共计 1994 个字符,预计需要花费 5 分钟才能阅读完成。
环境:
kubernetes: v1.10.4
docker: 17.03.2-ce
私有仓库使用的是 Harbor
我们在 Master 上面创建一个私有凭证
| kubectl create secret docker-registry regsecret \ | |
| --docker-server=<your-registry-server>\ | |
| --docker-username=<your-name>\ | |
| --docker-password=<your-pword> \ | |
| --docker-email=<your-email> |
| 参数 | 说明 |
|---|---|
| regsecret | 此参数作为凭证 id |
| <your-registry-server> | 你的私有仓库地址 |
| <your-name> | 用户名 |
| <your-pword> | 密码 |
| <your-email> |
这里我以阿里云私有仓库为示例, 执行下面的命令创建私有凭证
| kubectl create secret docker-registry regsecret \ | |
| --docker-server=registry.cn-beijing.aliyuncs.com\ | |
| --docker-username=1500698928@qq.com\ | |
| --docker-password= 你的密码 \ | |
| --docker-email=1500698928@qq.com |
查看创建的凭证,输出为 yml
kubectl get secret regsecret --output=yaml
查看创建的凭证,输出为 json
kubectl get secret regsecret --output=json
输出一下信息
| { | |
| "apiVersion": "v1", | |
| "data": {".dockerconfigjson": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}, | |
| "kind": "Secret", | |
| "metadata": { | |
| "creationTimestamp": "2018-06-11T06:25:43Z", | |
| "name": "regsecret", | |
| "namespace": "default", | |
| "resourceVersion": "4543", | |
| "selfLink": "/api/v1/namespaces/default/secrets/regsecret", | |
| "uid": "44dc2b93-6d40-11e8-8136-000c2925c79d" | |
| }, | |
| "type": "kubernetes.io/dockerconfigjson" | |
| } |
该 .dockerconfigjson 字段的值是 Docker 凭据的 base64 表示形式
我们可以通过命令转化为可读格式
kubectl get secret regsecret --output="jsonpath={.data.\.dockerconfigjson}" | base64 -d
输出
{"auths":{"registry.cn-beijing.aliyuncs.com":{"username":"1500698928@qq.com","password":"xxxxxxxx","email":"1500698928@qq.com","auth":"xxxxxx"}}}
在 Pod 中使用凭证
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: private-reg | |
| spec: | |
| containers: | |
| - name: private-reg-container | |
| image: registry.cn-beijing.aliyuncs.com/typ/nginx_alpine:1.1 | |
| imagePullSecrets: | |
| - name: regsecret |
images 换成你私有仓库的镜像
nam:regsecret 是你刚才创建的凭证
通过查看日志可以发现已经成功下载了私有仓库的镜像
| Events: | |
| Type Reason Age From Message | |
| ---- ------ ---- ---- ------- | |
| Normal Scheduled 4m default-scheduler Successfully assigned private-reg to ddu-3 | |
| Normal SuccessfulMountVolume 4m kubelet, ddu-3 MountVolume.SetUp succeeded for volume "default-token-42nsz" | |
| Normal Pulling 4m kubelet, ddu-3 pulling image "registry.cn-beijing.aliyuncs.com/typ/nginx_alpine:1.1" | |
| Normal Pulled 2m kubelet, ddu-3 Successfully pulled image "registry.cn-beijing.aliyuncs.com/typ/nginx_alpine:1.1" |
正文完
