"[email protected]","auth":"cm9vdDp0b29y"}}}
You can write that yaml by yourself, but it will be faster to create it in 2 steps using kubectl:
- Generate a 'yaml' file. You can use the same command but in dry-run mode and output mode
yaml.
Here is an example of a command that will save a secret into a 'docker-secret.yaml' file for kubectl version < 1.18 (check the version by kubectl version --short|grep Client):
kubectl create secret docker-registry --dry-run=true $secret_name \
--docker-server=<DOCKER_REGISTRY_SERVER> \
--docker-username=<DOCKER_USER> \
--docker-password=<DOCKER_PASSWORD> \
--docker-email=<DOCKER_EMAIL> -o yaml > docker-secret.yaml
For kubectl version >= 1.18:
kubectl create secret docker-registry --dry-run=client $secret_name \
--docker-server=<DOCKER_REGISTRY_SERVER> \
--docker-username=<DOCKER_USER> \
--docker-password=<DOCKER_PASSWORD> \
--docker-email=<DOCKER_EMAIL> -o yaml > docker-secret.yaml
You can apply the file like any other Kubernetes 'yaml':
kubectl apply -f docker-secret.yaml
UPD, as a question has been updated.
If you are using Helm, here is an official documentation about how to create an ImagePullSecret.
From a doc:
- First, assume that the credentials are defined in the
values.yamlfile like so:
imageCredentials:
registry: quay.io
username: someone
password: sillyness
- We then define our helper template as follows:
{{- define "imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }}
{{- end }}
- Finally, we use the helper template in a larger template to create the
Secretmanifest:
apiVersion: v1
kind: Secret
metadata:
name: myregistrykey
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ template "imagePullSecret" . }}
cat <<EOF | kubectl apply -f -
---
apiVersion: v1
kind: Secret
metadata:
name: regcred
data:
.dockerconfigjson: $(echo "{\"auths\": {\"https://index.docker.io/v1/\": {\"auth\": \"$(echo "janedoe:xxxxxxxxxxx" | base64)\"}}}" | base64)
type: kubernetes.io/dockerconfigjson
EOF