1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl  create secret docker-registry - Create a secret for use with a
10       Docker registry
11
12
13

SYNOPSIS

15       kubectl create secret docker-registry [OPTIONS]
16
17
18

DESCRIPTION

20       Create a new secret for use with Docker registries.
21
22
23       Dockercfg secrets are used to authenticate against Docker registries.
24
25
26       When using the Docker command line to push images, you can authenticate
27       to a given registry by running:
28             '$  docker  login  DOCKER_REGISTRY_SERVER  --username=DOCKER_USER
29       --password=DOCKER_PASSWORD --email=DOCKER_EMAIL'.
30
31
32       That produces a  /.dockercfg file that is used  by  subsequent  'docker
33       push'  and  'docker pull' commands to authenticate to the registry. The
34       email address is optional.
35
36
37       When creating applications, you may have a  Docker  registry  that  re‐
38       quires authentication.  In order for the
39         nodes  to  pull  images on your behalf, they have to have the creden‐
40       tials.  You can provide this information
41         by creating a dockercfg secret and attaching it to your  service  ac‐
42       count.
43
44
45

OPTIONS

47       --allow-missing-template-keys=true       If  true, ignore any errors in
48       templates when a field or map key is missing in the template. Only  ap‐
49       plies to golang and jsonpath output formats.
50
51
52       --append-hash=false      Append a hash of the secret to its name.
53
54
55       --docker-email=""      Email for Docker registry
56
57
58       --docker-password=""      Password for Docker registry authentication
59
60
61       --docker-server="https://index.docker.io/v1/"       Server location for
62       Docker registry
63
64
65       --docker-username=""      Username for Docker registry authentication
66
67
68       --dry-run="none"      Must be "none", "server", or "client". If  client
69       strategy, only print the object that would be sent, without sending it.
70       If server strategy, submit server-side request without  persisting  the
71       resource.
72
73
74       --field-manager="kubectl-create"      Name of the manager used to track
75       field ownership.
76
77
78       --from-file=[]      Key files can be specified using their  file  path,
79       in  which case a default name will be given to them, or optionally with
80       a name and file path, in which case the given name will be used.  Spec‐
81       ifying  a  directory will iterate each named file in the directory that
82       is a valid secret key.
83
84
85       -o, --output=""       Output  format.  One  of:  json|yaml|name|go-tem‐
86       plate|go-template-file|template|templatefile|jsonpath|json‐
87       path-as-json|jsonpath-file.
88
89
90       --save-config=false      If true, the configuration of  current  object
91       will  be saved in its annotation. Otherwise, the annotation will be un‐
92       changed. This flag is useful when you want to perform kubectl apply  on
93       this object in the future.
94
95
96       --show-managed-fields=false       If  true, keep the managedFields when
97       printing objects in JSON or YAML format.
98
99
100       --template=""      Template string or path to template file to use when
101       -o=go-template, -o=go-template-file. The template format is golang tem‐
102       plates [http://golang.org/pkg/text/template/#pkg-overview].
103
104
105       --validate=true      If true, use a schema to validate the input before
106       sending it
107
108
109

