oc-create-secret-docker-registry(1)

1OC CREATE SECRET(1)                June 2016               OC CREATE SECRET(1)
2
3
4

NAME

6       oc  create  secret  docker-registry  -  Create  a secret for use with a
7       Docker registry
8
9
10

SYNOPSIS

12       oc create secret docker-registry [OPTIONS]
13
14
15

DESCRIPTION

17       Create a new secret for use with Docker registries.
18
19
20       Dockercfg secrets are used to authenticate against Docker registries.
21
22
23       When using the Docker command line to push images, you can authenticate
24       to  a given registry by running: '$ docker login DOCKER REGISTRY SERVER
25       --username=DOCKER  USER   --password=DOCKER   PASSWORD   --email=DOCKER
26       _EMAIL'.
27
28
29       That  produces  a   /.dockercfg file that is used by subsequent 'docker
30       push' and 'docker pull' commands to authenticate to the  registry.  The
31       email address is optional.
32
33
34       When  creating  applications,  you  may  have  a  Docker  registry that
35       requires authentication.  In order for the nodes to pull images on your
36       behalf, they have to have the credentials.  You can provide this infor‐
37       mation by creating a dockercfg secret and attaching it to your  service
38       account.
39
40
41

OPTIONS

43       --allow-missing-template-keys=true
44           If  true, ignore any errors in templates when a field or map key is
45       missing in the template. Only applies to  golang  and  jsonpath  output
46       formats.
47
48
49       --append-hash=false
50           Append a hash of the secret to its name.
51
52
53       --docker-email=""
54           Email for Docker registry
55
56
57       --docker-password=""
58           Password for Docker registry authentication
59
60
61       --docker-server=" ⟨https://index.docker.io/v1/"⟩
62           Server location for Docker registry
63
64
65       --docker-username=""
66           Username for Docker registry authentication
67
68
69       --dry-run=false
70           If  true, only print the object that would be sent, without sending
71       it.
72
73
74       --from-file=[]
75           Key files can be specified using their file path, in which  case  a
76       default  name will be given to them, or optionally with a name and file
77       path, in which case the given name will be used.  Specifying  a  direc‐
78       tory  will  iterate  each  named  file in the directory that is a valid
79       secret key.
80
81
82       --generator="secret-for-docker-registry/v1"
83           The name of the API generator to use.
84
85
86       -o, --output=""
87           Output format. One of:  json|yaml|name|template|go-template|go-tem‐
88       plate-file|templatefile|jsonpath|jsonpath-file.
89
90
91       --save-config=false
92           If  true,  the configuration of current object will be saved in its
93       annotation. Otherwise, the annotation will be unchanged. This  flag  is
94       useful  when  you  want  to perform kubectl apply on this object in the
95       future.
96
97
98       --template=""
99           Template string or path to template file  to  use  when  -o=go-tem‐
100       plate,  -o=go-template-file.  The template format is golang templates [
101       ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
102
103
104       --validate=false
105           If true, use a schema to validate the input before sending it
106
107
108

