1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl create secret docker-registry - Create a secret for use with a
10 Docker registry
11
15 kubectl create secret docker-registry [OPTIONS]
16
20 Create a new secret for use with Docker registries.
21 Dockercfg secrets are used to authenticate against Docker registries.
24 When using the Docker command line to push images, you can authenticate
27 to a given registry by running:
28 '$ docker login DOCKER_REGISTRY_SERVER --username=DOCKER_USER
29 --password=DOCKER_PASSWORD --email=DOCKER_EMAIL'.
30 That produces a /.dockercfg file that is used by subsequent 'docker
33 push' and 'docker pull' commands to authenticate to the registry. The
34 email address is optional.
35 When creating applications, you may have a Docker registry that re‐
38 quires authentication. In order for the
39 nodes to pull images on your behalf, they have to have the creden‐
40 tials. You can provide this information
41 by creating a dockercfg secret and attaching it to your service ac‐
42 count.
43
47 --allow-missing-template-keys=true If true, ignore any errors in
48 templates when a field or map key is missing in the template. Only ap‐
49 plies to golang and jsonpath output formats.
50 --append-hash=false Append a hash of the secret to its name.
53 --docker-email="" Email for Docker registry
56 --docker-password="" Password for Docker registry authentication
59 --docker-server="https://index.docker.io/v1/" Server location for
62 Docker registry
63 --docker-username="" Username for Docker registry authentication
66 --dry-run="none" Must be "none", "server", or "client". If client
69 strategy, only print the object that would be sent, without sending it.
70 If server strategy, submit server-side request without persisting the
71 resource.
72 --field-manager="kubectl-create" Name of the manager used to track
75 field ownership.
76 --from-file=[] Key files can be specified using their file path,
79 in which case a default name will be given to them, or optionally with
80 a name and file path, in which case the given name will be used. Spec‐
81 ifying a directory will iterate each named file in the directory that
82 is a valid secret key.
83 --generator="secret-for-docker-registry/v1" The name of the API
86 generator to use.
87 -o, --output="" Output format. One of: json|yaml|name|go-tem‐
90 plate|go-template-file|template|templatefile|jsonpath|json‐
91 path-as-json|jsonpath-file.
92 --save-config=false If true, the configuration of current object
95 will be saved in its annotation. Otherwise, the annotation will be un‐
96 changed. This flag is useful when you want to perform kubectl apply on
97 this object in the future.
98 --template="" Template string or path to template file to use when
101 -o=go-template, -o=go-template-file. The template format is golang tem‐
102 plates [http://golang.org/pkg/text/template/#pkg-overview].
103 --validate=true If true, use a schema to validate the input before
106 sending it
107
111 --add-dir-header=false If true, adds the file directory to the
112 header of the log messages
113 --alsologtostderr=false log to standard error as well as files
116 --application-metrics-count-limit=100 Max number of application
119 metrics to store (per container)
120 --as="" Username to impersonate for the operation
123 --as-group=[] Group to impersonate for the operation, this flag
126 can be repeated to specify multiple groups.
127 --azure-container-registry-config="" Path to the file containing
130 Azure container registry configuration information.
131 --boot-id-file="/proc/sys/kernel/random/boot_id" Comma-separated
134 list of files to check for boot-id. Use the first one that exists.
135 --cache-dir="/builddir/.kube/cache" Default cache directory
138 --certificate-authority="" Path to a cert file for the certificate
141 authority
142 --client-certificate="" Path to a client certificate file for TLS
145 --client-key="" Path to a client key file for TLS
148 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
151 CIDRs opened in GCE firewall for L7 LB traffic proxy health
152 checks
153 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
156 CIDRs opened in GCE firewall for L4 LB traffic proxy health
157 checks
158 --cluster="" The name of the kubeconfig cluster to use
161 --container-hints="/etc/cadvisor/container_hints.json" location of
164 the container hints file
165 --containerd="/run/containerd/containerd.sock" containerd endpoint
168 --containerd-namespace="k8s.io" containerd namespace
171 --context="" The name of the kubeconfig context to use
174 --default-not-ready-toleration-seconds=300 Indicates the tolera‐
177 tionSeconds of the toleration for notReady:NoExecute that is added by
178 default to every pod that does not already have such a toleration.
179 --default-unreachable-toleration-seconds=300 Indicates the tolera‐
182 tionSeconds of the toleration for unreachable:NoExecute that is added
183 by default to every pod that does not already have such a toleration.
