1.K8S在默认情况下只能拉取Harbor仓库中的公有镜像,拉取私有镜像会报错:ErrImagePull 或 ImagePullBackOff
2.在每台服务器上配置harbor的地址,修改或创建/etc/docker/daemon.json文件,加入以下配置:
[root@k8s-master01 k8s]# cat /etc/docker/daemon.json
{
"registry-mirrors":["https://docker.mirrors.ustc.edu.cn/"],
"exec-opts":["native.cgroupdriver=systemd"],
"insecure-registries": ["192.168.30.107:5012"]
}
3.登录harbor
docker login http://192.168.30.107:5012
4.查看秘钥:
cat /root/.docker/config.json
{
"auths": {
"192.168.30.107:5012": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
}
5.将密钥进行base64加密:
cat /root/.docker/config.json | base64 -w 0
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjMwLjEwNzo1MDEyIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfQp9
6.创建 harbor_secret.yaml 文件
[root@k8s-master01 k8s]# cat harbor_secret.yml
apiVersion: v1
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjMwLjEwNzo1MDEyIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJ
fQp9kind: Secret
metadata:
name: harbor-login
namespace: default
type: kubernetes.io/dockerconfigjson
7.创建secret
[root@k8s-master01 ~]# kubectl apply -f harbor_secret.yml
secret/harbor-login created
[root@k8s-master01 ~]# kubectl get secrets
NAME TYPE DATA AGE
default-token-njd5x kubernetes.io/service-account-token 3 64d
harbor-login kubernetes.io/dockerconfigjson 1 17s
secret Opaque 2 52d
8.在pod的deployement yaml文件中添加如下配置即可,deployement yaml具体使用这里不做详解
[root@k8s-master01 k8s]# cat pipeline.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: pipeline
namespace: default
labels:
app: pipeline
spec:
replicas: 2
selector:
matchLabels:
app: pipeline
template:
metadata:
labels:
app: pipeline
spec:
containers:
- image: 192.168.30.107:5012/repo/pipeline:v3.0.0
name: pipeline
imagePullPolicy: Always
ports:
- containerPort: 8080
protocol: TCP
imagePullSecrets:
- name: harbor-login
标签:pipeline,harbor,仓库,secret,docker,k8s,root From: https://www.cnblogs.com/fenghua001/p/16793180.html