Kustomize: Example on how to create a docker-registry secret

Created on 31 Jul 2019  路  8Comments  路  Source: kubernetes-sigs/kustomize

There is a kubectl command to create a docker-registry secret object which can be used to pull images from private registrys.

kubectl create secret docker-registry regcred \
  --docker-server=<your-registry-server> \
  --docker-username=<your-name> \
  --docker-password=<your-pword> \
  --docker-email=<your-email>

It would be very nice and helpfull if there were some kind of documentation on how to generate the same secret object with kustomize! Something like this:

secretGenerator:
  - name: regcred
    literals:
      - .dockerconfigjson=<Encoded Secret>
    type: "kubernetes.io/dockerconfigjson"

The <Encoded Secret> seems to be the base64 encoded string:

{
  "auths": {
    "your-registry-server": {
      "username": "your-name",
      "password": "your-pword",
      "email": "your-email",
      "auth": "<Secret>"
    }
  }
}

The <Secret> seems to be the base64 encoded string:

your-name:your-pword

Source: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#inspecting-the-secret-regcred

lifecyclrotten
Source
picture mhubig
👍4

Most helpful comment

I think you don't need anything special

Put your json regred in secrets/.dockerconfigjson

If your kustomization.yaml contains something like

secretGenerator:
  - name: regcred
    files:
      - secrets/.dockerconfigjson
    type: kubernetes.io/dockerconfigjson

and your manifest contains

      imagePullSecrets:
      - name: regcred

the name should be suffixed correctly with the secret hash.

picture eburghar on 27 Aug 2019
👍13 😕1 🎉1

All 8 comments

I think you don't need anything special

Put your json regred in secrets/.dockerconfigjson

If your kustomization.yaml contains something like

secretGenerator:
  - name: regcred
    files:
      - secrets/.dockerconfigjson
    type: kubernetes.io/dockerconfigjson

and your manifest contains

      imagePullSecrets:
      - name: regcred

the name should be suffixed correctly with the secret hash.

eburghar picture eburghar on 27 Aug 2019
👍13 😕1 🎉1

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

fejta-bot picture fejta-bot on 25 Nov 2019

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

fejta-bot picture fejta-bot on 25 Dec 2019

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

fejta-bot picture fejta-bot on 24 Jan 2020

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 24 Jan 2020

As stated here, I reached to generate the secret like that:

secretGenerator:
  - name: image-pull-secret
    files:
-      - secrets/.dockerconfigjson
+      - .dockerconfigjson=secrets/.dockerconfigjson
    type: kubernetes.io/dockerconfigjson
hadrien-toma picture hadrien-toma on 2 Sep 2020
👍1

I'm still having issues with this on GCR. Credentials I'd download from GC work if used with the CLI but I'm doing as @hadrien-toma suggests using imagePullSecrets and still not working? Heres my YAML

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: my-app
    client: money
  name: money-my-app-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-app
      client: money
  template:
    metadata:
      labels:
        app: my-app
        client: money
    spec:
      containers:
      - args:
        - -m
        - my-app.concurrent
        - configurations/config.yaml
        command:
        - python
        image: gcr.io/some-project/server:latest
        name: my-app-server
        ports:
        - containerPort: 46337
          name: router-frontend
        - containerPort: 47227
          name: router-capture
      imagePullSecrets:
      - name: some-secret-c4257kdffb

and

apiVersion: v1
data:
  .dockerconfigjson: ewogICJ0...etc
kind: Secret
metadata:
  labels:
    client: money
  name: some-secret-c4257kdffb
type: kubernetes.io/dockerconfigjson
whillas picture whillas on 17 Sep 2020

@whillas Could you provide your Kustomization file and all the resource file?

Shell32-Natsu picture Shell32-Natsu on 17 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pst picture pst  路  4Comments
mgoodness picture mgoodness  路  4Comments
lionelvillard picture lionelvillard  路  4Comments
nabadger picture nabadger  路  4Comments
nicks picture nicks  路  3Comments