Vault-CRD
  • Introduction
  • How does Vault-CRD work?
  • Supported Secret Types
    • Secret Type - KEYVALUE
    • Secret Type - KEYVALUEV2
    • Secret Type - PKI
    • Secret Type - PKIJKS
    • Secret Type - CERT
    • Secret Type - CERTJKS
    • Secret Type - DOCKERCFG
    • Secret Type - PROPERTIES
  • Change Detection
  • Install Vault-CRD
    • Self Signed Certificates
    • Enable Admission Webhook
Powered by GitBook
On this page
  • How To for KV Engine V1:
  • How To for KV Engine V2:
  • Supported Values in dockerCfgConfiguration
  • Change Adjustment Callback
  1. Supported Secret Types

Secret Type - DOCKERCFG

The DOCKERCFG-Type is for syncing the Pull-Credentials for secured Docker repositories. The data has to be saved in a specific format inside a KV Secret Engine.

Based on your used Key Value Secret Engine please see the following instructions.

How To for KV Engine V1:

As already described the Pull-Credentials must be saved in a specific format inside a KV Secret Engine:

$ vault write secret/gitlab-hub url=registry.gitlab.com username=username password=VERYSECUREPASSWORD email=email@test.com

After this you can apply the following Vault Resource to Kubernetes:

apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
  name: test-dockercfg
spec:
  path: "secret/gitlab-hub"
  type: "DOCKERCFG"

Now you should see a Vault resource in Kubernetes and the created Docker Pull-Credentials:

$ kubectl get vault test-dockercfg
NAME             AGE
test-dockercfg   8d
$ kubectl get secret test-dockercfg
NAME             TYPE                      DATA      AGE
test-dockercfg   kubernetes.io/dockercfg   1         8d

How To for KV Engine V2:

As already described the Pull-Credentials must be saved in a specific format inside a KV2 Secret Engine:

$ vault kv put secret/gitlab-hub url=registry.gitlab.com username=username password=VERYSECUREPASSWORD email=email@test.com

After this you can apply the following Vault Resource to Kubernetes:

apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
  name: test-dockercfg
spec:
  path: "secret/gitlab-hub"
  type: "DOCKERCFG"
  dockerCfgConfiguration:
    type: "KEYVALUEV2"
    version: 1

Now you should see a Vault resource in Kubernetes and the created Docker Pull-Credentials:

$ kubectl get vault test-dockercfg
NAME             AGE
test-dockercfg   8d
$ kubectl get secret test-dockercfg
NAME             TYPE                      DATA      AGE
test-dockercfg   kubernetes.io/dockercfg   1         8d

Supported Values in dockerCfgConfiguration

dockerCfgConfiguration:
  type: "KEYVALUEV2" or "KEYVALUE"   if not provided default: "KEYVALUE"
  version: 1                         if not provided default is latest

Change Adjustment Callback

PreviousSecret Type - CERTJKSNextSecret Type - PROPERTIES

Last updated 4 years ago

For more details please see !

Change Detection