导航：首页 > 服务器 >

kubernetes 拉取私有镜像 imagepullsecrets

发表于：2024-10-28 作者：千家信息网编辑

千家信息网最后更新 2024年10月28日，1. kubernetes 拉取私有镜像的测试创建secret(创建方式有两钟，一种使用命令，第二种使用文件)下面我的私有仓库如下:reg.k8s.test.comureg.k8s.test.coma

千家信息网最后更新 2024年10月28日kubernetes 拉取私有镜像 imagepullsecrets

1. kubernetes 拉取私有镜像的测试

创建secret(创建方式有两钟，一种使用命令，第二种使用文件)

下面我的私有仓库如下:

reg.k8s.test.com
ureg.k8s.test.com

a. 修改`docker`的`/etc/docker/daemon.json`文件

在所有的node节点中修改docker的/etc/docker/daemon.json文件修改insecure-registries参数。必须包含上面上面私有仓库的地址：

{"registry-mirrors": [ "https://registry.docker-cn.com"],"insecure-registries":["reg.k8s.test.com","ureg.k8s.test.com","uhub.service.ucloud.cn"]}

重启 docker 服务

systemctl restart docker

### 方法1. 使用文件生成secret

生成`~/.docker/config.json`配置文件

[root@ip-172-31-10-110 ~]# docker login reg.k8s.test.comUsername: lvnianPassword:                       <输入密码>WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded[root@ip-172-31-10-110 ~]# [root@ip-172-31-10-110 ~]# docker login ureg.k8s.test.comUsername: lvnianPassword:                       <输入密码>WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded[root@ip-172-31-10-110 ~]# ll ~/.docker/config.json -rw------- 1 root root 261 Nov  8 13:21 /root/.docker/config.json

测试密码是否成功,往私有仓库push images

[root@ip-172-31-10-110 ~]# docker pull nginxUsing default tag: latestlatest: Pulling from library/nginxf17d81b4b692: Pull complete 82dca86e04c3: Pull complete 046ccb106982: Pull complete Digest: sha256:d59a1aa7866258751a261bae525a1842c7ff0662d4f34a355d5f36826abc0341Status: Downloaded newer image for nginx:latest[root@ip-172-31-10-110 ~]# docker tag nginx ureg.k8s.test.com/test/nginx[root@ip-172-31-10-110 ~]# docker push ureg.k8s.test.com/test/nginxThe push refers to repository [ureg.k8s.test.com/test/nginx]ad9ac0e6043b: Pushed 6ccbee34dd10: Pushed 237472299760: Pushed latest: digest: sha256:427498d66ad8a3437939bb7ef613fe76458b550f6c43b915d8d4471c7d34a544 size: 948[root@ip-172-31-10-110 ~]# docker tag nginx reg.k8s.test.com/test/nginx[root@ip-172-31-10-110 ~]# docker push reg.k8s.test.com/test/nginxThe push refers to repository [reg.k8s.test.com/test/nginx]ad9ac0e6043b: Layer already exists 6ccbee34dd10: Layer already exists 237472299760: Layer already exists latest: digest: sha256:427498d66ad8a3437939bb7ef613fe76458b550f6c43b915d8d4471c7d34a544 size: 948

密码没问题
获取base64 -w 0 ~/.docker/config.json密文

[root@ip-172-31-10-110 ~]# base64 -w 0 ~/.docker/config.jsonewoJImF1dGhjNWdlpHVnVaenB5Wld4aFFFeFdUa2xCVGtBeU1ERTMiCgkJfSwKCQkidXJlZy5rOHMueXVud2VpLnJlbGEubWUiOiB7CgkJCSJhdXRoIjogIloyRnZaM1Z2WkdWdVp6cHlaV3hoUUV4V1RrbEJUa0F5TURFMyIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDYuMS1jZSAobGludXgpIgoJfQp9[root@ip-172-31-10-110 ~]#

创建Secret

### vim secret.yamlapiVersion: v1kind: Secretmetadata:  name: regsecret  namespace: defaultdata:    .dockerconfigjson: ewoJImF1dGhjNWdlpHVnVaenB5Wld4aFFFeFdUa2xCVGtBeU1ERTMiCgkJfSwKCQkidXJlZy5rOHMueXVud2VpLnJlbGEubWUiOiB7CgkJCSJhdXRoIjogIloyRnZaM1Z2WkdWdVp6cHlaV3hoUUV4V1RrbEJUa0F5TURFMyIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDYuMS1jZSAobGludXgpIgoJfQp9type: kubernetes.io/dockerconfigjson

kubectl create -f secret.yaml \
kubectl describe Secret regsecret

创建deployment测试是否可以拉私有仓库的镜像

[root@ip-172-31-10-110 ~]#  vim test.yamlapiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: dentestreplcespec:  replicas: 1  template:    metadata:      labels:        name: dentestreplace    spec:      containers:      - name: dentestreplace         imagePullPolicy: Always        image: ureg.k8s.test.com/rela_dev/logreport:latest      imagePullSecrets:      - name: regsecret

[root@ip-172-31-10-110 ~]# kubectl create -f test.yaml[root@ip-172-31-10-110 ~]# kubectl describe po/dentestreplce-6f788968fb-dr768 ...Volumes:  default-token-tfmc8:    Type:        Secret (a volume populated by a Secret)    SecretName:  default-token-tfmc8    Optional:    falseQoS Class:       BestEffortNode-Selectors:  Tolerations:     Events:  Type    Reason                 Age   From                    Message  ----    ------                 ----  ----                    -------  Normal  Scheduled              57s   default-scheduler       Successfully assigned dentestreplce-6f788968fb-dr768 to 172.31.40.120  Normal  SuccessfulMountVolume  57s   kubelet, 172.31.40.120  MountVolume.SetUp succeeded for volume "default-token-tfmc8"  Normal  Pulling                57s   kubelet, 172.31.40.120  pulling image "ureg.k8s.test.com/rela_dev/logreport:latest"  Normal  Pulled                 15s   kubelet, 172.31.40.120  Successfully pulled image "ureg.k8s.test.com/rela_dev/logreport:latest"  Normal  Created                15s   kubelet, 172.31.40.120  Created container  Normal  Started                15s   kubelet, 172.31.40.120  Started container[root@ip-172-31-10-110 ~]#

查看结果，成功。上面是使用第一个私有仓库，第二个的测试也是一样。
注意，必须要确保私有仓库中本来就有ureg.k8s.test.com/rela_dev/logreport:latest这个image哦

另外一个私有参考也是一样这样测试即可。

方法2:

使用命令创建Secret
命令如下：

kubectl create secret docker-registry regsecret --docker-server=ureg.k8s.test.com --docker-username=lvnian --docker-password=LVNIAN@2017 --docker-email=lvnian@rela.me

其中:

regsecret: 指定密钥的键名称, 可自行定义--docker-server: 指定docker仓库地址--docker-username: 指定docker仓库账号--docker-password: 指定docker仓库密码--docker-email: 指定邮件地址-n : 命名空间，在那个命名空间创建，就只能在那个命名空间使用这个secret

其他步骤和上面的一样。

很赞哦！