Missing docs on how to run user-workloads using private Quay repos

[sym3tri]

Was working with a user on this and found a number of things with using Docker creds and pull-secrets confusing/missing. Note this is for users deploying their own private pods pulling from private quay repos, not with the Quay or Tectonic installation.

Various bits of this are scattered about other areas of our docs & the upstream k8s docs, but there is no clear guide on "how to deploy a custom app on Tectonic/Kubernetes using a private Quay repo".

• Explanation of all the formats: Docker .dockercfg vs config.json vs a Kubernetes "pull secret", and the different types: kubernetes.io/dockercfg vs kubernetes.io/dockerconfigjson, and disambiguation between these and the "CoreOS Pull Secret" required to run Tectonic.
• How to generically generate a pull-secret from a dockercfg or config.json: The entire thing must be base64 encoded, then put into a k8s secret manifest, with the correct type field set.
• How to acquire docker creds from the Quay UI, and which format should be used (exists in a different area of the docs)
• How to use these secrets in kubernetes. In pod manifest, or default for a namespace.

Supporting info is all scattered throughout these links:

https://github.com/coreos/docs/tree/master/quay-enterprise/tectonic https://coreos.com/os/docs/latest/registry-authentication.html https://coreos.com/quay-enterprise/docs/latest/tectonic/#download-kubernetes-configuration-files https://coreos.com/quay-enterprise/docs/latest/ https://kubernetes.io/docs/concepts/containers/images/ https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

[zbwright]

pulling @josephschorr into this - If you can give me a list of steps, I can start to put the page together. Deploying a custom app on Tectonic using a private Quay repo

1. intro (includes why someone might do this)
2. Docker setup (?)
3. Quay repo config requirements
4. Tectonic config requirements and etc.