Creating docker-registry secret using a YAML file

Hi Kubernauts

How can I create a docker-registry secret using a yaml file?

I’ve already created from CLI using kubectl of this way:

kubectl create secret docker-registry regcred --docker-server=my-container-registry-url --docker-username=my-username --docker-password=my-password --docker-email=my-email 

But my idea is create it from a YAML file, because I want to automate this secret creation process from Helm as a pre-install process.
So that I am trying to create it of this way from this file …

apiVersion: v1
kind: Secret
metadata:
  annotations:
    "helm.sh/hook": pre-install
    "helm.sh/hook-delete-policy": "before-hook-creation"
  name: regcred
type: kubernetes.io/dockercfg
data:
  dockerRegistry: my-container-registry-url
  dockerId: my-username
  dockerPassword: my-password

But I have the following output:

2019-07-04T14:23:42.1614520Z ##[error]Error: Secret "regcred" is invalid: data[.dockercfg]: Required value

How can I create it, I mean what type attribute should I include instead of type: kubernetes.io/dockercfg ?

I honestly don’t remember.

But, I think you can you create it from the command line, as you shown, and then do kubectl get secret to see them and then kubectl get secret -o yaml to show the yaml you can use to create it :slight_smile:

You’ll have to generate a docker config.json behind the scenes I think. There are some docs that show the secret format here. Once you have the config.json you encode that and put that into the secret.

apiVersion: v1
kind: Secret
metadata:
  name: myregistrykey
  namespace: awesomeapps
data:
  .dockerconfigjson: UmVhbGx5IHJlYWxseSByZWVlZWVlZWVlZWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGx5eXl5eXl5eXl5eXl5eXl5eXl5eSBsbGxsbGxsbGxsbGxsbG9vb29vb29vb29vb29vb29vb29vb29vb29vb25ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubmdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2cgYXV0aCBrZXlzCg==
type: kubernetes.io/dockerconfigjson

It’s all detailed here. https://blog.cloudhelix.io/using-a-private-docker-registry-with-kubernetes-f8d5f6b8f646

1 Like

Hi, but it’s possible enable an insecure registry and pull image? I have a docker-registry in my private network, i made the certificate with openssl, but when i try to create a pod gave me the error x509?
Any sugestions?

Hi ,
You can try this command to get yaml file (file-name.yaml)

kubectl create secret docker-registry regcred --docker-server=my-container-registry-url --docker-username=my-username --docker-password=my-password --docker-email=my-email -o yaml --dry-run=client > file-name.yaml