5. Kubernetes集群创建Image Pull Secret

创建ImagePullSecret #

5.1. 登录仓库 #

登录镜像仓库,成功之后会生成如下/root/.docker/config.json文件

{
	"auths": {
		"harbor.hnbcao.tech": {
			"auth": "YWRtaW4******lRlY2g="
		}
	},
	"HttpHeaders": {
		"User-Agent": "Docker-Client/***"
	}
}

5.2. 创建ImagePullSecret #

执行如下命令创建ImagePullSecret

kubectl create secret generic harbor-admin-secret --from-file=.dockerconfigjson=/root/.docker/config.json --type=kubernetes.io/dockerconfigjson --namespace hnbcao-mixing-ore

说明:

  • harbor-admin-secret: ImagePullSecret名字
  • type: 指定secret类型为kubernetes.io/dockerconfigjson
  • namespace:secret命名空间

5.3. 添加ImagePullSecret #

  • Deployment

在配置项的spec.template.spec.imagePullSecrets下添加secret:harbor-admin-secret。例如,Deployment的配置如下:

kind: Deployment
apiVersion: apps/v1
metadata:
  name: app-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/instance: app-test
      app.kubernetes.io/name: hnbcao
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: app-test
        app.kubernetes.io/name: hnbcao
    spec:
      containers:
        - name: hnbcao
          image: nginx
      imagePullSecrets:
        - name: harbor-admin-secret

5.4. 结束 #

附上官网教程:https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/