参考地址:https://www.cnblogs.com/wayneiscoming/p/7716238.html 1、在harbor的ui界面上注册一个账号 姓名:zihao 全名:zhuzihao 密码:Zihao@5tgb 邮箱:15613691030@163.com 2、在需要下载镜像的机器上,同样需要修改docker进程参数(跟上传镜像到私有仓库一样操作进行修改) 在node节点配置: [root@reg harbor]# vi /etc/docker/daemon.json { "registry-mirrors": ["https://wb2g6zxl.mirror.aliyuncs.com"],"insecure-registries": ["192.168.43.65:5000"]} [root@reg harbor]# systemctl restart docker 3、在node节点验证登录harbor主机 [root@lab2 ~]# docker login 192.168.43.65:5000 Username (zihao): zihao Password: Login Succeeded [root@lab2 ~]# docker logout Not logged in to https://index.docker.io/v1/ 4、配置私有仓库harbor的secret 在harbor这台上先登录,输入docker login登陆成功后,会在 /root/.docker/ 目标下生成一个 config.json 文件 [root@reg harbor]# docker login 192.168.43.65:5000 Username (admin): admin Password: Login Succeeded [root@reg harbor]# ls /root/.docker/ config.json [root@reg harbor]# cat /root/.docker/config.json { "auths": { "192.168.43.65:5000": { "auth": "YWRtaW46SGFyYm9yMTIzNDU=" }, "wb2g6zxl.mirror.aliyuncs.com": { "auth": "YWRtaW46SGFyYm9yMTIzNDU=" } } } 创建secret 准备: kubectl create secret docker-registry registry-secret --namespace=default --docker-server=192.168.43.65:5000 --docker-username=zihao --docker-password=Zihao@5tgb --docker-email=15613691030@163.com 创建: [root@lab2 nginx-harbor]# kubectl create secret docker-registry registry-secret --namespace=default > --docker-server=192.168.43.65:5000 --docker-username=zihao > --docker-password=Zihao@5tgb --docker-email=15613691030@163.com 查看secret [root@lab2 nginx-harbor]# kubectl get secret NAME TYPE DATA AGE default-token-czfbg kubernetes.io/service-account-token 3 21d registry-secret kubernetes.io/dockerconfigjson 1 1h 删除secret [root@lab2 nginx-harbor]# kubectl delete secret registry-secret secret "registry-secret" deleted 5、在k8s的node节点中使用yaml拉取镜像 注意: image不要写成 http:// 这样无法拉取镜像 下面两句不写也可以 imagePullSecrets: - name: registry-secret spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: http-test-con image: 192.168.43.65:5000/library/nginx/latest:latest imagePullPolicy: Always ports: - containerPort: 80 imagePullSecrets: - name: registry-secret 测试: [root@lab2 nginx-harbor]# vi http-test.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: http-test-dm2 spec: replicas: 1 template: metadata: labels: name: http-test-dm2 spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: http-test-con image: 192.168.43.65:5000/library/nginx/latest:latest imagePullPolicy: Always ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: http-nginx-ser spec: type: NodePort ports: - port: 80 nodePort: 30000 targetPort: 80 selector: name: http-test-dm2 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: grafana spec: rules: - host: www.nginx2.com http: paths: - path: / backend: serviceName: http-nginx-ser servicePort: 80 [root@lab2 nginx-harbor]# kubectl create -f http-test.yaml [root@lab2 nginx-harbor]# kubectl get po NAME READY STATUS RESTARTS AGE http-test-dm2-7f9c4fd896-jkkrx 1/1 Running 0 8m