184 --disable-root-cgroup-stats=false Disable collecting root Cgroup
187 stats
188 --docker="unix:///var/run/docker.sock" docker endpoint
191 --docker-env-metadata-whitelist="" a comma-separated list of envi‐
194 ronment variable keys matched with specified prefix that needs to be
195 collected for docker containers
196 --docker-only=false Only report docker containers in addition to
199 root stats
200 --docker-root="/var/lib/docker" DEPRECATED: docker root is read
203 from docker info (this is a fallback, default: /var/lib/docker)
204 --docker-tls=false use TLS to connect to docker
207 --docker-tls-ca="ca.pem" path to trusted CA
210 --docker-tls-cert="cert.pem" path to client certificate
213 --docker-tls-key="key.pem" path to private key
216 --enable-load-reader=false Whether to enable cpu load reader
219 --event-storage-age-limit="default=0" Max length of time for which
222 to store events (per type). Value is a comma separated list of key val‐
223 ues, where the keys are event types (e.g.: creation, oom) or "default"
224 and the value is a duration. Default is applied to all non-specified
225 event types
226 --event-storage-event-limit="default=0" Max number of events to
229 store (per type). Value is a comma separated list of key values, where
230 the keys are event types (e.g.: creation, oom) or "default" and the
231 value is an integer. Default is applied to all non-specified event
232 types
233 --global-housekeeping-interval=1m0s Interval between global house‐
236 keepings
237 --housekeeping-interval=10s Interval between container housekeep‐
240 ings
241 --insecure-skip-tls-verify=false If true, the server's certificate
244 will not be checked for validity. This will make your HTTPS connections
245 insecure
246 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
249 quests.
250 --log-backtrace-at=:0 when logging hits line file:N, emit a stack
253 trace
254 --log-cadvisor-usage=false Whether to log the usage of the cAdvi‐
257 sor container
258 --log-dir="" If non-empty, write log files in this directory
261 --log-file="" If non-empty, use this log file
264 --log-file-max-size=1800 Defines the maximum size a log file can
267 grow to. Unit is megabytes. If the value is 0, the maximum file size is
268 unlimited.
269 --log-flush-frequency=5s Maximum number of seconds between log
272 flushes
273 --logtostderr=true log to standard error instead of files
276 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
279 Comma-separated list of files to check for machine-id. Use the
280 first one that exists.
281 --match-server-version=false Require server version to match
284 client version
285 -n, --namespace="" If present, the namespace scope for this CLI
288 request
289 --one-output=false If true, only write logs to their native sever‐
292 ity level (vs also writing to each lower severity level
293 --password="" Password for basic authentication to the API server
296 --profile="none" Name of profile to capture. One of
299 (none|cpu|heap|goroutine|threadcreate|block|mutex)
300 --profile-output="profile.pprof" Name of the file to write the
303 profile to
304 --referenced-reset-interval=0 Reset interval for referenced bytes
307 (container_referenced_bytes metric), number of measurement cycles after
308 which referenced bytes are cleared, if set to 0 referenced bytes are
309 never cleared (default: 0)
310 --request-timeout="0" The length of time to wait before giving up
313 on a single server request. Non-zero values should contain a corre‐
314 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
315 out requests.
316 -s, --server="" The address and port of the Kubernetes API server
319 --skip-headers=false If true, avoid header prefixes in the log
322 messages
323 --skip-log-headers=false If true, avoid headers when opening log
326 files
327 --stderrthreshold=2 logs at or above this threshold go to stderr
330 --storage-driver-buffer-duration=1m0s Writes in the storage driver
333 will be buffered for this duration, and committed to the non memory
334 backends as a single transaction
335 --storage-driver-db="cadvisor" database name
338 --storage-driver-host="localhost:8086" database host:port
341 --storage-driver-password="root" database password
344 --storage-driver-secure=false use secure connection with database
347 --storage-driver-table="stats" table name
350 --storage-driver-user="root" database username
353 --tls-server-name="" Server name to use for server certificate
356 validation. If it is not provided, the hostname used to contact the
357 server is used
358 --token="" Bearer token for authentication to the API server
361 --update-machine-info-interval=5m0s Interval between machine info
364 updates.
365 --user="" The name of the kubeconfig user to use
368 --username="" Username for basic authentication to the API server
371 -v, --v=0 number for the log level verbosity
374 --version=false Print version information and quit
377 --vmodule= comma-separated list of pattern=N settings for
380 file-filtered logging
381 --warnings-as-errors=false Treat warnings received from the server
384 as errors and exit with a non-zero exit code
385
389 # If you don't already have a .dockercfg file, you can create a dockercfg secret directly by using:
390 kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
391
396 kubectl-create-secret(1),
397
401 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
402 com) based on the kubernetes source material, but hopefully they have
403 been automatically generated since!
404Manuals User KUBERNETES(1)(kubernetes)