1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kubectl create secret docker-registry - Create a secret for use with a
10 Docker registry
11
12
13
15 kubectl create secret docker-registry [OPTIONS]
16
17
18
20 Create a new secret for use with Docker registries.
21
22
23 Dockercfg secrets are used to authenticate against Docker registries.
24
25
26 When using the Docker command line to push images, you can authenticate
27 to a given registry by running:
28 '$ docker login DOCKER_REGISTRY_SERVER --username=DOCKER_USER
29 --password=DOCKER_PASSWORD --email=DOCKER_EMAIL'.
30
31
32 That produces a /.dockercfg file that is used by subsequent 'docker
33 push' and 'docker pull' commands to authenticate to the registry. The
34 email address is optional.
35
36
37 When creating applications, you may have a Docker registry that re‐
38 quires authentication. In order for the
39 nodes to pull images on your behalf, they have to have the creden‐
40 tials. You can provide this information
41 by creating a dockercfg secret and attaching it to your service ac‐
42 count.
43
44
45
47 --allow-missing-template-keys=true If true, ignore any errors in
48 templates when a field or map key is missing in the template. Only ap‐
49 plies to golang and jsonpath output formats.
50
51
52 --append-hash=false Append a hash of the secret to its name.
53
54
55 --docker-email="" Email for Docker registry
56
57
58 --docker-password="" Password for Docker registry authentication
59
60
61 --docker-server="https://index.docker.io/v1/" Server location for
62 Docker registry
63
64
65 --docker-username="" Username for Docker registry authentication
66
67
68 --dry-run="none" Must be "none", "server", or "client". If client
69 strategy, only print the object that would be sent, without sending it.
70 If server strategy, submit server-side request without persisting the
71 resource.
72
73
74 --field-manager="kubectl-create" Name of the manager used to track
75 field ownership.
76
77
78 --from-file=[] Key files can be specified using their file path,
79 in which case a default name will be given to them, or optionally with
80 a name and file path, in which case the given name will be used. Spec‐
81 ifying a directory will iterate each named file in the directory that
82 is a valid secret key.
83
84
85 -o, --output="" Output format. One of: json|yaml|name|go-tem‐
86 plate|go-template-file|template|templatefile|jsonpath|json‐
87 path-as-json|jsonpath-file.
88
89
90 --save-config=false If true, the configuration of current object
91 will be saved in its annotation. Otherwise, the annotation will be un‐
92 changed. This flag is useful when you want to perform kubectl apply on
93 this object in the future.
94
95
96 --show-managed-fields=false If true, keep the managedFields when
97 printing objects in JSON or YAML format.
98
99
100 --template="" Template string or path to template file to use when
101 -o=go-template, -o=go-template-file. The template format is golang tem‐
102 plates [http://golang.org/pkg/text/template/#pkg-overview].
103
104
105 --validate=true If true, use a schema to validate the input before
106 sending it
107
108
109
111 --add-dir-header=false If true, adds the file directory to the
112 header of the log messages
113
114
115 --alsologtostderr=false log to standard error as well as files
116
117
118 --application-metrics-count-limit=100 Max number of application
119 metrics to store (per container)
120
121
122 --as="" Username to impersonate for the operation
123
124
125 --as-group=[] Group to impersonate for the operation, this flag
126 can be repeated to specify multiple groups.
127
128
129 --azure-container-registry-config="" Path to the file containing
130 Azure container registry configuration information.
131
132
133 --boot-id-file="/proc/sys/kernel/random/boot_id" Comma-separated
134 list of files to check for boot-id. Use the first one that exists.
135
136
137 --cache-dir="/builddir/.kube/cache" Default cache directory
138
139
140 --certificate-authority="" Path to a cert file for the certificate
141 authority
142
143
144 --client-certificate="" Path to a client certificate file for TLS
145
146
147 --client-key="" Path to a client key file for TLS
148
149
150 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
151 CIDRs opened in GCE firewall for L7 LB traffic proxy health
152 checks
153
154
155 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
156 CIDRs opened in GCE firewall for L4 LB traffic proxy health
157 checks
158
159
160 --cluster="" The name of the kubeconfig cluster to use
161
162
163 --container-hints="/etc/cadvisor/container_hints.json" location of
164 the container hints file
165
166
167 --containerd="/run/containerd/containerd.sock" containerd endpoint
168
169
170 --containerd-namespace="k8s.io" containerd namespace
171
172
173 --context="" The name of the kubeconfig context to use
174
175
176 --default-not-ready-toleration-seconds=300 Indicates the tolera‐
177 tionSeconds of the toleration for notReady:NoExecute that is added by
178 default to every pod that does not already have such a toleration.
179
180
181 --default-unreachable-toleration-seconds=300 Indicates the tolera‐
182 tionSeconds of the toleration for unreachable:NoExecute that is added
183 by default to every pod that does not already have such a toleration.
