mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
Updates imagepullsecret field in IR docs
This commit is contained in:
Steven Smith
committed by
openshift-cherrypick-robot
openshift-cherrypick-robot
parent
a9c91a0a86
commit
9b6ef47c67
40
modules/creating-pull-secrets.adoc
Normal file
40
modules/creating-pull-secrets.adoc
Normal file
@@ -0,0 +1,40 @@
|
||||
// Module included in the following assemblies:
|
||||
// * openshift_images/using-image-pull-secrets
|
||||
// * openshift_images/managing-image-streams.adoc
|
||||
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="creating-pull-secret_{context}"]
|
||||
= Creating a pull secret
|
||||
|
||||
.Procedure
|
||||
|
||||
* Create a secret from an existing authentication file:
|
||||
|
||||
** For Docker clients using `.docker/config.json`, enter the following command:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc create secret generic <pull_secret_name> \
|
||||
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
|
||||
--type=kubernetes.io/dockerconfigjson
|
||||
----
|
||||
|
||||
** For Podman clients using `.config/containers/auth.json`, enter the following command:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc create secret generic <pull_secret_name> \
|
||||
--from-file=<path/to/.config/containers/auth.json> \
|
||||
--type=kubernetes.io/podmanconfigjson
|
||||
----
|
||||
|
||||
* If you do not already have a Docker credentials file for the secured registry, you can create a secret by running the following command:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc create secret docker-registry <pull_secret_name> \
|
||||
--docker-server=<registry_server> \
|
||||
--docker-username=<user_name> \
|
||||
--docker-password=<password> \
|
||||
--docker-email=<email>
|
||||
----
|
||||
@@ -55,44 +55,4 @@ metadata:
|
||||
resourceVersion: "37676"
|
||||
uid: e2851531-01bc-48ba-878c-de96cfe31020
|
||||
type: Opaque
|
||||
----
|
||||
|
||||
.Procedure
|
||||
|
||||
* Create a secret from an existing authentication file:
|
||||
|
||||
** For Docker clients using `.docker/config.json`, enter the following command:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc create secret generic <pull_secret_name> \
|
||||
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
|
||||
--type=kubernetes.io/dockerconfigjson
|
||||
----
|
||||
|
||||
** For Podman clients using `.config/containers/auth.json`, enter the following command:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc create secret generic <pull_secret_name> \
|
||||
--from-file=<path/to/.config/containers/auth.json> \
|
||||
--type=kubernetes.io/podmanconfigjson
|
||||
----
|
||||
|
||||
* If you do not already have a Docker credentials file for the secured registry, you can create a secret by running:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc create secret docker-registry <pull_secret_name> \
|
||||
--docker-server=<registry_server> \
|
||||
--docker-username=<user_name> \
|
||||
--docker-password=<password> \
|
||||
--docker-email=<email>
|
||||
----
|
||||
|
||||
* To use a secret for pulling images for pods, you must add the secret to your service account. The name of the service account in this example should match the name of the service account the pod uses. The default service account is `default`:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc secrets link default <pull_secret_name> --for=pull
|
||||
----
|
||||
83
modules/using-pull-secret.adoc
Normal file
83
modules/using-pull-secret.adoc
Normal file
@@ -0,0 +1,83 @@
|
||||
// Module included in the following assemblies:
|
||||
// * openshift_images/using-image-pull-secrets
|
||||
// * openshift_images/managing-image-streams.adoc
|
||||
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="using-pull-secret_{context}"]
|
||||
= Using a pull secret in a workload
|
||||
|
||||
You can use a pull secret to allow workloads to pull images from a private registry with one of the following methods:
|
||||
|
||||
* By linking the secret to a `ServiceAccount`, which automatically applies the secret to all pods using that service account.
|
||||
* By defining `imagePullSecrets` directly in workload configurations, which is useful for environments like GitOps or ArgoCD.
|
||||
|
||||
.Procedure
|
||||
|
||||
* You can use a secret for pulling images for pods by adding the secret to your service account. Note that the name of the service account should match the name of the service account that pod uses. The default service account is `default`.
|
||||
|
||||
** Enter the following command to link the pull secret to a `ServiceAccount`:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc secrets link default <pull_secret_name> --for=pull
|
||||
----
|
||||
|
||||
** To verify the change, enter the following command:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc get serviceaccount default -o yaml
|
||||
----
|
||||
+
|
||||
.Example output
|
||||
+
|
||||
[source,yaml]
|
||||
----
|
||||
apiVersion: v1
|
||||
imagePullSecrets:
|
||||
- name: default-dockercfg-123456
|
||||
- name: <pull_secret_name>
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations:
|
||||
openshift.io/internal-registry-pull-secret-ref: <internal_registry_pull_secret>
|
||||
creationTimestamp: "2025-03-03T20:07:52Z"
|
||||
name: default
|
||||
namespace: default
|
||||
resourceVersion: "13914"
|
||||
uid: 9f62dd88-110d-4879-9e27-1ffe269poe3
|
||||
secrets:
|
||||
- name: <pull_secret_name>
|
||||
----
|
||||
|
||||
* Instead of linking the secret to a service account, you can alternatively reference it directly in your pod or workload definition. This is useful for GitOps workflows such as ArgoCD. For example:
|
||||
+
|
||||
.Example pod specification
|
||||
+
|
||||
[source,yaml]
|
||||
----
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: <secure_pod_name>
|
||||
spec:
|
||||
containers:
|
||||
- name: <container_name>
|
||||
image: quay.io/my-private-image
|
||||
imagePullSecrets:
|
||||
- name: <pull_secret_name>
|
||||
----
|
||||
+
|
||||
.Example ArgoCD workflow
|
||||
+
|
||||
[source,yaml]
|
||||
----
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Workflow
|
||||
metadata:
|
||||
generateName: <example_workflow>
|
||||
spec:
|
||||
entrypoint: <main_task>
|
||||
imagePullSecrets:
|
||||
- name: <pull_secret_name>
|
||||
----
|
||||
@@ -39,7 +39,7 @@ include::modules/images-imagestream-import.adoc[leveloffset=+2]
|
||||
The following sections describe how to import, and work with, image streams.
|
||||
|
||||
include::modules/images-imagestream-import-images-private-registry.adoc[leveloffset=+2]
|
||||
include::modules/images-allow-pods-to-reference-images-from-secure-registries.adoc[leveloffset=+3]
|
||||
//include::modules/images-allow-pods-to-reference-images-from-secure-registries.adoc[leveloffset=+3]
|
||||
|
||||
|
||||
include::modules/images-imagestream-import-import-mode.adoc[leveloffset=+2]
|
||||
|
||||
@@ -17,6 +17,8 @@ You use this pull secret to authenticate with the services that are provided by
|
||||
include::modules/images-allow-pods-to-reference-images-across-projects.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/images-allow-pods-to-reference-images-from-secure-registries.adoc[leveloffset=+1]
|
||||
include::modules/creating-pull-secrets.adoc[leveloffset=+2]
|
||||
include::modules/using-pull-secret.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/images-pulling-from-private-registries.adoc[leveloffset=+2]
|
||||
|
||||
|
||||
Reference in New Issue
Block a user