kubernetes创建的pod默认会从国外拉取镜像,如何使k8s从指定的镜像仓库拉取镜像创建应用?
一、创建secret
命令行方式创建
# kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
例如:
kubectl -n k8s-ecoysystem-apps create secret docker-registry registry-key --docker-server=registry.test.com --docker-username=admin --docker-password=admin123 --docker-email=12563478@qq.com
yaml方式创建
1.在docker服务器上登录镜像仓库
[root@node ~]# docker login registry.test.com Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
2.base64加密/root/.docker/config.json
# cat ~/.docker/config.json | base64
3.编写yaml文件
将上述步骤中经过base64加密的值拷贝到.dockerconfigjson键对应的值位置
# cat myregistrykey.yaml apiVersion: v1 kind: Secret metadata: name: myregistrykey data: .dockerconfigjson: UmVhbGx5IHJlYWxseSByZWVlZWVlZWVlZWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGx5eXl5eXl5eXl5eXl5eXl5eXl5eSBsbGxsbGxsbGxsbGxsbG9vb29vb29vb29vb29vb29vb29vb29vb29vb25ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubmdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2cgYXV0aCBrZXlzCg== type: kubernetes.io/dockerconfigjson
4.创建secret
# kubectl apply -f myregistrykey.yaml
二、使用secret
在部署文件中使用secret
使用方式
imagePullSecrets:
- name: myregistrykey # secret名称
例如:
1.创建Pod资源
# cat nginx-pod.yaml
apiVersion: v1 kind: Pod metadata: name: tomcat spec: containers: - name: tomcat-c image: tomcat imagePullSecrets: - name: myregistrykey
# kubectl apply -f nginx-pod.yaml
2.创建Deployment
# cat nginx-deploy.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: nginx spec: selector: matchLabels: app: nginx replicas: 2 template: metedata: name: nginx labels: app: nginx spec: imagePullSecrets: - name: myregistrykey containers: - name: nginx-c image: nginx imagePullPolicy: Always
# kubectl apply -f nginx-deploy.yaml