You can write that yaml by yourself, but it will be faster to create it in 2 steps using kubectl:
- Generate a ‘yaml’ file. You can use the same command but in dry-run mode and output mode
yaml.
Here is an example of a command that will save a secret into a ‘docker-secret.yaml’ file for kubectl version < 1.18 (check the version by kubectl version --short|grep Client):
kubectl create secret docker-registry --dry-run=true $secret_name \
--docker-server=<DOCKER_REGISTRY_SERVER> \
--docker-username=<DOCKER_USER> \
--docker-password=<DOCKER_PASSWORD> \
--docker-email=<DOCKER_EMAIL> -o yaml > docker-secret.yaml
For kubectl version >= 1.18:
kubectl create secret docker-registry --dry-run=client $secret_name \
--docker-server=<DOCKER_REGISTRY_SERVER> \
--docker-username=<DOCKER_USER> \
--docker-password=<DOCKER_PASSWORD> \
--docker-email=<DOCKER_EMAIL> -o yaml > docker-secret.yaml
-
You can apply the file like any other Kubernetes ‘yaml’:
kubectl apply -f docker-secret.yaml
UPD, as a question has been updated.
If you are using Helm, here is an official documentation about how to create an ImagePullSecret.
From a doc:
- First, assume that the credentials are defined in the
values.yamlfile like so:
imageCredentials:
registry: quay.io
username: someone
password: sillyness
- We then define our helper template as follows:
{{- define "imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }}
{{- end }}
- Finally, we use the helper template in a larger template to create the
Secretmanifest:
apiVersion: v1
kind: Secret
metadata:
name: myregistrykey
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ template "imagePullSecret" . }}