环境:k8s、centos7
1、创建前先查看secrets
[root@k8s-master ~]# kubectl get secrets -n test-project NAME TYPE DATA AGE default-token-56q6l kubernetes.io/service-account-token 3 340d harbor-234 kubernetes.io/dockerconfigjson 1 287d s2irun-token-jdslt kubernetes.io/service-account-token 3 285d
2、k8s创建secrets命令模板
kubectl create secret docker-registry NAME --docker-username=user --docker-password=password --docker-email=email
[root@k8s-master ~]# kubectl create secret docker-registry harbor-secretname242 --docker-server=chinapopin.com:18443 --docker-username=username --docker-password=passwd -n test-project secret/harbor-secretname242 created [root@k8s-master ~]# kubectl get secrets -n test-project NAME TYPE DATA AGE default-token-56q6l kubernetes.io/service-account-token 3 340d harbor-234 kubernetes.io/dockerconfigjson 1 287d harbor-secretname242 kubernetes.io/dockerconfigjson 1 55s s2irun-token-jdslt kubernetes.io/service-account-token 3 285d [root@k8s-master tmp]# kubectl describe secrets harbor-secretname242 -n test-project Name: harbor-secretname242 Namespace: test-project Labels: <none> Annotations: <none> Type: kubernetes.io/dockerconfigjson Data ==== .dockerconfigjson: 108 bytes
3、配置yaml,通过secret获取images
[root@master1 machine-tool]# vi nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: machine-tool
spec:
containers:
- name: nginx
image: chinapopin.com:18443/ezczwy/ssh-centos7:latest
command:
- top
- '-b'
imagePullSecrets:
- name: harbor-242