Pull image private cleanup (#6609)

* cleanup and clarify doc on imagePullSecrets task * rename regsecret to regcred to reduce stuttering
kubernetes · Feb 20, 2018 · 62002d3 · 62002d3
1 parent a06de68
commit 62002d3
Showing 1 changed file with 26 additions and 32 deletions.
diff --git a/docs/tasks/configure-pod-container/pull-image-private-registry.md b/docs/tasks/configure-pod-container/pull-image-private-registry.md
@@ -22,12 +22,13 @@ private Docker registry or repository.
 
 ## Log in to Docker
 
+On your laptop, you must authenticate with a registry in order to pull a private image:
+
     docker login
 
 When prompted, enter your Docker username and password.
 
-The login process creates or updates a `config.json` file that holds an
-authorization token.
+The login process creates or updates a `config.json` file that holds an authorization token.
 
 View the `config.json` file:
 
@@ -46,11 +47,13 @@ The output contains a section similar to this:
 **Note:** If you use a Docker credentials store, you won't see that `auth` entry but a `credsStore` entry with the name of the store as value.
 {: .note}
 
-## Create a Secret that holds your authorization token
+## Create a Secret in the cluster that holds your authorization token
+
+A Kubernetes cluster uses the Secret of `docker-registry` type to authenticate with a container registry to pull a private image.
 
-Create a Secret named `regsecret`:
+Create this Secret, naming it `regcred`:
 
-    kubectl create secret docker-registry regsecret --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
+    kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
 
 where:
 
@@ -59,12 +62,13 @@ where:
 * `<your-pword>` is your Docker password.
 * `<your-email>` is your Docker email.
 
-## Understanding your Secret
+You have successfully set your Docker credentials in the cluster as a Secret called `regcred`.
 
-To understand what's in the Secret you just created, start by viewing the
-Secret in YAML format:
+## Inspecting the Secret `regcred`
 
-    kubectl get secret regsecret --output=yaml
+To understand the contents of the `regcred` Secret you just created, start by viewing the Secret in YAML format:
+
+    kubectl get secret regcred --output=yaml
 
 The output is similar to this:
 
@@ -74,49 +78,41 @@ The output is similar to this:
     kind: Secret
     metadata:
       ...
-      name: regsecret
+      name: regcred
       ...
     type: kubernetes.io/dockerconfigjson
 
-The value of the `.dockerconfigjson` field is a base64 representation of your secret data.
-
-Copy the base64 representation of the secret data into a file named `secret64`.
-
-**Important**: Make sure there are no line breaks in your `secret64` file.
+The value of the `.dockerconfigjson` field is a base64 representation of your Docker credentials.
 
 To understand what is in the `.dockerconfigjson` field, convert the secret data to a
 readable format:
 
-    base64 -d secret64
+    kubectl get secret regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 -d
 
 The output is similar to this:
 
     {"auths":{"yourprivateregistry.com":{"username":"janedoe","password":"xxxxxxxxxxx","email":"[email protected]","auth":"c3R...zE2"}}}
 
-Notice that the secret data contains the authorization token from your
-`config.json` file.
+Notice that the Secret data contains the authorization token similar to your local `~/.docker/config.json` file.
+
+You have successfully set your Docker credentials as a Secret called `regcred` in the cluster.
 
 ## Create a Pod that uses your Secret
 
-Here is a configuration file for a Pod that needs access to your secret data:
+Here is a configuration file for a Pod that needs access to your Docker credentials in `regcred`:
 
 {% include code.html language="yaml" file="private-reg-pod.yaml" ghlink="/docs/tasks/configure-pod-container/private-reg-pod.yaml" %}
 
 Download the above file:
 
     wget -O my-private-reg-pod.yaml https://k8s.io/docs/tasks/configure-pod-container/private-reg-pod.yaml
 
-In file `my-private-reg-pod.yaml`, replace `<your-private-image>` with the
-path to an image in a private repository.
-
-Example Docker Hub private image:
+In file `my-private-reg-pod.yaml`, replace `<your-private-image>` with the path to an image in a private registry such as:
 
     janedoe/jdoe-private:v1
 
-To pull the image from the private repository, Kubernetes needs credentials. The
- `imagePullSecrets` field in the configuration file specifies that Kubernetes
- should get the credentials from a Secret named
-`regsecret`.
+To pull the image from the private registry, Kubernetes needs credentials.
+The `imagePullSecrets` field in the configuration file specifies that Kubernetes should get the credentials from a Secret named `regcred`.
 
 Create a Pod that uses your Secret, and verify that the Pod is running:
 
@@ -128,12 +124,10 @@ Create a Pod that uses your Secret, and verify that the Pod is running:
 {% capture whatsnext %}
 
 * Learn more about [Secrets](/docs/concepts/configuration/secret/).
-* Learn more about
-[using a private registry](/docs/concepts/containers/images/#using-a-private-registry).
+* Learn more about [using a private registry](/docs/concepts/containers/images/#using-a-private-registry).
 * See [kubectl create secret docker-registry](/docs/user-guide/kubectl/{{page.version}}/#-em-secret-docker-registry-em-).
-* See [Secret](/docs/api-reference/{{page.version}}/#secret-v1-core)
-* See the `imagePullSecrets` field of
-[PodSpec](/docs/api-reference/{{page.version}}/#podspec-v1-core).
+* See [Secret](/docs/api-reference/{{page.version}}/#secret-v1-core).
+* See the `imagePullSecrets` field of [PodSpec](/docs/api-reference/{{page.version}}/#podspec-v1-core).
 
 {% endcapture %}