环境:
kubernetes: v1.10.4
docker: 17.03.2-ce
私有仓库使用的是Harbor
我们在Master上面创建一个私有凭证
kubectl create secret docker-registry regsecret \ --docker-server=<your-registry-server>\ --docker-username=<your-name>\ --docker-password=<your-pword> \ --docker-email=<your-email>
参数 | 说明 |
---|---|
regsecret | 此参数作为凭证id |
<your-registry-server> | 你的私有仓库地址 |
<your-name> | 用户名 |
<your-pword> | 密码 |
<your-email> |
这里我以阿里云私有仓库为示例,执行下面的命令创建私有凭证
kubectl create secret docker-registry regsecret \ --docker-server=registry.cn-beijing.aliyuncs.com\ --docker-username=1500698928@qq.com\ --docker-password=你的密码 \ --docker-email=1500698928@qq.com
查看创建的凭证,输出为yml
kubectl get secret regsecret --output=yaml
查看创建的凭证,输出为json
kubectl get secret regsecret --output=json
输出一下信息
{ "apiVersion": "v1", "data": { ".dockerconfigjson": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }, "kind": "Secret", "metadata": { "creationTimestamp": "2018-06-11T06:25:43Z", "name": "regsecret", "namespace": "default", "resourceVersion": "4543", "selfLink": "/api/v1/namespaces/default/secrets/regsecret", "uid": "44dc2b93-6d40-11e8-8136-000c2925c79d" }, "type": "kubernetes.io/dockerconfigjson" }
该.dockerconfigjson
字段的值是Docker凭据的base64表示形式
我们可以通过命令转化为可读格式
kubectl get secret regsecret --output="jsonpath={.data.\.dockerconfigjson}" | base64 -d
输出
{"auths":{"registry.cn-beijing.aliyuncs.com":{"username":"1500698928@qq.com","password":"xxxxxxxx","email":"1500698928@qq.com","auth":"xxxxxx"}}}
在Pod中使用凭证
apiVersion: v1 kind: Pod metadata: name: private-reg spec: containers: - name: private-reg-container image: registry.cn-beijing.aliyuncs.com/typ/nginx_alpine:1.1 imagePullSecrets: - name: regsecret
images换成你私有仓库的镜像
nam:regsecret是你刚才创建的凭证
通过查看日志可以发现已经成功下载了私有仓库的镜像
Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 4m default-scheduler Successfully assigned private-reg to ddu-3 Normal SuccessfulMountVolume 4m kubelet, ddu-3 MountVolume.SetUp succeeded for volume "default-token-42nsz" Normal Pulling 4m kubelet, ddu-3 pulling image "registry.cn-beijing.aliyuncs.com/typ/nginx_alpine:1.1" Normal Pulled 2m kubelet, ddu-3 Successfully pulled image "registry.cn-beijing.aliyuncs.com/typ/nginx_alpine:1.1"