许吉友 - 运维

从私有仓库拉取镜像

文档地址:https://kubernetes.io/zh/docs/tasks/configure-pod-container/pull-image-private-registry/

$ docker login
$ cat ~/.docker/config.json
{
    "auths": {
        "https://index.docker.io/v1/": {
            "auth": "aGFja3NvdWw6WHVqaXlvdS4xOTk3MTExOA=="
        }
    },
    "HttpHeaders": {
        "User-Agent": "Docker-Client/19.03.5 (linux)"
    }
}
$ kubectl create secret docker-registry regcred --docker-server=hub.docker.com --docker-username=hacksoul --docker-password=Xujiyou.19971118 --docker-email=552003271@qq.com
$ kubectl get secret regcred --output=yaml
$ kubectl get secret regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
apiVersion: v1
data:
  .dockerconfigjson: eyJhdXRocyI6eyJodWIuZG9ja2VyLmNvbSI6eyJ1c2VybmFtZSI6ImhhY2tzb3VsIiwicGFzc3dvcmQiOiJYdWppeW91LjE5OTcxMTE4IiwiZW1haWwiOiI1NTIwMDMyNzFAcXEuY29tIiwiYXV0aCI6ImFHRmphM052ZFd3NldIVnFhWGx2ZFM0eE9UazNNVEV4T0E9PSJ9fX0=
kind: Secret
metadata:
  creationTimestamp: "2020-01-28T06:10:51Z"
  name: regcred
  namespace: default
  resourceVersion: "2083203"
  selfLink: /api/v1/namespaces/default/secrets/regcred
  uid: c40c639b-0eb8-4d9e-936a-e63c39c2f488
type: kubernetes.io/dockerconfigjson
$ kubectl get secret regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
{"auths":{"hub.docker.com":{"username":"hacksoul","password":"Xujiyou.19971118","email":"552003271@qq.com","auth":"aGFja3NvdWw6WHVqaXlvdS4xOTk3MTExOA=="}}}
$ echo "aGFja3NvdWw6WHVqaXlvdS4xOTk3MTExOA==" | base64 --decode
hacksoul:Xujiyou.19971118

注意,Secret 数据包含与本地 ~/.docker/config.json 文件类似的授权令牌。

这样您就已经成功地将 Docker 凭据设置为集群中的名为 regcred 的 Secret。

private-reg-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: private-reg
spec:
  containers:
    - name: private-reg-container
      image: hacksoul/coredns:1.6.2
  imagePullSecrets:
    - name: regcred