参考文献: https://kubernetes.io/zh/docs/tasks/configure-pod-container/pull-image-private-registry/
在集群中创建保存授权令牌的 Secret
- Create Secret
kubectl create secret docker-registry yyy-regcred \
--docker-server=registry.cn-hangzhou.aliyuncs.com \
--docker-username=****@aliyun.com \
--docker-password=**** \
--docker-email=****@aliyun.com
## output -> secret/yyy-regcred created
- 获取凭证
kubectl get secret yyy-regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
输出和下面类似:
{"auths":{"registry.cn-hangzhou.aliyuncs.com":{"username":"****@aliyun.com","password":"****","email":"****@aliyun.com","auth":"****"}}}
Store Secret to
.dockerconfigjson
file在
kustomization.yaml
中使用它
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- backend/deployment.yaml
secretGenerator:
- name: regcred
files:
- .dockerconfigjson
type: kubernetes.io/dockerconfigjson
- 在
deployment
或者pod
中使用
apiVersion: v1
kind: deployment
metadata:
name: php
spec:
containers:
- name: private-reg-container
image:
imagePullSecrets:
- name: regcred