OPTIONS INHERITED FROM PARENT COMMANDS

110       --allow_verification_with_non_compliant_keys=false
111           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
112       non-compliant with RFC6962.
113
114
115       --alsologtostderr=false
116           log to standard error as well as files
117
118
119       --application_metrics_count_limit=100
120           Max number of application metrics to store (per container)
121
122
123       --as=""
124           Username to impersonate for the operation
125
126
127       --as-group=[]
128           Group  to  impersonate for the operation, this flag can be repeated
129       to specify multiple groups.
130
131
132       --azure-container-registry-config=""
133           Path to the file containing Azure container registry  configuration
134       information.
135
136
137       --boot_id_file="/proc/sys/kernel/random/boot_id"
138           Comma-separated  list  of files to check for boot-id. Use the first
139       one that exists.
140
141
142       --cache-dir="/builddir/.kube/http-cache"
143           Default HTTP cache directory
144
145
146       --certificate-authority=""
147           Path to a cert file for the certificate authority
148
149
150       --client-certificate=""
151           Path to a client certificate file for TLS
152
153
154       --client-key=""
155           Path to a client key file for TLS
156
157
158       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
159           CIDRs opened in GCE firewall for LB traffic proxy  health checks
160
161
162       --cluster=""
163           The name of the kubeconfig cluster to use
164
165
166       --container_hints="/etc/cadvisor/container_hints.json"
167           location of the container hints file
168
169
170       --containerd="unix:///var/run/containerd.sock"
171           containerd endpoint
172
173
174       --context=""
175           The name of the kubeconfig context to use
176
177
178       --default-not-ready-toleration-seconds=300
179           Indicates    the    tolerationSeconds   of   the   toleration   for
180       notReady:NoExecute that is added by default to every pod that does  not
181       already have such a toleration.
182
183
184       --default-unreachable-toleration-seconds=300
185           Indicates  the  tolerationSeconds  of  the  toleration for unreach‐
186       able:NoExecute that is added by default to  every  pod  that  does  not
187       already have such a toleration.
188
189
190       --docker="unix:///var/run/docker.sock"
191           docker endpoint
192
193
194       --docker-tls=false
195           use TLS to connect to docker
196
197
198       --docker-tls-ca="ca.pem"
199           path to trusted CA
200
201
202       --docker-tls-cert="cert.pem"
203           path to client certificate
204
205
206       --docker-tls-key="key.pem"
207           path to private key
208
209
210       --docker_env_metadata_whitelist=""
211           a  comma-separated  list of environment variable keys that needs to
212       be collected for docker containers
213
214
215       --docker_only=false
216           Only report docker containers in addition to root stats
217
218
219       --docker_root="/var/lib/docker"
220           DEPRECATED: docker root is read from docker info (this is  a  fall‐
221       back, default: /var/lib/docker)
222
223
224       --enable_load_reader=false
225           Whether to enable cpu load reader
226
227
228       --event_storage_age_limit="default=24h"
229           Max length of time for which to store events (per type). Value is a
230       comma separated list of key values, where  the  keys  are  event  types
231       (e.g.: creation, oom) or "default" and the value is a duration. Default
232       is applied to all non-specified event types
233
234
235       --event_storage_event_limit="default=100000"
236           Max number of events to store (per type). Value is  a  comma  sepa‐
237       rated  list  of  key values, where the keys are event types (e.g.: cre‐
238       ation, oom) or "default" and  the  value  is  an  integer.  Default  is
239       applied to all non-specified event types
240
241
242       --global_housekeeping_interval=0
243           Interval between global housekeepings
244
245
246       --housekeeping_interval=0
247           Interval between container housekeepings
248
249
250       --httptest.serve=""
251           if non-empty, httptest.NewServer serves on this address and blocks
252
253
254       --insecure-skip-tls-verify=false
255           If true, the server's certificate will not be checked for validity.
256       This will make your HTTPS connections insecure
257
258
259       --kubeconfig=""
260           Path to the kubeconfig file to use for CLI requests.
261
262
263       --log-flush-frequency=0
264           Maximum number of seconds between log flushes
265
266
267       --log_backtrace_at=:0
268           when logging hits line file:N, emit a stack trace
269
270
271       --log_cadvisor_usage=false
272           Whether to log the usage of the cAdvisor container
273
274
275       --log_dir=""
276           If non-empty, write log files in this directory
277
278
279       --logtostderr=true
280           log to standard error instead of files
281
282
283       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
284           Comma-separated list of files to  check  for  machine-id.  Use  the
285       first one that exists.
286
287
288       --match-server-version=false
289           Require server version to match client version
290
291
292       -n, --namespace=""
293           If present, the namespace scope for this CLI request
294
295
296       --request-timeout="0"
297           The  length  of  time  to  wait before giving up on a single server
298       request. Non-zero values should contain a corresponding time unit (e.g.
299       1s, 2m, 3h). A value of zero means don't timeout requests.
300
301
302       -s, --server=""
303           The address and port of the Kubernetes API server
304
305
306       --stderrthreshold=2
307           logs at or above this threshold go to stderr
308
309
310       --storage_driver_buffer_duration=0
311           Writes  in  the  storage driver will be buffered for this duration,
312       and committed to the non memory backends as a single transaction
313
314
315       --storage_driver_db="cadvisor"
316           database name
317
318
319       --storage_driver_host="localhost:8086"
320           database host:port
321
322
323       --storage_driver_password="root"
324           database password
325
326
327       --storage_driver_secure=false
328           use secure connection with database
329
330
331       --storage_driver_table="stats"
332           table name
333
334
335       --storage_driver_user="root"
336           database username
337
338
339       --token=""
340           Bearer token for authentication to the API server
341
342
343       --user=""
344           The name of the kubeconfig user to use
345
346
347       -v, --v=0
348           log level for V logs
349
350
351       --version=false
352           Print version information and quit
353
354
355       --vmodule=
356           comma-separated list of pattern=N settings for  file-filtered  log‐
357       ging
358
359
360

EXAMPLE

362                # If you don't already have a .dockercfg file, you can create a dockercfg secret directly by using:
363                oc create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
364
365
366
367

HISTORY

374       June 2016, Ported from the Kubernetes man-doc generator
375
376
377
378Openshift                  Openshift CLI User Manuals      OC CREATE SECRET(1)