1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kubectl create secret docker-registry - Create a secret for use with a
10 Docker registry
11
12
13
15 kubectl create secret docker-registry [OPTIONS]
16
17
18
20 Create a new secret for use with Docker registries.
21
22
23 Dockercfg secrets are used to authenticate against Docker registries.
24
25
26 When using the Docker command line to push images, you can authenticate
27 to a given registry by running:
28 '$ docker login DOCKER_REGISTRY_SERVER --username=DOCKER_USER
29 --password=DOCKER_PASSWORD --email=DOCKER_EMAIL'.
30
31
32 That produces a ~/.dockercfg file that is used by subsequent 'docker
33 push' and 'docker pull' commands to authenticate to the registry. The
34 email address is optional.
35
36
37 When creating applications, you may have a Docker registry that re‐
38 quires authentication. In order for the
39 nodes to pull images on your behalf, they must have the credentials.
40 You can provide this information
41 by creating a dockercfg secret and attaching it to your service ac‐
42 count.
43
44
45
47 --allow-missing-template-keys=true If true, ignore any errors in
48 templates when a field or map key is missing in the template. Only ap‐
49 plies to golang and jsonpath output formats.
50
51
52 --append-hash=false Append a hash of the secret to its name.
53
54
55 --docker-email="" Email for Docker registry
56
57
58 --docker-password="" Password for Docker registry authentication
59
60
61 --docker-server="https://index.docker.io/v1/" Server location for
62 Docker registry
63
64
65 --docker-username="" Username for Docker registry authentication
66
67
68 --dry-run="none" Must be "none", "server", or "client". If client
69 strategy, only print the object that would be sent, without sending it.
70 If server strategy, submit server-side request without persisting the
71 resource.
72
73
74 --field-manager="kubectl-create" Name of the manager used to track
75 field ownership.
76
77
78 --from-file=[] Key files can be specified using their file path,
79 in which case a default name will be given to them, or optionally with
80 a name and file path, in which case the given name will be used. Spec‐
81 ifying a directory will iterate each named file in the directory that
82 is a valid secret key.
83
84
85 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
86 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
87 json, jsonpath-file).
88
89
90 --save-config=false If true, the configuration of current object
91 will be saved in its annotation. Otherwise, the annotation will be un‐
92 changed. This flag is useful when you want to perform kubectl apply on
93 this object in the future.
94
95
96 --show-managed-fields=false If true, keep the managedFields when
97 printing objects in JSON or YAML format.
98
99
100 --template="" Template string or path to template file to use when
101 -o=go-template, -o=go-template-file. The template format is golang tem‐
102 plates [http://golang.org/pkg/text/template/#pkg-overview].
103
104
105 --validate="strict" Must be one of: strict (or true), warn, ignore
106 (or false). "true" or "strict" will use a schema to validate
107 the input and fail the request if invalid. It will perform server side
108 validation if ServerSideFieldValidation is enabled on the api-server,
109 but will fall back to less reliable client-side validation if not.
110 "warn" will warn about unknown or duplicate fields without
111 blocking the request if server-side field validation is enabled on the
112 API server, and behave as "ignore" otherwise. "false" or
113 "ignore" will not perform any schema validation, silently dropping any
114 unknown or duplicate fields.
115
116
117
119 --as="" Username to impersonate for the operation. User could be a
120 regular user or a service account in a namespace.
121
122
123 --as-group=[] Group to impersonate for the operation, this flag
124 can be repeated to specify multiple groups.
125
126
127 --as-uid="" UID to impersonate for the operation.
128
129
130 --azure-container-registry-config="" Path to the file containing
131 Azure container registry configuration information.
132
133
134 --cache-dir="/builddir/.kube/cache" Default cache directory
135
136
137 --certificate-authority="" Path to a cert file for the certificate
138 authority
139
140
141 --client-certificate="" Path to a client certificate file for TLS
142
143
144 --client-key="" Path to a client key file for TLS
145
146
147 --cluster="" The name of the kubeconfig cluster to use
148
149
150 --context="" The name of the kubeconfig context to use
151
152
153 --insecure-skip-tls-verify=false If true, the server's certificate
154 will not be checked for validity. This will make your HTTPS connections
155 insecure
156
157
158 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
159 quests.
160
161
162 --match-server-version=false Require server version to match
163 client version
164
165
166 -n, --namespace="" If present, the namespace scope for this CLI
167 request
168
169
170 --password="" Password for basic authentication to the API server
171
172
173 --profile="none" Name of profile to capture. One of
174 (none|cpu|heap|goroutine|threadcreate|block|mutex)
175
176
177 --profile-output="profile.pprof" Name of the file to write the
178 profile to
179
180
181 --request-timeout="0" The length of time to wait before giving up
182 on a single server request. Non-zero values should contain a corre‐
183 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
184 out requests.
185
186
187 -s, --server="" The address and port of the Kubernetes API server
188
189
190 --tls-server-name="" Server name to use for server certificate
191 validation. If it is not provided, the hostname used to contact the
192 server is used
193
194
195 --token="" Bearer token for authentication to the API server
196
197
198 --user="" The name of the kubeconfig user to use
199
200
201 --username="" Username for basic authentication to the API server
202
203
204 --version=false Print version information and quit
205
206
207 --warnings-as-errors=false Treat warnings received from the server
208 as errors and exit with a non-zero exit code
209
210
211
213 # If you don't already have a .dockercfg file, you can create a dockercfg secret directly by using:
214 kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
215
216 # Create a new secret named my-secret from ~/.docker/config.json
217 kubectl create secret docker-registry my-secret --from-file=.dockerconfigjson=path/to/.docker/config.json
218
219
220
221
223 kubectl-create-secret(1),
224
225
226
228 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
229 com) based on the kubernetes source material, but hopefully they have
230 been automatically generated since!
231
232
233
234Manuals User KUBERNETES(1)(kubernetes)