从私有仓库拉取镜像

参考文献: https://kubernetes.io/zh/docs/tasks/configure-pod-container/pull-image-private-registry/

在集群中创建保存授权令牌的 Secret

  1. Create Secret
kubectl create secret docker-registry yyy-regcred \
    --docker-server=registry.cn-hangzhou.aliyuncs.com \
    --docker-username=****@aliyun.com \
    --docker-password=**** \
    --docker-email=****@aliyun.com
## output -> secret/yyy-regcred created
  1. 获取凭证
kubectl get secret yyy-regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode

输出和下面类似:

{"auths":{"registry.cn-hangzhou.aliyuncs.com":{"username":"****@aliyun.com","password":"****","email":"****@aliyun.com","auth":"****"}}}
  1. Store Secret to .dockerconfigjson file

  2. kustomization.yaml 中使用它

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - backend/deployment.yaml

secretGenerator:
  - name: regcred
    files:
      - .dockerconfigjson
    type: kubernetes.io/dockerconfigjson
  1. deployment 或者 pod 中使用
apiVersion: v1
kind: deployment 
metadata:
  name: php
spec:
  containers:
  - name: private-reg-container
    image: 
  imagePullSecrets:
  - name: regcred