github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-14 05:36:12 +00:00
Code Issues Projects Releases Wiki Activity

Improve secrets docs.

Browse Source 
Explain that imagePullSecrets added to a service account
are added automatically to pods using that service account.

Reword text to not imply that ordinary secrets added to
a service account are not automatically added as volumes
to a pod.
This commit is contained in:
Eric Tune
2015-08-13 18:25:46 -07:00
parent ed36bfa860
commit d98f7ab884
2 changed files with 83 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
docs/user-guide/service-accounts.md
View File

@@ -160,6 +160,62 @@ token:
> Note that the content of `token` is elided here.
## Adding ImagePullSecrets to a service account
First, create an imagePullSecret, as described [here](images.md#specifying-imagepullsecrets-on-a-pod)
Next, verify it has been created. For example:
```console
$ kubectl get secrets myregistrykey
NAME TYPE DATA
myregistrykey kubernetes.io/dockercfg 1
```
Next, read/modify/write the service account for the namespace to use this secret as an imagePullSecret
```console
$ kubectl get serviceaccounts default -o yaml > ./sa.yaml
$ cat sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: 2015-08-07T22:02:39Z
name: default
namespace: default
resourceVersion: "243024"
selfLink: /api/v1/namespaces/default/serviceaccounts/default
uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
secrets:
- name: default-token-uudge
$ vi sa.yaml
[editor session not shown]
[delete line with key "resourceVersion"]
[add lines with "imagePullSecret:"]
$ cat sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: 2015-08-07T22:02:39Z
name: default
namespace: default
selfLink: /api/v1/namespaces/default/serviceaccounts/default
uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
secrets:
- name: default-token-uudge
imagePullSecrets:
- name: myregistrykey
$ kubectl replace serviceaccount default -f ./sa.yaml
serviceaccounts/default
```
Now, any new pods created in the current namespace will have this added to their spec:
```yaml
spec:
imagePullSecrets:
- name: myregistrykey
```
## Adding Secrets to a service account.
TODO: Test and explain how to use additional non-K8s secrets with an existing service account.