ImagePullSecret

直接使用ImagePullSecret

创建ImagePullSecret

有两种方法可以创建ImagePullSecret

  • 方法一:通过用户名与密码

执行如下命令,通过用户名与密码创建Secret

$ kubectl create secret docker-registry <name> --docker-server <registry-server> --docker-username <username> --docker-password <password> [--docker-email <email>]

比如我们创建一个Secret,用来保存用户在腾讯云的镜像仓库凭证(用户名:100002518402,密码:Love1314

$ kubectl create secret docker-registry tencent --docker-server ccr.ccs.tencentyun.com --docker-username 100002518402 --docker-password Love1314

查看该Secret的内容

$ kubectl get secret tencent -o yaml
apiVersion: v1
kind: Secret
metadata:
  name: tencent
  namespace: default
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: eyJhdXRocyI6eyJjY3IuY2NzLnRlbmNlbnR5dW4uY29tIjp7InVzZXJuYW1lIjoiMTAwMDAyNTE4NDAyIiwicGFzc3dvcmQiOiJMb3ZlMTMxNCIsImF1dGgiOiJNVEF3TURBeU5URTROREF5T2t4dmRtVXhNekUwIn19fQ==

我们对.dockerconfigjson的值进行base64解码,内容如下:

$ echo -n "eyJhdXRocyI6eyJjY3IuY2NzLnRlbmNlbnR5dW4uY29tIjp7InVzZXJuYW1lIjoiMTAwMDAyNTE4NDAyIiwicGFzc3dvcmQiOiJMb3ZlMTMxNCIsImF1dGgiOiJNVEF3TURBeU5URTROREF5T2t4dmRtVXhNekUwIn19fQ==" | base64 -d
{"auths":{"ccr.ccs.tencentyun.com":{"username":"100002518402","password":"Love1314","auth":"MTAwMDAyNTE4NDAyOkxvdmUxMzE0"}}}
  • 方法二:通过credential来创建Secret

(暂时不需要)

使用ImagePullSecret

接下来就可以在Pod中使用这个Secret来下载镜像

apiVersion: apps/v1
kind: Deployment
metadata:
  name: tomcat
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tomcat
  template:
    metadata:
      labels:
        app: tomcat
    spec:
      imagePullSecrets:
      - name: tencent
      containers:
      - name: container1
        image: ccr.ccs.tencentyun.com/pshizh/tomcat:8

通过ServiceAccount

Last updated

Was this helpful?