- A+
所属分类:K8S
原因
- K8S部署pod使用私有仓库会导致node出现下载镜像失败
解决办法
- K8S通过添加secret,然后实现pod下载镜像的时候认证
- 步骤
- 创建一个secret
1 2 3 4 5 6 7 8 9 10 11 12 13 |
kubectl create secret docker-registry ali-secret \ --namespace=regress \ --docker-server=registry-vpc.cn-shenzhen.aliyuncs.com \ --docker-username=username \ --docker-password=password \ --docker-email=DOCKER_EMAIL 参数说明: ali-secret:secret名字 --docker-serve:私有仓库地址 --docker-username:私有仓库登录用户名 --docker-password:私有仓库登录密码 --docker-email:登录邮箱(可选) --namespace:指定命名空间 (可选) |
- 查看secret
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
[root@hryj-test ~]# kubectl get secret -n regress NAME TYPE DATA AGE ali-registry kubernetes.io/dockerconfigjson 1 5h default-token-mw48s kubernetes.io/service-account-token 3 75d [root@hryj-test ~]# kubectl get secret ali-registry -n regress -o yaml apiVersion: v1 data: .dockerconfigjson: eyJhdXRocyI6eyJyZWdpc3RyeS12cGMuY24tc2hlbnpoZW4uYWxpeXVuY3MuY29tIjp7InVzZXJuYW1lIjoi6YeN5bqG57qi55Ge6aKQ5a62IiwicGFzc3dvcmQiOiJMeXk5MTAyMDMuIiwiZW1haWwiOiIzNTE5MzcyODdAcXEuY29tIiwiYXV0aCI6IttZZU41YnFHNTdxaTU1R2U2YUtRNWE2Mk9reDVlVGt4TURJd015ND0ifX19 kind: Secret metadata: creationTimestamp: 2019-01-16T08:27:05Z name: ali-registry namespace: regress resourceVersion: "8038710" selfLink: /api/v1/namespaces/regress/secrets/ali-registry uid: 81f2b6c5-1968-11e9-bb7a-00163e0a4a63 type: kubernetes.io/dockerconfigjson |
- Deployment使用
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
--- apiVersion: apps/v1beta1 kind: Deployment metadata: name: user-server-delpoy namespace: regress spec: replicas: 1 selector: matchLabels: app: user-server template: metadata: labels: app: user-server spec: imagePullSecrets: - name: ali-registry containers: - name: user-server image: registry-vpc.cn-shenzhen.aliyuncs.com/test/user-server:20190116151015 ports: - name: server-port containerPort: 10020 #说明,定义如下 #imagePullSecrets: #- name: ali-registry |
- 我的微信
- 这是我的微信扫一扫
- 我的微信公众号
- 我的微信公众号扫一扫