Secret Type - DOCKERCFG
The DOCKERCFG-Type is for syncing the Pull-Credentials for secured Docker repositories. The data has to be saved in a specific format inside a KV Secret Engine.
Based on your used Key Value Secret Engine please see the following instructions.
As already described the Pull-Credentials must be saved in a specific format inside a KV Secret Engine:
$ vault write secret/gitlab-hub url=registry.gitlab.com username=username password=VERYSECUREPASSWORD email=email@test.com
After this you can apply the following Vault Resource to Kubernetes:
apiVersion: "koudingspawn.de/v1"kind: Vaultmetadata:name: test-dockercfgspec:path: "secret/gitlab-hub"type: "DOCKERCFG"
Now you should see a Vault resource in Kubernetes and the created Docker Pull-Credentials:
$ kubectl get vault test-dockercfgNAME AGEtest-dockercfg 8d
$ kubectl get secret test-dockercfgNAME TYPE DATA AGEtest-dockercfg kubernetes.io/dockercfg 1 8d
As already described the Pull-Credentials must be saved in a specific format inside a KV2 Secret Engine:
$ vault kv put secret/gitlab-hub url=registry.gitlab.com username=username password=VERYSECUREPASSWORD email=email@test.com
After this you can apply the following Vault Resource to Kubernetes:
apiVersion: "koudingspawn.de/v1"kind: Vaultmetadata:name: test-dockercfgspec:path: "secret/gitlab-hub"type: "DOCKERCFG"dockerCfgConfiguration:type: "KEYVALUEV2"version: 1
Now you should see a Vault resource in Kubernetes and the created Docker Pull-Credentials:
$ kubectl get vault test-dockercfgNAME AGEtest-dockercfg 8d
$ kubectl get secret test-dockercfgNAME TYPE DATA AGEtest-dockercfg kubernetes.io/dockercfg 1 8d
dockerCfgConfiguration:type: "KEYVALUEV2" or "KEYVALUE" if not provided default: "KEYVALUE"version: 1 if not provided default is latest
For more details please see Change Detection!