When manually configuring authentication with any registry in Kubernetes (including Quay and Docker Hub) the following command is used to generate the Kubernetes registry-auth secret:
$ kubectl create secret docker-registry my-favorite-registry-secret --docker-username=giffee_lover_93 --docker-password='passphrases are great!' --docker-email='giffee.lover.93@example.com' --docker-server=registry.example.io
secret "my-favorite-registry-secret" created
If you prefer you can store this in a YAML file by adding the --dry-run and -o yaml flag to the end of your command and copying or redirecting the output to a file:
$ kubectl create secret docker-registry my-favorite-registry [...] --dry-run -o yaml | tee credentials.yaml
apiVersion: v1
data:
.dockercfg: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
kind: Secret
metadata:
creationTimestamp: null
name: my-favorite-registry-secret
type: kubernetes.io/dockercfg
$ kubectl create -f credentials.yaml
secret "my-favorite-registry-secret" created
You can check that this secret is loaded with with the kubectl get command:
$ kubectl get my-favorite-registry-secret
NAME TYPE DATA AGE
my-favorite-registry-secret kubernetes.io/dockercfg 1 30m
The secret can be used in a Pod spec with the imagePullSecrets variable:
apiVersion: v1
kind: Pod
metadata:
name: somepod
namespace: all
spec:
containers:
- name: web
image: registry.example.io/v0/giffee_lover_93/somerepo
imagePullSecrets:
- name: my-favorite-registry-secret
For more information, check the docker-registry Kubernetes secret and Kubernetes imagePullSecrets documentation.