1OC CREATE SECRET(1)                June 2016               OC CREATE SECRET(1)
2
3
4

NAME

6       oc  create  secret  docker-registry  -  Create  a secret for use with a
7       Docker registry
8
9
10

SYNOPSIS

12       oc create secret docker-registry [OPTIONS]
13
14
15

DESCRIPTION

17       Create a new secret for use with Docker registries.
18
19
20       Dockercfg secrets are used to authenticate against Docker registries.
21
22
23       When using the Docker command line to push images, you can authenticate
24       to  a given registry by running: '$ docker login DOCKER REGISTRY SERVER
25       --username=DOCKER  USER   --password=DOCKER   PASSWORD   --email=DOCKER
26       _EMAIL'.
27
28
29       That  produces  a   /.dockercfg file that is used by subsequent 'docker
30       push' and 'docker pull' commands to authenticate to the  registry.  The
31       email address is optional.
32
33
34       When  creating  applications,  you  may have a Docker registry that re‐
35       quires authentication.  In order for the nodes to pull images  on  your
36       behalf, they have to have the credentials.  You can provide this infor‐
37       mation by creating a dockercfg secret and attaching it to your  service
38       account.
39
40
41

OPTIONS

43       --allow-missing-template-keys=true
44           If  true, ignore any errors in templates when a field or map key is
45       missing in the template. Only applies to  golang  and  jsonpath  output
46       formats.
47
48
49       --append-hash=false
50           Append a hash of the secret to its name.
51
52
53       --docker-email=""
54           Email for Docker registry
55
56
57       --docker-password=""
58           Password for Docker registry authentication
59
60
61       --docker-server=" ⟨https://index.docker.io/v1/"⟩
62           Server location for Docker registry
63
64
65       --docker-username=""
66           Username for Docker registry authentication
67
68
69       --dry-run=false
70           If  true, only print the object that would be sent, without sending
71       it.
72
73
74       --from-file=[]
75           Key files can be specified using their file path, in which  case  a
76       default  name will be given to them, or optionally with a name and file
77       path, in which case the given name will be used.  Specifying  a  direc‐
78       tory  will iterate each named file in the directory that is a valid se‐
79       cret key.
80
81
82       --generator="secret-for-docker-registry/v1"
83           The name of the API generator to use.
84
85
86       -o, --output=""
87           Output   format.   One    of:    json|yaml|name|go-template|go-tem‐
88       plate-file|templatefile|template|jsonpath|jsonpath-file.
89
90
91       --save-config=false
92           If  true,  the configuration of current object will be saved in its
93       annotation. Otherwise, the annotation will be unchanged. This  flag  is
94       useful when you want to perform kubectl apply on this object in the fu‐
95       ture.
96
97
98       --template=""
99           Template string or path to template file  to  use  when  -o=go-tem‐
100       plate,  -o=go-template-file.  The template format is golang templates [
101http://golang.org/pkg/text/template/#pkg-overview⟩].
102
103
104       --validate=false
105           If true, use a schema to validate the input before sending it
106
107
108

