Skip to content

Latest commit

 

History

History
54 lines (45 loc) · 2.29 KB

31.ImageSecurity.md

File metadata and controls

54 lines (45 loc) · 2.29 KB
https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#registry-secret-existing-credentials

kubectl get deploy {deploy} -o yaml

kubectl create secret --help

kubectl create secret docker-registry --help

Options:
      --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or
map key is missing in the template. Only applies to golang and jsonpath output formats.
      --append-hash=false: Append a hash of the secret to its name.
      --docker-email='': Email for Docker registry
      --docker-password='': Password for Docker registry authentication
      --docker-server='https://index.docker.io/v1/': Server location for Docker registry
      --docker-username='': Username for Docker registry authentication
      --dry-run=false: If true, only print the object that would be sent, without sending it.
      --from-file=[]: Key files can be specified using their file path, in which case a default name
will be given to them, or optionally with a name and file path, in which case the given name will be
used.  Specifying a directory will iterate each named file in the directory that is a valid secret
key.
      --generator='secret-for-docker-registry/v1': The name of the API generator to use.
  -o, --output='': Output format. One of:
json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file.
      --save-config=false: If true, the configuration of current object will be saved in its
annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to
perform kubectl apply on this object in the future.
      --template='': Template string or path to template file to use when -o=go-template,
-o=go-template-file. The template format is golang templates
[http://golang.org/pkg/text/template/#pkg-overview].
      --validate=true: If true, use a schema to validate the input before sending it

kubectl create secret docker-registry \
--docker-username dock_user \
--docker-password dock_password \
--docker-server myprivateregistry.com:5000 \
--docker-email [email protected] \
private-reg-cred


apiVersion: v1
kind: Pod
metadata:
  name: private-reg
spec:
  containers:
  - name: private-reg-container
    image: <your-private-image>
  imagePullSecrets:
  - name: private-reg-cred