kubectl-create-secret-docker-registry man page

kubectl create secret docker-registry — Create a secret for use with a Docker registry.


kubectl create secret docker-registry [Options]


Create a new secret for use with Docker registries.

Dockercfg secrets are used to authenticate against Docker registries.

When using the Docker command line to push images, you can authenticate to a given registry by running
'docker login DOCKER_REGISTRY_SERVER --username=DOCKER_USER --password=DOCKER_PASSWORD --email=DOCKER_EMAIL'. That produces a  /.dockercfg file that is used by subsequent 'docker push' and 'docker pull' commands to authenticate to the registry.

When creating applications, you may have a Docker registry that requires authentication. In order for the nodes to pull images on your behalf, they have to have the credentials. You can provide this information by creating a dockercfg secret and attaching it to your service account.


Email for Docker registry
Password for Docker registry authentication
--docker-server=" ⟨https://index.docker.io/v1/"⟩
Server location for Docker registry
Username for Docker registry authentication
If true, only print the object that would be sent, without sending it.
The name of the API generator to use.
If true, include definitions of new APIs via calls to the API server. [default true]
When using the default output, don't print headers.
-o, --output=""
Output format. One of: json|yaml|wide|name|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See golang template [ ⟨http://golang.org/pkg/text/template/#pk…⟩] and jsonpath template [ ⟨http://releases.k8s.io/release-1.3/docs…⟩].
Output the formatted object with the given group version (for ex: 'extensions/v1beta1').
If true, the configuration of current object will be saved in its annotation. This is useful when you want to perform kubectl apply on this object in the future.
--schema-cache-dir=" /.kube/schema"
If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
-a, --show-all=false
When printing, show all resources (default hide terminated pods.)
When printing, show all labels as the last column (default hide labels column)
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [ ⟨http://golang.org/pkg/text/template/#pk…⟩].
If true, use a schema to validate the input before sending it

Options Inherited from Parent Commands

log to standard error as well as files

DEPRECATED: The API version to use when talking to the server

Username to impersonate for the operation.

Path to a cert. file for the certificate authority.

Path to a client certificate file for TLS.

Path to a client key file for TLS.

The name of the kubeconfig cluster to use

The name of the kubeconfig context to use

If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.

Path to the kubeconfig file to use for CLI requests.

when logging hits line file:N, emit a stack trace

If non-empty, write log files in this directory

Maximum number of seconds between log flushes

log to standard error instead of files

Require server version to match client version

If present, the namespace scope for this CLI request.

Password for basic authentication to the API server.

-s, --server=""
The address and port of the Kubernetes API server

logs at or above this threshold go to stderr

Bearer token for authentication to the API server.

The name of the kubeconfig user to use

Username for basic authentication to the API server.

log level for V logs

comma-separated list of pattern=N settings for file-filtered logging


# If you don't already have a .dockercfg file, you can create a dockercfg secret directly by using:
kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

See Also



January 2015, Originally compiled by Eric Paris (eparis at redhat dot com) based on the kubernetes source material, but hopefully they have been automatically generated since!

Referenced By


Explore man page connections for kubectl-create-secret-docker-registry(1).