kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #41760 from Vilsol/patch-1 

A secret type must be used for pull secret to work
pull/42682/head
Kubernetes Prow Robot 2023-08-22 15:21:54 -07:00 committed by GitHub
parent 6b38d9830b d3fc857138
commit 62c862b53d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
content/en/docs/concepts/configuration/secret.md
View File

@ -277,8 +277,8 @@ for information on referencing service account credentials from within Pods.
### Docker config Secrets ### Docker config Secrets
You can use one of the following `type` values to create a Secret to If you are creating a Secret to store credentials for accessing a container image registry,
store the credentials for accessing a container image registry: you must use one of the following `type` values for that Secret:
- `kubernetes.io/dockercfg` - `kubernetes.io/dockercfg`
- `kubernetes.io/dockerconfigjson` - `kubernetes.io/dockerconfigjson`
@ -354,10 +354,12 @@ Docker configuration file):
} }
``` ```
{{< note >}} {{< caution >}}
The `auth` value there is base64 encoded; it is obscured but not secret. The `auth` value there is base64 encoded; it is obscured but not secret.
Anyone who can read that Secret can learn the registry access bearer token. Anyone who can read that Secret can learn the registry access bearer token.
{{< /note >}}
It is suggested to use [credential providers](/docs/tasks/administer-cluster/kubelet-credential-provider/) to dynamically and securely provide pull secrets on-demand.
{{< /caution >}}
### Basic authentication Secret ### Basic authentication Secret