标签:name harbor cicd 凭据 -- ubuntu pod docker
1. 配置secret
kubectl create secret docker-registry harbor-registry-creds --docker-server="https://harbor.dreame.tech" [email protected] --docker-username='ci_autobuild' --docker-password='7cmTieZ3L7RURZ' -n ci-test
注意:这里用户一定要有这个镜像的访问权限。
2. 使用secret去拉取镜像
# 实例:与containers平级
imagePullSecrets:
- name: harbor-registry-creds #添加刚才配置的凭据
apiVersion: apps/v1
kind: Deployment
metadata:
name: cicd-ubuntu
namespace: ci-test
labels:
app: cicd-ubuntu
spec:
replicas: 3
selector:
matchLabels:
app: cicd-ubuntu
template:
metadata:
labels:
app: cicd-ubuntu
spec:
volumes:
- name: mypd
persistentVolumeClaim:
claimName: cicd
containers:
- name: cicd
image: harbor.dreame.tech/devops/wangkang/ci_base:V2
command: ["/usr/bin/tail"]
args: ["-f", "/etc/hosts"]
resources:
limits:
cpu: '1'
memory: 1Gi
volumeMounts:
- name: mypd
mountPath: /home/ujenkins
imagePullSecrets:
- name: harbor-registry-creds #添加刚才配置的凭据
nodeSelector:
storagenode: cicd
tolerations:
- key: "cicd"
operator: "Equal"
value: "schedulable"
effect: "NoSchedule"
# affinity:
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: cicd
# operator: In
# values:
# - schedulable
参数: imagePullSecrets
标签:name,
harbor,
cicd,
凭据,
--,
ubuntu,
pod,
docker
From: https://www.cnblogs.com/Mercury-linux/p/17067630.html