ImagePullSecret
直接使用ImagePullSecret
创建ImagePullSecret
有两种方法可以创建ImagePullSecret
方法一:通过用户名与密码
执行如下命令,通过用户名与密码创建Secret
$ kubectl create secret docker-registry <name> --docker-server <registry-server> --docker-username <username> --docker-password <password> [--docker-email <email>]
比如我们创建一个Secret,用来保存用户在腾讯云的镜像仓库凭证(用户名:100002518402
,密码:Love1314
)
$ kubectl create secret docker-registry tencent --docker-server ccr.ccs.tencentyun.com --docker-username 100002518402 --docker-password Love1314
查看该Secret的内容
$ kubectl get secret tencent -o yaml
apiVersion: v1
kind: Secret
metadata:
name: tencent
namespace: default
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: eyJhdXRocyI6eyJjY3IuY2NzLnRlbmNlbnR5dW4uY29tIjp7InVzZXJuYW1lIjoiMTAwMDAyNTE4NDAyIiwicGFzc3dvcmQiOiJMb3ZlMTMxNCIsImF1dGgiOiJNVEF3TURBeU5URTROREF5T2t4dmRtVXhNekUwIn19fQ==
我们对.dockerconfigjson
的值进行base64解码,内容如下:
$ echo -n "eyJhdXRocyI6eyJjY3IuY2NzLnRlbmNlbnR5dW4uY29tIjp7InVzZXJuYW1lIjoiMTAwMDAyNTE4NDAyIiwicGFzc3dvcmQiOiJMb3ZlMTMxNCIsImF1dGgiOiJNVEF3TURBeU5URTROREF5T2t4dmRtVXhNekUwIn19fQ==" | base64 -d
{"auths":{"ccr.ccs.tencentyun.com":{"username":"100002518402","password":"Love1314","auth":"MTAwMDAyNTE4NDAyOkxvdmUxMzE0"}}}
方法二:通过credential来创建Secret
(暂时不需要)
使用ImagePullSecret
接下来就可以在Pod中使用这个Secret来下载镜像
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat
spec:
replicas: 1
selector:
matchLabels:
app: tomcat
template:
metadata:
labels:
app: tomcat
spec:
imagePullSecrets:
- name: tencent
containers:
- name: container1
image: ccr.ccs.tencentyun.com/pshizh/tomcat:8
通过ServiceAccount
Last updated
Was this helpful?