Creating secret with `oc secret new-dockercfg ...` creates secret in a new docker config format

[jhadvig]

The outcome of the https://bugzilla.redhat.com/show_bug.cgi?id=1476330 was that creating a secret with

oc secret new-dockercfg --docker-server=registry.com --docker-username=developer --docker-password=balabala --docker-email=developer@example.com redhat-connect-37

will create an secret with kubernetes.io/dockercfg type(old file type) with the new format:

{
        "auths": {
                "registryaddress": {
                        "auth": "auth string",
                        "email": "email@domain.com"
                }
        }
}

I agree that we need to start promoting the new format but we shouldn't mismatch type with format and the created secret should be of kubernetes.io/dockerconfigjson type

@juanvallejo @smarterclayton

[juanvallejo]

Related upstream PR / discussion: kubernetes/kubernetes#53916

[juanvallejo]

cc @fabianofranz

[GrahamDumpleton]

FWIW, this problem in OpenShift 3.7 affects using DockerHub as well, and not just Red Hat registry as in linked Bugzilla report.

If you don't want to muck around with raw resource objects, you can create the secret from the advanced options of an existing build configuration in the web console (no need to save the build and link it). Need to use that way because Create Secret under Secrets viewer in web console doesn't provide option to create a dockercfg type secret.

Alternatively, use an OpenShift 3.6 client against the 3.7 cluster when creating the secret as older client will create secret in format that works.

Not that I think it matters, I was using the secret as a pushSecret to push built images to DockerHub, not pull images.

[soltysh]

This should be fixed for 3.7 in #18062.
3.8 is not affected.
master picked a fix in #18003