kubectl create secret docker-registry omits apiVersion and kind

Created on 4 Apr 2018  路  6Comments  路  Source: kubernetes/kubectl

Is this a BUG REPORT or FEATURE REQUEST?: Bug

Kubernetes version (use kubectl version):

Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.0", GitCommit:"fc32d2f3698e36b93322a3465f63a14e9f0eaead", GitTreeState:"clean", BuildDate:"2018-03-26T16:55:54Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.0", GitCommit:"fc32d2f3698e36b93322a3465f63a14e9f0eaead", GitTreeState:"clean", BuildDate:"2018-03-26T16:44:10Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

Environment:

  • Cloud provider or hardware configuration: AWS EC2
  • OS (e.g. from /etc/os-release): Amazon Linux 2017.12
  • Kernel (e.g. uname -a): Linux 4.9.76-38.79.amzn2.x86_64

What happened:

$ kubectl create secret docker-registry regsecret --dry-run --docker-server=$REGISTRY --docker-username=AWS --docker-password=$DOCKER_PASSWORD --docker-email="[email protected]" -o yaml | kubectl apply -f -
error: error validating "STDIN": error validating data: [apiVersion not set, kind not set]; if you choose to ignore these errors, turn validation off with --validate=false

What you expected to happen: A successful secret creation. This can be achieved with the following workaround:

kubectl create secret docker-registry regsecret --dry-run --docker-server=$REGISTRY --docker-username=AWS --docker-password=$DOCKER_PASSWORD --docker-email="[email protected]" -o yaml > secret.yml
echo "apiVersion: v1" >> secret.yml
echo "kind: Secret" >> secret.yml
kubectl apply -f secret.yml

The expectation here is that apiVersion and kind are included in the output of kubectl create secret docker-registry regsecret --dry-run.

How to reproduce it (as minimally and precisely as possible):

kubectl create secret docker-registry test --dry-run --docker-server=foo --docker-username=AWS --docker-password=bar --docker-email="[email protected]" -o yaml | kubectl apply -f -

Anything else we need to know: I believe this is a regression, but I don't know the precise version number it changed in.

picture 3dbrows

Most helpful comment

resolved in 1.10.1

picture liggitt on 14 Apr 2018
👍3 🎉2

All 6 comments

The purpose of doing --dry-run and then kubectl apply -f -, by the way, is to allow a one-shot create-or-update of the secret when registry login credentials change e.g. when authenticating against ECR.

3dbrows picture 3dbrows on 4 Apr 2018

I am also facing same issue. any workarounds ? I am trying for istio and using this script:
https://raw.githubusercontent.com/istio/istio/release-0.7/install/kubernetes/webhook-create-signed-cert.sh

its failing with the above mentioned issue.

Vikash082 picture Vikash082 on 12 Apr 2018

resolved in 1.10.1

liggitt picture liggitt on 14 Apr 2018
👍3 🎉2

@Vikash082 the same problem .... have you resolved it?

nieshuai123 picture nieshuai123 on 27 Apr 2018

@liggitt how was this resolved? Does create secret now populate the fields, they aren't required, or what?

cbryant-zspace picture cbryant-zspace on 24 Aug 2018

it now populates the fields on output

liggitt picture liggitt on 24 Aug 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mshahat picture mshahat  路  3Comments
hershkoy picture hershkoy  路  4Comments
adambro picture adambro  路  3Comments
drpaneas picture drpaneas  路  3Comments
fiksn picture fiksn  路  3Comments