From 21c6007e7133d069f3dcde913f499f852922ce72 Mon Sep 17 00:00:00 2001
From: Eric Greer <eric.greer@comcast.com>
Date: Thu, 8 Apr 2021 12:32:17 -0700
Subject: [PATCH] Update kops_create_secret_dockerconfig.md

Today we were implementing an authenticated docker user, but it was unclear how exactly to do that.  We learned that simply making this secret within kops was all that was needed for the docker config to start appearing on newly built nodes.  It would be nice if the documentation here reflected that.  It would have saved us some time.
---
 cmd/kops/create_secret_dockerconfig.go      | 7 ++++++-
 docs/cli/kops_create_secret_dockerconfig.md | 2 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/cmd/kops/create_secret_dockerconfig.go b/cmd/kops/create_secret_dockerconfig.go
index 1848e6c2ea..015d502bb7 100644
--- a/cmd/kops/create_secret_dockerconfig.go
+++ b/cmd/kops/create_secret_dockerconfig.go
@@ -35,7 +35,12 @@ var (
 	createSecretDockerconfigLong = templates.LongDesc(i18n.T(`
 	Create a new docker config, and store it in the state store.
 	Used to configure docker on each master or node (i.e. for auth)
-	Use update to modify it, this command will only create a new entry.`))
+	Use update to modify it, this command will only create a new entry.
+	
+	After creating a dockerconfig secret, a .docker/config.json file will 
+	be added to all newly created nodes without running kops update.
+	This file should also apply auth to containerd, which is the default
+	container runtime in kops 1.20 and above.`))
 
 	createSecretDockerconfigExample = templates.Examples(i18n.T(`
 	# Create a new docker config.
diff --git a/docs/cli/kops_create_secret_dockerconfig.md b/docs/cli/kops_create_secret_dockerconfig.md
index 8de064f133..b1c9681c5d 100644
--- a/docs/cli/kops_create_secret_dockerconfig.md
+++ b/docs/cli/kops_create_secret_dockerconfig.md
@@ -9,6 +9,8 @@ Create a docker config.
 
 Create a new docker config, and store it in the state store. Used to configure docker on each master or node (i.e. for auth) Use update to modify it, this command will only create a new entry.
 
+ After creating a dockerconfig secret, a .docker/config.json file will be added to all newly created nodes without running kops update. This file should also apply auth to containerd, which is the default container runtime in kops 1.20 and above.
+
 ```
 kops create secret dockerconfig [flags]
 ```