pod结合secret下载私有镜像
1、保证节点机器可以登录仓库
docker login --username admin --password Harbor12345 harbor.hack.me
2、结合sercet资源针对密钥文件进行加密
kubectl create secret generic regcred --from-file=/root/.docker/config.json --type=kubernetes.io/dockerconfigjson
3、编写pod资源结合imagePullSecrets字段调用sercet进行下载
`[root@k8smaster01 storage]# cat my-private-reg-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: private-reg
spec:
nodeName: k8smaster01.com
containers:
- name: private-reg-container
image: harbor.hack.me/repo/alpine@sha256:c10f729849a3b03cbf222e2220245dd44c39a06d444aa32cc30a35c4c1aba59d
command: ["sleep","360"]
imagePullSecrets: - name: regcred`
总结:
- 确保调度节点可以访问私有仓库
- 确保定都节点存在对于secret资源