The DOCKERCFG-Type is for syncing the Pull-Credentials for secured Docker repositories. The data has to be saved in a specific format inside a KV Secret Engine.
Based on your used Key Value Secret Engine please see the following instructions.
How To for KV Engine V1:
As already described the Pull-Credentials must be saved in a specific format inside a KV Secret Engine:
Copy $ vault write secret/gitlab-hub url=registry.gitlab.com username=username password=VERYSECUREPASSWORD email=email@test.com After this you can apply the following Vault Resource to Kubernetes:
Copy apiVersion : "koudingspawn.de/v1"
kind : Vault
metadata :
name : test-dockercfg
spec :
path : "secret/gitlab-hub"
type : "DOCKERCFG" Now you should see a Vault resource in Kubernetes and the created Docker Pull-Credentials:
Copy $ kubectl get vault test-dockercfg
NAME AGE
test-dockercfg 8d
Copy $ kubectl get secret test-dockercfg
NAME TYPE DATA AGE
test-dockercfg kubernetes.io/dockercfg 1 8d How To for KV Engine V2:
As already described the Pull-Credentials must be saved in a specific format inside a KV2 Secret Engine:
Copy $ vault kv put secret/gitlab-hub url=registry.gitlab.com username=username password=VERYSECUREPASSWORD email=email@test.com After this you can apply the following Vault Resource to Kubernetes:
Copy apiVersion : "koudingspawn.de/v1"
kind : Vault
metadata :
name : test-dockercfg
spec :
path : "secret/gitlab-hub"
type : "DOCKERCFG"
dockerCfgConfiguration :
type : "KEYVALUEV2"
version : 1 Now you should see a Vault resource in Kubernetes and the created Docker Pull-Credentials:
Copy $ kubectl get vault test-dockercfg
NAME AGE
test-dockercfg 8d
Copy $ kubectl get secret test-dockercfg
NAME TYPE DATA AGE
test-dockercfg kubernetes.io/dockercfg 1 8d Supported Values in dockerCfgConfiguration
Copy dockerCfgConfiguration :
type : "KEYVALUEV2" or "KEYVALUE" if not provided default : "KEYVALUE"
version : 1 if not provided default is latest Change Adjustment Callback
For more details please see Change Detection !