OPTIONS INHERITED FROM PARENT COMMANDS

110       --allow_verification_with_non_compliant_keys=false
111           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
112       non-compliant with RFC6962.
113
114
115       --alsologtostderr=false
116           log to standard error as well as files
117
118
119       --application_metrics_count_limit=100
120           Max number of application metrics to store (per container)
121
122
123       --as=""
124           Username to impersonate for the operation
125
126
127       --as-group=[]
128           Group  to  impersonate for the operation, this flag can be repeated
129       to specify multiple groups.
130
131
132       --azure-container-registry-config=""
133           Path to the file containing Azure container registry  configuration
134       information.
135
136
137       --boot_id_file="/proc/sys/kernel/random/boot_id"
138           Comma-separated  list  of files to check for boot-id. Use the first
139       one that exists.
140
141
142       --cache-dir="/builddir/.kube/http-cache"
143           Default HTTP cache directory
144
145
146       --certificate-authority=""
147           Path to a cert file for the certificate authority
148
149
150       --client-certificate=""
151           Path to a client certificate file for TLS
152
153
154       --client-key=""
155           Path to a client key file for TLS
156
157
158       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
159           CIDRs opened in GCE firewall for LB traffic proxy  health checks
160
161
162       --cluster=""
163           The name of the kubeconfig cluster to use
164
165
166       --container_hints="/etc/cadvisor/container_hints.json"
167           location of the container hints file
168
169
170       --containerd="unix:///var/run/containerd.sock"
171           containerd endpoint
172
173
174       --context=""
175           The name of the kubeconfig context to use
176
177
178       --default-not-ready-toleration-seconds=300
179           Indicates    the    tolerationSeconds   of   the   toleration   for
180       notReady:NoExecute that is added by default to every pod that does  not
181       already have such a toleration.
182
183
184       --default-unreachable-toleration-seconds=300
185           Indicates  the  tolerationSeconds  of  the  toleration for unreach‐
186       able:NoExecute that is added by default to every pod that does not  al‐
187       ready have such a toleration.
188
189
190       --docker="unix:///var/run/docker.sock"
191           docker endpoint
192
193
194       --docker-tls=false
195           use TLS to connect to docker
196
197
198       --docker-tls-ca="ca.pem"
199           path to trusted CA
200
201
202       --docker-tls-cert="cert.pem"
203           path to client certificate
204
205
206       --docker-tls-key="key.pem"
207           path to private key
208
209
210       --docker_env_metadata_whitelist=""
211           a  comma-separated  list of environment variable keys that needs to
212       be collected for docker containers
213
214
215       --docker_only=false
216           Only report docker containers in addition to root stats
217
218
219       --docker_root="/var/lib/docker"
220           DEPRECATED: docker root is read from docker info (this is  a  fall‐
221       back, default: /var/lib/docker)
222
223
224       --enable_load_reader=false
225           Whether to enable cpu load reader
226
227
228       --event_storage_age_limit="default=24h"
229           Max length of time for which to store events (per type). Value is a
230       comma separated list of key values, where  the  keys  are  event  types
231       (e.g.: creation, oom) or "default" and the value is a duration. Default
232       is applied to all non-specified event types
233
234
235       --event_storage_event_limit="default=100000"
236           Max number of events to store (per type). Value is  a  comma  sepa‐
237       rated  list  of  key values, where the keys are event types (e.g.: cre‐
238       ation, oom) or "default" and the value is an integer.  Default  is  ap‐
239       plied to all non-specified event types
240
241
242       --global_housekeeping_interval=0
243           Interval between global housekeepings
244
245
246       --housekeeping_interval=0
247           Interval between container housekeepings
248
249
250       --insecure-skip-tls-verify=false
251           If true, the server's certificate will not be checked for validity.
252       This will make your HTTPS connections insecure
253
254
255       --kubeconfig=""
256           Path to the kubeconfig file to use for CLI requests.
257
258
259       --log-flush-frequency=0
260           Maximum number of seconds between log flushes
261
262
263       --log_backtrace_at=:0
264           when logging hits line file:N, emit a stack trace
265
266
267       --log_cadvisor_usage=false
268           Whether to log the usage of the cAdvisor container
269
270
271       --log_dir=""
272           If non-empty, write log files in this directory
273
274
275       --logtostderr=true
276           log to standard error instead of files
277
278
279       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
280           Comma-separated list of files to  check  for  machine-id.  Use  the
281       first one that exists.
282
283
284       --match-server-version=false
285           Require server version to match client version
286
287
288       -n, --namespace=""
289           If present, the namespace scope for this CLI request
290
291
292       --request-timeout="0"
293           The  length of time to wait before giving up on a single server re‐
294       quest. Non-zero values should contain a corresponding time  unit  (e.g.
295       1s, 2m, 3h). A value of zero means don't timeout requests.
296
297
298       -s, --server=""
299           The address and port of the Kubernetes API server
300
301
302       --stderrthreshold=2
303           logs at or above this threshold go to stderr
304
305
306       --storage_driver_buffer_duration=0
307           Writes  in  the  storage driver will be buffered for this duration,
308       and committed to the non memory backends as a single transaction
309
310
311       --storage_driver_db="cadvisor"
312           database name
313
314
315       --storage_driver_host="localhost:8086"
316           database host:port
317
318
319       --storage_driver_password="root"
320           database password
321
322
323       --storage_driver_secure=false
324           use secure connection with database
325
326
327       --storage_driver_table="stats"
328           table name
329
330
331       --storage_driver_user="root"
332           database username
333
334
335       --token=""
336           Bearer token for authentication to the API server
337
338
339       --user=""
340           The name of the kubeconfig user to use
341
342
343       -v, --v=0
344           log level for V logs
345
346
347       --version=false
348           Print version information and quit
349
350
351       --vmodule=
352           comma-separated list of pattern=N settings for  file-filtered  log‐
353       ging
354
355
356

EXAMPLE

358                # If you don't already have a .dockercfg file, you can create a dockercfg secret directly by using:
359                oc create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
360
361
362
363

SEE ALSO

365       oc-create-secret(1),
366
367
368

HISTORY

370       June 2016, Ported from the Kubernetes man-doc generator
371
372
373
374Openshift                  Openshift CLI User Manuals      OC CREATE SECRET(1)
Impressum