Cloud Posse

Kubernetes Pull Secrets

There are a few ways to handle docker "pull secrets" under kubernetes. One way is specific to how kops works, the other is more generalized to kubernetes.

First you'll need to obtain a pull secret from your registry of choice.
e.g. ECR, Docker Hub or Code Fresh.

Kops Pull Secret

This works by installing a docker config on each master or node. It will be available to all pods on the node by default. This is the easiest solution and is compatible with the kubernetes managed pull secrets.


kops create secret dockerconfig
  1. Create a docker config. Create a new docker config, and store it in the state store. Used to configure docker on each master or node (ie. for auth) Use update to modify it, this command will only create a new entry.
  2. Update Cluster


  # Create an new docker config.
  kops create secret dockerconfig -f /path/to/docker/config.json \
  --name --state s3://

  # Replace an existing docker config secret.
  kops create secret dockerconfig -f /path/to/docker/config.json --force \
  --name --state s3://


Create Secret

Pod Pull Secrets

Namespace Pull Secrets

Kubernetes Pull Secrets