Merge pull request #41760 from Vilsol/patch-1

k8s-ci-robot · web-flow · commit 62c862b53dd6 · 2023-08-22T15:21:54.000-07:00
A secret type must be used for pull secret to work
diff --git a/content/en/docs/concepts/configuration/secret.md b/content/en/docs/concepts/configuration/secret.md
@@ -277,8 +277,8 @@ for information on referencing service account credentials from within Pods.
 
 ### Docker config Secrets
 
-You can use one of the following `type` values to create a Secret to
-store the credentials for accessing a container image registry:
+If you are creating a Secret to store credentials for accessing a container image registry,
+you must use one of the following `type` values for that Secret:
 
 - `kubernetes.io/dockercfg`
 - `kubernetes.io/dockerconfigjson`
@@ -354,10 +354,12 @@ Docker configuration file):
 }
 ```
 
-{{< note >}}
+{{< caution >}}
 The `auth` value there is base64 encoded; it is obscured but not secret.
 Anyone who can read that Secret can learn the registry access bearer token.
-{{< /note >}}
+
+It is suggested to use [credential providers](/docs/tasks/administer-cluster/kubelet-credential-provider/) to dynamically and securely provide pull secrets on-demand.
+{{< /caution >}}
 
 ### Basic authentication Secret
 
