Search code examples
dockerkubernetesdocker-registrykubernetes-secrets

Create kubernetes docker-registry secret from yaml file?

I can run this command to create a docker registry secret for a kubernetes cluster:

kubectl create secret docker-registry regsecret \
--docker-server=docker.example.com \
--docker-username=kube \
--docker-password=PW_STRING \
--docker-email=my@email.com \
--namespace mynamespace

I would like to create the same secret from a YAML file. Does anyone know how this can be set in a YAML file?

I need this as a YAML file so that it can be used as a Helm template, which allows for a Helm install command such as this (simplified) one:

helm install ... --set docker.user=peter,docker.pw=foobar,docker.email=...
Solution

  • You can write that yaml by yourself, but it will be faster to create it in 2 steps using kubectl:

    1. Generate a 'yaml' file. You can use the same command but in dry-run mode and output mode yaml.

    Here is an example of a command that will save a secret into a 'docker-secret.yaml' file for kubectl version < 1.18 (check the version by kubectl version --short|grep Client):

    kubectl create secret docker-registry --dry-run=true $secret_name \
  --docker-server=<DOCKER_REGISTRY_SERVER> \
  --docker-username=<DOCKER_USER> \
  --docker-password=<DOCKER_PASSWORD> \
  --docker-email=<DOCKER_EMAIL> -o yaml > docker-secret.yaml

    For kubectl version >= 1.18:

    kubectl create secret docker-registry --dry-run=client $secret_name \
  --docker-server=<DOCKER_REGISTRY_SERVER> \
  --docker-username=<DOCKER_USER> \
  --docker-password=<DOCKER_PASSWORD> \
  --docker-email=<DOCKER_EMAIL> -o yaml > docker-secret.yaml

    1. You can apply the file like any other Kubernetes 'yaml':

      kubectl apply -f docker-secret.yaml

    UPD, as a question has been updated.

    If you are using Helm, here is an official documentation about how to create an ImagePullSecret.

    From a doc:

    1. First, assume that the credentials are defined in the values.yaml file like so:
    imageCredentials:
  registry: quay.io
  username: someone
  password: sillyness
    1. We then define our helper template as follows:
    {{- define "imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }}
{{- end }}
    1. Finally, we use the helper template in a larger template to create the Secret manifest:
    apiVersion: v1
kind: Secret
metadata:
  name: myregistrykey
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: {{ template "imagePullSecret" . }}