kubectl-create-secret-docker-registry(1)

1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl  create secret docker-registry - Create a secret for use with a
10       Docker registry
11
12
13

SYNOPSIS

15       kubectl create secret docker-registry [OPTIONS]
16
17
18

DESCRIPTION

20       Create a new secret for use with Docker registries.
21
22
23       Dockercfg secrets are used to authenticate against Docker registries.
24
25
26       When using the Docker command line to push images, you can authenticate
27       to a given registry by running:
28             '$  docker  login  DOCKER_REGISTRY_SERVER  --username=DOCKER_USER
29       --password=DOCKER_PASSWORD --email=DOCKER_EMAIL'.
30
31
32       That produces a ~/.dockercfg file that is used  by  subsequent  'docker
33       push'  and  'docker pull' commands to authenticate to the registry. The
34       email address is optional.
35
36
37       When creating applications, you may have a  Docker  registry  that  re‐
38       quires authentication.  In order for the
39         nodes  to pull images on your behalf, they must have the credentials.
40       You can provide this information
41         by creating a dockercfg secret and attaching it to your  service  ac‐
42       count.
43
44
45

OPTIONS

47       --allow-missing-template-keys=true       If  true, ignore any errors in
48       templates when a field or map key is missing in the template. Only  ap‐
49       plies to golang and jsonpath output formats.
50
51
52       --append-hash=false      Append a hash of the secret to its name.
53
54
55       --docker-email=""      Email for Docker registry
56
57
58       --docker-password=""      Password for Docker registry authentication
59
60
61       --docker-server="https://index.docker.io/v1/"       Server location for
62       Docker registry
63
64
65       --docker-username=""      Username for Docker registry authentication
66
67
68       --dry-run="none"      Must be "none", "server", or "client". If  client
69       strategy, only print the object that would be sent, without sending it.
70       If server strategy, submit server-side request without  persisting  the
71       resource.
72
73
74       --field-manager="kubectl-create"      Name of the manager used to track
75       field ownership.
76
77
78       --from-file=[]      Key files can be specified using their  file  path,
79       in  which case a default name will be given to them, or optionally with
80       a name and file path, in which case the given name will be used.  Spec‐
81       ifying  a  directory will iterate each named file in the directory that
82       is a valid secret key.
83
84
85       -o, --output=""      Output format. One of: (json, yaml, name,  go-tem‐
86       plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
87       json, jsonpath-file).
88
89
90       --save-config=false      If true, the configuration of  current  object
91       will  be saved in its annotation. Otherwise, the annotation will be un‐
92       changed. This flag is useful when you want to perform kubectl apply  on
93       this object in the future.
94
95
96       --show-managed-fields=false       If  true, keep the managedFields when
97       printing objects in JSON or YAML format.
98
99
100       --template=""      Template string or path to template file to use when
101       -o=go-template, -o=go-template-file. The template format is golang tem‐
102       plates [http://golang.org/pkg/text/template/#pkg-overview].
103
104
105       --validate="strict"      Must be one of: strict (or true), warn, ignore
106       (or false).            "true" or "strict" will use a schema to validate
107       the input and fail the request if invalid. It will perform server  side
108       validation  if  ServerSideFieldValidation is enabled on the api-server,
109       but will fall back to less  reliable  client-side  validation  if  not.
110                 "warn"  will  warn  about unknown or duplicate fields without
111       blocking the request if server-side field validation is enabled on  the
112       API  server,  and  behave  as "ignore" otherwise.            "false" or
113       "ignore" will not perform any schema validation, silently dropping  any
114       unknown or duplicate fields.
115
116
117

OPTIONS INHERITED FROM PARENT COMMANDS

119       --as=""      Username to impersonate for the operation. User could be a
120       regular user or a service account in a namespace.
121
122
123       --as-group=[]      Group to impersonate for the  operation,  this  flag
124       can be repeated to specify multiple groups.
125
126
127       --as-uid=""      UID to impersonate for the operation.
128
129
130       --azure-container-registry-config=""       Path  to the file containing
131       Azure container registry configuration information.
132
133
134       --cache-dir="/builddir/.kube/cache"      Default cache directory
135
136
137       --certificate-authority=""      Path to a cert file for the certificate
138       authority
139
140
141       --client-certificate=""      Path to a client certificate file for TLS
142
143
144       --client-key=""      Path to a client key file for TLS
145
146
147       --cluster=""      The name of the kubeconfig cluster to use
148
149
150       --context=""      The name of the kubeconfig context to use
151
152
153       --insecure-skip-tls-verify=false      If true, the server's certificate
154       will not be checked for validity. This will make your HTTPS connections
155       insecure
156
157
158       --kubeconfig=""       Path  to  the  kubeconfig file to use for CLI re‐
159       quests.
160
161
162       --match-server-version=false       Require  server  version  to   match
163       client version
164
165
166       -n,  --namespace=""       If  present, the namespace scope for this CLI
167       request
168
169
170       --password=""      Password for basic authentication to the API server
171
172
173       --profile="none"        Name   of   profile   to   capture.   One    of
174       (none|cpu|heap|goroutine|threadcreate|block|mutex)
175
176
177       --profile-output="profile.pprof"       Name  of  the  file to write the
178       profile to
179
180
181       --request-timeout="0"      The length of time to wait before giving  up
182       on  a  single  server  request. Non-zero values should contain a corre‐
183       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
184       out requests.
185
186
187       -s, --server=""      The address and port of the Kubernetes API server
188
189
190       --tls-server-name=""       Server  name  to  use for server certificate
191       validation. If it is not provided, the hostname  used  to  contact  the
192       server is used
193
194
195       --token=""      Bearer token for authentication to the API server
196
197
198       --user=""      The name of the kubeconfig user to use
199
200
201       --username=""      Username for basic authentication to the API server
202
203
204       --version=false      Print version information and quit
205
206
207       --warnings-as-errors=false      Treat warnings received from the server
208       as errors and exit with a non-zero exit code
209
210
211

EXAMPLE

213                # If you don't already have a .dockercfg file, you can create a dockercfg secret directly by using:
214                kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
215
216                # Create a new secret named my-secret from ~/.docker/config.json
217                kubectl create secret docker-registry my-secret --from-file=.dockerconfigjson=path/to/.docker/config.json
218
219
220
221

HISTORY

228       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
229       com)  based  on the kubernetes source material, but hopefully they have
230       been automatically generated since!
231
232
233
234Manuals                              User            KUBERNETES(1)(kubernetes)