内容简介:创建secret(创建方式有两钟,一种使用命令,第二种使用文件)下面我的私有仓库如下:在所有的
1. kubernetes 拉取私有镜像的测试
创建secret(创建方式有两钟,一种使用命令,第二种使用文件)
下面我的私有仓库如下:
- reg.k8s.test.com
- ureg.k8s.test.com
a. 修改 docker
的 /etc/docker/daemon.json
文件
在所有的 node
节点中修改 docker
的 /etc/docker/daemon.json
文件修改 insecure-registries
参数。必须包含上面上面私有仓库的地址:
{
"registry-mirrors": [ "https://registry.docker-cn.com"],
"insecure-registries":["reg.k8s.test.com","ureg.k8s.test.com","uhub.service.ucloud.cn"]
}
重启 docker
服务
systemctl restart docker
### 方法1. 使用文件生成secret
生成 ~/.docker/config.json
配置文件
[root@ip-172-31-10-110 ~]# docker login reg.k8s.test.com Username: lvnian Password: <输入密码> WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@ip-172-31-10-110 ~]# [root@ip-172-31-10-110 ~]# docker login ureg.k8s.test.com Username: lvnian Password: <输入密码> WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@ip-172-31-10-110 ~]# ll ~/.docker/config.json -rw------- 1 root root 261 Nov 8 13:21 /root/.docker/config.json
测试密码是否成功,往私有仓库 push images
[root@ip-172-31-10-110 ~]# docker pull nginx Using default tag: latest latest: Pulling from library/nginx f17d81b4b692: Pull complete 82dca86e04c3: Pull complete 046ccb106982: Pull complete Digest: sha256:d59a1aa7866258751a261bae525a1842c7ff0662d4f34a355d5f36826abc0341 Status: Downloaded newer image for nginx:latest [root@ip-172-31-10-110 ~]# docker tag nginx ureg.k8s.test.com/test/nginx [root@ip-172-31-10-110 ~]# docker push ureg.k8s.test.com/test/nginx The push refers to repository [ureg.k8s.test.com/test/nginx] ad9ac0e6043b: Pushed 6ccbee34dd10: Pushed 237472299760: Pushed latest: digest: sha256:427498d66ad8a3437939bb7ef613fe76458b550f6c43b915d8d4471c7d34a544 size: 948 [root@ip-172-31-10-110 ~]# docker tag nginx reg.k8s.test.com/test/nginx [root@ip-172-31-10-110 ~]# docker push reg.k8s.test.com/test/nginx The push refers to repository [reg.k8s.test.com/test/nginx] ad9ac0e6043b: Layer already exists 6ccbee34dd10: Layer already exists 237472299760: Layer already exists latest: digest: sha256:427498d66ad8a3437939bb7ef613fe76458b550f6c43b915d8d4471c7d34a544 size: 948
密码没问题
获取 base64 -w 0 ~/.docker/config.json
密文
[root@ip-172-31-10-110 ~]# base64 -w 0 ~/.docker/config.json ewoJImF1dGhjNWdlpHVnVaenB5Wld4aFFFeFdUa2xCVGtBeU1ERTMiCgkJfSwKCQkidXJlZy5rOHMueXVud2VpLnJlbGEubWUiOiB7CgkJCSJhdXRoIjogIloyRnZaM1Z2WkdWdVp6cHlaV3hoUUV4V1RrbEJUa0F5TURFMyIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDYuMS1jZSAobGludXgpIgoJfQp9[root@ip-172-31-10-110 ~]#
创建Secret
### vim secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: regsecret
namespace: default
data:
.dockerconfigjson: ewoJImF1dGhjNWdlpHVnVaenB5Wld4aFFFeFdUa2xCVGtBeU1ERTMiCgkJfSwKCQkidXJlZy5rOHMueXVud2VpLnJlbGEubWUiOiB7CgkJCSJhdXRoIjogIloyRnZaM1Z2WkdWdVp6cHlaV3hoUUV4V1RrbEJUa0F5TURFMyIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDYuMS1jZSAobGludXgpIgoJfQp9
type: kubernetes.io/dockerconfigjson
kubectl create -f secret.yaml \ kubectl describe Secret regsecret
创建deployment测试是否可以拉私有仓库的镜像
[root@ip-172-31-10-110 ~]# vim test.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: dentestreplce
spec:
replicas: 1
template:
metadata:
labels:
name: dentestreplace
spec:
containers:
- name: dentestreplace
imagePullPolicy: Always
image: ureg.k8s.test.com/rela_dev/logreport:latest
imagePullSecrets:
- name: regsecret
[root@ip-172-31-10-110 ~]# kubectl create -f test.yaml
[root@ip-172-31-10-110 ~]# kubectl describe po/dentestreplce-6f788968fb-dr768
...
Volumes:
default-token-tfmc8:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-tfmc8
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 57s default-scheduler Successfully assigned dentestreplce-6f788968fb-dr768 to 172.31.40.120
Normal SuccessfulMountVolume 57s kubelet, 172.31.40.120 MountVolume.SetUp succeeded for volume "default-token-tfmc8"
Normal Pulling 57s kubelet, 172.31.40.120 pulling image "ureg.k8s.test.com/rela_dev/logreport:latest"
Normal Pulled 15s kubelet, 172.31.40.120 Successfully pulled image "ureg.k8s.test.com/rela_dev/logreport:latest"
Normal Created 15s kubelet, 172.31.40.120 Created container
Normal Started 15s kubelet, 172.31.40.120 Started container
[root@ip-172-31-10-110 ~]#
查看结果,成功。上面是使用第一个私有仓库,第二个的测试也是一样。
注意,必须要确保私有仓库中本来就有 ureg.k8s.test.com/rela_dev/logreport:latest
这个image哦
另外一个私有参考也是一样这样测试即可。
方法2:
使用命令创建Secret
命令如下:
kubectl create secret docker-registry regsecret --docker-server=ureg.k8s.test.com --docker-username=lvnian --docker-password=LVNIAN@2017 --docker-email=lvnian@rela.me
其中:
regsecret: 指定密钥的键名称, 可自行定义 --docker-server: 指定 docker 仓库地址 --docker-username: 指定docker仓库账号 --docker-password: 指定docker仓库密码 --docker-email: 指定邮件地址 -n : 命名空间,在那个命名空间创建,就只能在那个命名空间使用这个secret
其他步骤和上面的一样。
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:
- Docker: 上传镜像至私有仓库
- 私有 Docker Registry 删除镜像
- 手动搭建Docker本地私有镜像仓库
- 在Kubernetes中pull私有镜像
- Kunbernetes-基于Nexus构建私有镜像仓库
- OpenStack搭建企业私有云 二:镜像服务(持续更新...)
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