OPTIONS INHERITED FROM PARENT COMMANDS

111       --add-dir-header=false       If  true,  adds  the file directory to the
112       header of the log messages
113
114
115       --alsologtostderr=false      log to standard error as well as files
116
117
118       --application-metrics-count-limit=100      Max  number  of  application
119       metrics to store (per container)
120
121
122       --as=""      Username to impersonate for the operation
123
124
125       --as-group=[]       Group  to  impersonate for the operation, this flag
126       can be repeated to specify multiple groups.
127
128
129       --azure-container-registry-config=""      Path to the  file  containing
130       Azure container registry configuration information.
131
132
133       --boot-id-file="/proc/sys/kernel/random/boot_id"        Comma-separated
134       list of files to check for boot-id. Use the first one that exists.
135
136
137       --cache-dir="/builddir/.kube/cache"      Default cache directory
138
139
140       --certificate-authority=""      Path to a cert file for the certificate
141       authority
142
143
144       --client-certificate=""      Path to a client certificate file for TLS
145
146
147       --client-key=""      Path to a client key file for TLS
148
149
150       --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
151            CIDRs opened in GCE firewall for  L7  LB  traffic  proxy    health
152       checks
153
154
155       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
156            CIDRs opened in GCE firewall for  L4  LB  traffic  proxy    health
157       checks
158
159
160       --cluster=""      The name of the kubeconfig cluster to use
161
162
163       --container-hints="/etc/cadvisor/container_hints.json"      location of
164       the container hints file
165
166
167       --containerd="/run/containerd/containerd.sock"      containerd endpoint
168
169
170       --containerd-namespace="k8s.io"      containerd namespace
171
172
173       --context=""      The name of the kubeconfig context to use
174
175
176       --default-not-ready-toleration-seconds=300      Indicates  the  tolera‐
177       tionSeconds  of  the toleration for notReady:NoExecute that is added by
178       default to every pod that does not already have such a toleration.
179
180
181       --default-unreachable-toleration-seconds=300      Indicates the tolera‐
182       tionSeconds  of  the toleration for unreachable:NoExecute that is added
183       by default to every pod that does not already have such a toleration.
184
185
186       --disable-root-cgroup-stats=false      Disable collecting  root  Cgroup
187       stats
188
189
190       --docker="unix:///var/run/docker.sock"      docker endpoint
191
192
193       --docker-env-metadata-whitelist=""      a comma-separated list of envi‐
194       ronment variable keys matched with specified prefix that  needs  to  be
195       collected for docker containers
196
197
198       --docker-only=false       Only  report docker containers in addition to
199       root stats
200
201
202       --docker-root="/var/lib/docker"      DEPRECATED: docker  root  is  read
203       from docker info (this is a fallback, default: /var/lib/docker)
204
205
206       --docker-tls=false      use TLS to connect to docker
207
208
209       --docker-tls-ca="ca.pem"      path to trusted CA
210
211
212       --docker-tls-cert="cert.pem"      path to client certificate
213
214
215       --docker-tls-key="key.pem"      path to private key
216
217
218       --enable-load-reader=false      Whether to enable cpu load reader
219
220
221       --event-storage-age-limit="default=0"      Max length of time for which
222       to store events (per type). Value is a comma separated list of key val‐
223       ues,  where the keys are event types (e.g.: creation, oom) or "default"
224       and the value is a duration. Default is applied  to  all  non-specified
225       event types
226
227
228       --event-storage-event-limit="default=0"       Max  number  of events to
229       store (per type). Value is a comma separated list of key values,  where
230       the  keys  are  event  types (e.g.: creation, oom) or "default" and the
231       value is an integer. Default is  applied  to  all  non-specified  event
232       types
233
234
235       --global-housekeeping-interval=1m0s      Interval between global house‐
236       keepings
237
238
239       --housekeeping-interval=10s      Interval between container  housekeep‐
240       ings
241
242
243       --insecure-skip-tls-verify=false      If true, the server's certificate
244       will not be checked for validity. This will make your HTTPS connections
245       insecure
246
247
248       --kubeconfig=""       Path  to  the  kubeconfig file to use for CLI re‐
249       quests.
250
251
252       --log-backtrace-at=:0      when logging hits line file:N, emit a  stack
253       trace
254
255
256       --log-cadvisor-usage=false       Whether to log the usage of the cAdvi‐
257       sor container
258
259
260       --log-dir=""      If non-empty, write log files in this directory
261
262
263       --log-file=""      If non-empty, use this log file
264
265
266       --log-file-max-size=1800      Defines the maximum size a log  file  can
267       grow to. Unit is megabytes. If the value is 0, the maximum file size is
268       unlimited.
269
270
271       --log-flush-frequency=5s      Maximum number  of  seconds  between  log
272       flushes
273
274
275       --logtostderr=true      log to standard error instead of files
276
277
278       --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
279            Comma-separated list of files to check  for  machine-id.  Use  the
280       first one that exists.
281
282
283       --match-server-version=false        Require  server  version  to  match
284       client version
285
286
287       -n, --namespace=""      If present, the namespace scope  for  this  CLI
288       request
289
290
291       --one-output=false      If true, only write logs to their native sever‐
292       ity level (vs also writing to each lower severity level)
293
294
295       --password=""      Password for basic authentication to the API server
296
297
298       --profile="none"        Name   of   profile   to   capture.   One    of
299       (none|cpu|heap|goroutine|threadcreate|block|mutex)
300
301
302       --profile-output="profile.pprof"       Name  of  the  file to write the
303       profile to
304
305
306       --referenced-reset-interval=0      Reset interval for referenced  bytes
307       (container_referenced_bytes metric), number of measurement cycles after
308       which referenced bytes are cleared, if set to 0  referenced  bytes  are
309       never cleared (default: 0)
310
311
312       --request-timeout="0"       The length of time to wait before giving up
313       on a single server request. Non-zero values  should  contain  a  corre‐
314       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
315       out requests.
316
317
318       -s, --server=""      The address and port of the Kubernetes API server
319
320
321       --skip-headers=false      If true, avoid header  prefixes  in  the  log
322       messages
323
324
325       --skip-log-headers=false       If  true, avoid headers when opening log
326       files
327
328
329       --stderrthreshold=2      logs at or above this threshold go to stderr
330
331
332       --storage-driver-buffer-duration=1m0s      Writes in the storage driver
333       will  be  buffered  for  this duration, and committed to the non memory
334       backends as a single transaction
335
336
337       --storage-driver-db="cadvisor"      database name
338
339
340       --storage-driver-host="localhost:8086"      database host:port
341
342
343       --storage-driver-password="root"      database password
344
345
346       --storage-driver-secure=false      use secure connection with database
347
348
349       --storage-driver-table="stats"      table name
350
351
352       --storage-driver-user="root"      database username
353
354
355       --tls-server-name=""      Server name to  use  for  server  certificate
356       validation.  If  it  is  not provided, the hostname used to contact the
357       server is used
358
359
360       --token=""      Bearer token for authentication to the API server
361
362
363       --update-machine-info-interval=5m0s      Interval between machine  info
364       updates.
365
366
367       --user=""      The name of the kubeconfig user to use
368
369
370       --username=""      Username for basic authentication to the API server
371
372
373       -v, --v=0      number for the log level verbosity
374
375
376       --version=false      Print version information and quit
377
378
379       --vmodule=        comma-separated   list   of  pattern=N  settings  for
380       file-filtered logging
381
382
383       --warnings-as-errors=false      Treat warnings received from the server
384       as errors and exit with a non-zero exit code
385
386
387

EXAMPLE

389                # If you don't already have a .dockercfg file, you can create a dockercfg secret directly by using:
390                kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
391
392                # Create a new secret named my-secret from  /.docker/config.json
393                kubectl create secret docker-registry my-secret --from-file=.dockerconfigjson=path/to/.docker/config.json
394
395
396
397

SEE ALSO

399       kubectl-create-secret(1),
400
401
402

HISTORY

404       January  2015,  Originally compiled by Eric Paris (eparis at redhat dot
405       com) based on the kubernetes source material, but hopefully  they  have
406       been automatically generated since!
407
408
409
410Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum