本文共 5498 字,大约阅读时间需要 18 分钟。
创建secret(创建方式有两钟,一种使用命令,第二种使用文件)
下面我的私有仓库如下:
docker的/etc/docker/daemon.json文件在所有的node节点中修改docker的/etc/docker/daemon.json文件修改insecure-registries参数。必须包含上面上面私有仓库的地址:
{"registry-mirrors": [ "https://registry.docker-cn.com"],"insecure-registries":["reg.k8s.test.com","ureg.k8s.test.com","uhub.service.ucloud.cn"]} 重启 docker 服务
systemctl restart docker
### 方法1. 使用文件生成secret
~/.docker/config.json配置文件[root@ip-172-31-10-110 ~]# docker login reg.k8s.test.comUsername: lvnianPassword: <输入密码> WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded[root@ip-172-31-10-110 ~]# [root@ip-172-31-10-110 ~]# docker login ureg.k8s.test.comUsername: lvnianPassword: <输入密码> WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded[root@ip-172-31-10-110 ~]# ll ~/.docker/config.json -rw------- 1 root root 261 Nov 8 13:21 /root/.docker/config.json
测试密码是否成功,往私有仓库push images
[root@ip-172-31-10-110 ~]# docker pull nginxUsing default tag: latestlatest: Pulling from library/nginxf17d81b4b692: Pull complete 82dca86e04c3: Pull complete 046ccb106982: Pull complete Digest: sha256:d59a1aa7866258751a261bae525a1842c7ff0662d4f34a355d5f36826abc0341Status: Downloaded newer image for nginx:latest[root@ip-172-31-10-110 ~]# docker tag nginx ureg.k8s.test.com/test/nginx[root@ip-172-31-10-110 ~]# docker push ureg.k8s.test.com/test/nginxThe push refers to repository [ureg.k8s.test.com/test/nginx]ad9ac0e6043b: Pushed 6ccbee34dd10: Pushed 237472299760: Pushed latest: digest: sha256:427498d66ad8a3437939bb7ef613fe76458b550f6c43b915d8d4471c7d34a544 size: 948[root@ip-172-31-10-110 ~]# docker tag nginx reg.k8s.test.com/test/nginx[root@ip-172-31-10-110 ~]# docker push reg.k8s.test.com/test/nginxThe push refers to repository [reg.k8s.test.com/test/nginx]ad9ac0e6043b: Layer already exists 6ccbee34dd10: Layer already exists 237472299760: Layer already exists latest: digest: sha256:427498d66ad8a3437939bb7ef613fe76458b550f6c43b915d8d4471c7d34a544 size: 948
密码没问题
获取base64 -w 0 ~/.docker/config.json密文 [root@ip-172-31-10-110 ~]# base64 -w 0 ~/.docker/config.jsonewoJImF1dGhjNWdlpHVnVaenB5Wld4aFFFeFdUa2xCVGtBeU1ERTMiCgkJfSwKCQkidXJlZy5rOHMueXVud2VpLnJlbGEubWUiOiB7CgkJCSJhdXRoIjogIloyRnZaM1Z2WkdWdVp6cHlaV3hoUUV4V1RrbEJUa0F5TURFMyIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDYuMS1jZSAobGludXgpIgoJfQp9[root@ip-172-31-10-110 ~]#
### vim secret.yamlapiVersion: v1kind: Secretmetadata: name: regsecret namespace: defaultdata: .dockerconfigjson: ewoJImF1dGhjNWdlpHVnVaenB5Wld4aFFFeFdUa2xCVGtBeU1ERTMiCgkJfSwKCQkidXJlZy5rOHMueXVud2VpLnJlbGEubWUiOiB7CgkJCSJhdXRoIjogIloyRnZaM1Z2WkdWdVp6cHlaV3hoUUV4V1RrbEJUa0F5TURFMyIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDYuMS1jZSAobGludXgpIgoJfQp9type: kubernetes.io/dockerconfigjson
kubectl create -f secret.yaml \
kubectl describe Secret regsecret
[root@ip-172-31-10-110 ~]# vim test.yamlapiVersion: extensions/v1beta1kind: Deploymentmetadata: name: dentestreplcespec: replicas: 1 template: metadata: labels: name: dentestreplace spec: containers: - name: dentestreplace imagePullPolicy: Always image: ureg.k8s.test.com/rela_dev/logreport:latest imagePullSecrets: - name: regsecret
[root@ip-172-31-10-110 ~]# kubectl create -f test.yaml[root@ip-172-31-10-110 ~]# kubectl describe po/dentestreplce-6f788968fb-dr768 ...Volumes: default-token-tfmc8: Type: Secret (a volume populated by a Secret) SecretName: default-token-tfmc8 Optional: falseQoS Class: BestEffortNode-Selectors:Tolerations: Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 57s default-scheduler Successfully assigned dentestreplce-6f788968fb-dr768 to 172.31.40.120 Normal SuccessfulMountVolume 57s kubelet, 172.31.40.120 MountVolume.SetUp succeeded for volume "default-token-tfmc8" Normal Pulling 57s kubelet, 172.31.40.120 pulling image "ureg.k8s.test.com/rela_dev/logreport:latest" Normal Pulled 15s kubelet, 172.31.40.120 Successfully pulled image "ureg.k8s.test.com/rela_dev/logreport:latest" Normal Created 15s kubelet, 172.31.40.120 Created container Normal Started 15s kubelet, 172.31.40.120 Started container[root@ip-172-31-10-110 ~]#
查看结果,成功。上面是使用第一个私有仓库,第二个的测试也是一样。
注意,必须要确保私有仓库中本来就有ureg.k8s.test.com/rela_dev/logreport:latest这个image哦 另外一个私有参考也是一样这样测试即可。
使用命令创建Secret
命令如下:kubectl create secret docker-registry regsecret --docker-server=ureg.k8s.test.com --docker-username=lvnian --docker-password=LVNIAN@2017 --docker-email=lvnian@rela.me
其中:
regsecret: 指定密钥的键名称, 可自行定义--docker-server: 指定docker仓库地址--docker-username: 指定docker仓库账号--docker-password: 指定docker仓库密码--docker-email: 指定邮件地址-n : 命名空间,在那个命名空间创建,就只能在那个命名空间使用这个secret
其他步骤和上面的一样。
转载于:https://blog.51cto.com/lvnian/2314456