1. Transaction Manager for Microservices Developer Guide
  2. Prepare
  3. Prepare a Kubernetes Cluster
  4. Create a Kubernetes Secret to Access Docker Registry

3.4.7 Create a Kubernetes Secret to Access Docker Registry

When you install the application using Helm, use a Kubernetes secret to provide the authentication details to pull an image from the remote repository.

The Kubernetes Secret contains all the login details you provide if you were manually logging in to the remote Docker registry using the docker login command, including your credentials.

  1. Create a secret by providing the credentials on the command-line by using the following command.
    kubectl create secret docker-registry NAME --docker-server=SERVER --docker-username=USERNAME --docker-password=PASSWORD --docker-email=EMAIL --namespace=NAMESPACE

    Where,

    • NAME: Name of the Kubernetes secret that you want to create. Note down this name as you will use this name later in the manifest file to refer to the secret.
    • SERVER: Name of your private Docker registry. The format varies based on your Kubernetes platform. For example, the format of the user name in Oracle Cloud Infrastructure environment is <region-key>.ocir.io.
    • USERNAME: User name to access the remote Docker registry. The format varies based on your Kubernetes platform. For example, the format of the user name in Oracle Cloud Infrastructure environment is <tenancy-namespace>/<oci-username>.
    • PASSWORD: Password to access the remote Docker registry.
    • EMAIL: Email ID for your Docker registry.
    • NAMESPACE: Namespace where you want to deploy MicroTx.

    Example

    Use the following command to create a Kubernetes secret with the name regcred in the otmm namespace. 

    kubectl create secret docker-registry regcred --docker-server=iad.ocir.io --docker-username=mytenancy/myuser --docker-password=pwd --docker-email=myuser@example.com --namespace=otmm
  2. Note down the name of the secret that you have created. You will need to provide this value later.
  3. Close the terminal.
    When you type secrets at the command line, the command line may store the secrets in your shell history unprotected. The secrets might also be visible to other users on your PC during the time that kubectl is running. To overcome this issue, you can close the terminal after creating the secret.

You can also create a secret based on existing credentials. See https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#registry-secret-existing-credentials.

Parent topic: Prepare a Kubernetes Cluster