doctl registry kubernetes-manifest

Go to Navigation


doctl registry kubernetes-manifest [flags]




Outputs a YAML-formatted Kubernetes secret manifest that can be used to grant a Kubernetes cluster pull access to your private container registry.

By default, the secret manifest is applied to all the namespaces for the Kubernetes cluster using the DOSecret operator. The DOSecret operator is available on clusters running version 1.15.12-do.2 or greater. For older clusters, or to restrict the secret to a specific namespace, use the --namespace flag.

You can redirect the command’s output to a file to save the manifest for later use or pipe it directly to kubectl to create the secret in your cluster:

doctl registry kubernetes-manifest | kubectl apply -f -


The following example generates a secret manifest for a registry named example-registry and applies it to the kube-system namespace:

doctl registry kubernetes-manifest example-registry --namespace=kube-system


Option Description
--help , -h Help for this command
--name The secret’s name. Defaults to the registry name prefixed with “registry-”
--namespace The Kubernetes namespace to hold the secret
Default: kube-system
Command Description
doctl registry Display commands for working with container registries

Global Flags

Option Description
--access-token, -t API V2 access token
--api-url, -u Override default API endpoint
--config, -c Specify a custom config file
  • macOS: ${HOME}/Library/Application Support/doctl/config.yaml
  • Linux: ${XDG_CONFIG_HOME}/doctl/config.yaml
  • Windows: %APPDATA%\doctl\config.yaml
--context Specify a custom authentication context name
--http-retry-max Set maximum number of retries for requests that fail with a 429 or 500-level error
Default: 5
--http-retry-wait-max Set the minimum number of seconds to wait before retrying a failed request
Default: 30
--http-retry-wait-min Set the maximum number of seconds to wait before retrying a failed request
Default: 1
--interactive Enable interactive behavior. Defaults to true if the terminal supports it (default false)
Default: false
--output, -o Desired output format [text|json]
Default: text
--trace Show a log of network activity while performing a command
Default: false
--verbose, -v Enable verbose output
Default: false