Fiddling about with IBM Cloud Private (ICP) and IBM Cloud Automation Manager (CAM), one of the pre-requisites required me to "cache" my Docker Store credentials in a Kubernetes (K8S) secrets: _
Creating Docker Store secret
The syntax is thus: -
kubectl create secret docker-registry --docker-username= --docker-password= --docker-email= -n services
So off I went ....
The first hurdle was that my Docker password has special characters, including an ampersand ( & ), which broke the kubectl command; shells tend NOT to like ampersands in commands :-)
That was easily resolved - I just wrapped my password in double quotes ( " ), which resolved THAT particular issue.
I was using a randomly generated secret name, for no particular reason: -
DitYPtiansUP
I then hit this: -
The Secret "DitYPtiansUP" is invalid: metadata.name: Invalid value: "DitYPtiansUP": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
Creating Docker Store secret
The syntax is thus: -
kubectl create secret docker-registry
So off I went ....
The first hurdle was that my Docker password has special characters, including an ampersand ( & ), which broke the kubectl command; shells tend NOT to like ampersands in commands :-)
That was easily resolved - I just wrapped my password in double quotes ( " ), which resolved THAT particular issue.
I was using a randomly generated secret name, for no particular reason: -
DitYPtiansUP
I then hit this: -
The Secret "DitYPtiansUP" is invalid: metadata.name: Invalid value: "DitYPtiansUP": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
which didn't really help ....
I dug into the K8S documentation: -
and then looked at the existing secrets on my ICP cluster: -
kubectl get secrets
NAME TYPE DATA AGE
default-token-rvscx kubernetes.io/service-account-token 3 2d
infra-registry-key kubernetes.io/dockerconfigjson 1 2d
which gave me a clue ...
It looks like the secret name needs to be formatted thusly: -
- lower-case
- separated with a hyphen ( - ) or full stop / period ( . )
Therefore, I went for the path of least resistance, and used my name as my secret: -
david-hay
which did the job.
One other thing ....
This: -
kubectl get secrets
NAME TYPE DATA AGE
default-token-rvscx kubernetes.io/service-account-token 3 2d
infra-registry-key kubernetes.io/dockerconfigjson 1 2d
didn't show up my newly created secret, even though I knew it was there; I tried to create it again, and saw this: -
Error from server (AlreadyExists): secrets "david-hay" already exists
Thankfully, I realised where I was going wrong - it's all in the namespace ....
My newly created secret was placed in the services namespace, so I needed to look specifically at that: -
kubectl get secrets -n services
NAME TYPE DATA AGE
david-hay kubernetes.io/dockerconfigjson 1 11m
default-token-nnz4v kubernetes.io/service-account-token 3 2d
oauth-client-secret Opaque 2 2d
For the record, here's how to find the namespaces: -
kubectl get namespaces
NAME STATUS AGE
cert-manager Active 2d
default Active 2d
ibmcom Active 2d
istio-system Active 2d
kube-public Active 2d
kube-system Active 2d
platform Active 2d
services Active 2d
I could've done this: -
kubectl get secrets --all-namespaces=true
...
NAMESPACE NAME TYPE DATA AGE
cert-manager default-token-rvscx kubernetes.io/service-account-token 3 2d
cert-manager infra-registry-key kubernetes.io/dockerconfigjson 1 2d
default default-token-kj5xp kubernetes.io/service-account-token 3 2d
ibmcom default-token-5vhkl kubernetes.io/service-account-token 3 2d
ibmcom infra-registry-key kubernetes.io/dockerconfigjson 1 2d
ibmcom sa-ibmcom kubernetes.io/dockerconfigjson 1 2d
...
services david-hay kubernetes.io/dockerconfigjson 1 16m
services default-token-nnz4v kubernetes.io/service-account-token 3 2d
services oauth-client-secret Opaque 2 2d
...