K8S-secrets拉取私有镜像
#使用docker login登录
[root@test-node1 ~]# docker login -u username -p passwd harbor.com
#使用secrets-响应式
kubectl create secret -n h5 docker-registry images-secrets --docker-server=harbor.com --docker-username=username --docker-password=passwd
#使用secrets-声明式
1.先使用docker login登录镜像仓库
[root@k8s151.ansre.cn ~/configMap]# docker login https://harbor.ansre.cn -u admin -p 1
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
2.查看登录的密钥数据
[root@k8s151.ansre.cn ~/configMap]# cat ~/.docker/config.json
{
"auths": {
"harbor.ansre.cn": {
"auth": "YWRtaW46MQ=="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.9 (linux)"
}
}
3.对密钥进行加密 ,用BASE64编码dockercfg内容,#注意一下要用到编码后的子串
[root@k8s151.ansre.cn ~/configMap]# cat ~/.docker/config.json |base64 -w 0
ewoJImF1dGhzIjogewoJCSJoYXJib3IuYW5zcmUuY24iOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2TVE9PSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9[root@k8s151.ansre.cn ~/configMap]# cd
4.使用yaml文件创建secrets
[root@k8s151.ansre.cn ~]# cd secret/
[root@k8s151.ansre.cn ~/secret]# cat 02-secret-harbor.yml
apiVersion: v1
kind: Secret
metadata:
name: harbor-login-secret
namespace: pro
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSJoYXJib3IuYW5zcmUuY24iOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2TVE9PSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9
[root@k8s151.ansre.cn ~]# kubectl apply -f 02-secret-harbor.yml