184
185
186 --disable-root-cgroup-stats=false Disable collecting root Cgroup
187 stats
188
189
190 --docker="unix:///var/run/docker.sock" docker endpoint
191
192
193 --docker-env-metadata-whitelist="" a comma-separated list of envi‐
194 ronment variable keys matched with specified prefix that needs to be
195 collected for docker containers
196
197
198 --docker-only=false Only report docker containers in addition to
199 root stats
200
201
202 --docker-root="/var/lib/docker" DEPRECATED: docker root is read
203 from docker info (this is a fallback, default: /var/lib/docker)
204
205
206 --docker-tls=false use TLS to connect to docker
207
208
209 --docker-tls-ca="ca.pem" path to trusted CA
210
211
212 --docker-tls-cert="cert.pem" path to client certificate
213
214
215 --docker-tls-key="key.pem" path to private key
216
217
218 --enable-load-reader=false Whether to enable cpu load reader
219
220
221 --event-storage-age-limit="default=0" Max length of time for which
222 to store events (per type). Value is a comma separated list of key val‐
223 ues, where the keys are event types (e.g.: creation, oom) or "default"
224 and the value is a duration. Default is applied to all non-specified
225 event types
226
227
228 --event-storage-event-limit="default=0" Max number of events to
229 store (per type). Value is a comma separated list of key values, where
230 the keys are event types (e.g.: creation, oom) or "default" and the
231 value is an integer. Default is applied to all non-specified event
232 types
233
234
235 --global-housekeeping-interval=1m0s Interval between global house‐
236 keepings
237
238
239 --housekeeping-interval=10s Interval between container housekeep‐
240 ings
241
242
243 --insecure-skip-tls-verify=false If true, the server's certificate
244 will not be checked for validity. This will make your HTTPS connections
245 insecure
246
247
248 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
249 quests.
250
251
252 --log-backtrace-at=:0 when logging hits line file:N, emit a stack
253 trace
254
255
256 --log-cadvisor-usage=false Whether to log the usage of the cAdvi‐
257 sor container
258
259
260 --log-dir="" If non-empty, write log files in this directory
261
262
263 --log-file="" If non-empty, use this log file
264
265
266 --log-file-max-size=1800 Defines the maximum size a log file can
267 grow to. Unit is megabytes. If the value is 0, the maximum file size is
268 unlimited.
269
270
271 --log-flush-frequency=5s Maximum number of seconds between log
272 flushes
273
274
275 --logtostderr=true log to standard error instead of files
276
277
278 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
279 Comma-separated list of files to check for machine-id. Use the
280 first one that exists.
281
282
283 --match-server-version=false Require server version to match
284 client version
285
286
287 -n, --namespace="" If present, the namespace scope for this CLI
288 request
289
290
291 --one-output=false If true, only write logs to their native sever‐
292 ity level (vs also writing to each lower severity level)
293
294
295 --password="" Password for basic authentication to the API server
296
297
298 --profile="none" Name of profile to capture. One of
299 (none|cpu|heap|goroutine|threadcreate|block|mutex)
300
301
302 --profile-output="profile.pprof" Name of the file to write the
303 profile to
304
305
306 --referenced-reset-interval=0 Reset interval for referenced bytes
307 (container_referenced_bytes metric), number of measurement cycles after
308 which referenced bytes are cleared, if set to 0 referenced bytes are
309 never cleared (default: 0)
310
311
312 --request-timeout="0" The length of time to wait before giving up
313 on a single server request. Non-zero values should contain a corre‐
314 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
315 out requests.
316
317
318 -s, --server="" The address and port of the Kubernetes API server
319
320
321 --skip-headers=false If true, avoid header prefixes in the log
322 messages
323
324
325 --skip-log-headers=false If true, avoid headers when opening log
326 files
327
328
329 --stderrthreshold=2 logs at or above this threshold go to stderr
330
331
332 --storage-driver-buffer-duration=1m0s Writes in the storage driver
333 will be buffered for this duration, and committed to the non memory
334 backends as a single transaction
335
336
337 --storage-driver-db="cadvisor" database name
338
339
340 --storage-driver-host="localhost:8086" database host:port
341
342
343 --storage-driver-password="root" database password
344
345
346 --storage-driver-secure=false use secure connection with database
347
348
349 --storage-driver-table="stats" table name
350
351
352 --storage-driver-user="root" database username
353
354
355 --tls-server-name="" Server name to use for server certificate
356 validation. If it is not provided, the hostname used to contact the
357 server is used
358
359
360 --token="" Bearer token for authentication to the API server
361
362
363 --update-machine-info-interval=5m0s Interval between machine info
364 updates.
365
366
367 --user="" The name of the kubeconfig user to use
368
369
370 --username="" Username for basic authentication to the API server
371
372
373 -v, --v=0 number for the log level verbosity
374
375
376 --version=false Print version information and quit
377
378
379 --vmodule= comma-separated list of pattern=N settings for
380 file-filtered logging
381
382
383 --warnings-as-errors=false Treat warnings received from the server
384 as errors and exit with a non-zero exit code
385
386
387
389 # If you don't already have a .dockercfg file, you can create a dockercfg secret directly by using:
390 kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
391
392 # Create a new secret named my-secret from /.docker/config.json
393 kubectl create secret docker-registry my-secret --from-file=.dockerconfigjson=path/to/.docker/config.json
394
395
396
397
399 kubectl-create-secret(1),
400
401
402
404 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
405 com) based on the kubernetes source material, but hopefully they have
406 been automatically generated since!
407
408
409
410Manuals User KUBERNETES(1)(kubernetes)