基于已有docker 密钥创建secret

  • 首先通过docker login 获取docker登录信息
  1. docker login --username=[username]
  • 创建secret存储credentials(注意替换config.json文件路径)
  1. kubectl create secret generic regcred \
  2.     --from-file=.dockerconfigjson=<path/to/.docker/config.json> \
  3.     --type=kubernetes.io/dockerconfigjson
  • 在部署中使用secret
  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   name: private-reg
  5. spec:
  6.   containers:
  7.   - name: private-reg-container
  8.     image: <your-private-image>
  9.   imagePullSecrets:
  10.   - name: regcred

直接通过yaml配置文件创建secret

注意修改namespace, 其中dockerconfigjson内容是经过base64 编码过的

  2. apiVersion: v1
  3. data:
  4.   .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJjY3IuY2NzLnRlbmNlbnR5dW4uY29tIjogewoJCQkiYXV0aCI6ICJNVEF3TURBME1qSTRNekUwT25kdmNtdG9kV0l0TWpBeE5nPT0iCgkJfSwKCQkicmVnaXN0cnkuY24taGFuZ3pob3UuYWxpeXVuY3MuY29tIjogewoJCQkiYXV0aCI6ICJkMjl5YTJoMVlqcGtiMk5yWlhJdGQyOXlhMmgxWWkweU1ERTUiCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXItQ2xpZW50LzE4LjA5LjIgKGxpbnV4KSIKCX0KfQ==
  5. kind: Secret
  6. metadata:
  7.   name: regcred
  8.   namespace: custom
  9. type: kubernetes.io/dockerconfigjson

refs

Pull an Image from a Private Registry

瓦雀