要使用来自私有(private) docker repo 的 docker 容器,kubernetes 建议创建一个类型为“docker-registry”的 secret 并在您的部署中引用它。
https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
然后在您的 helm chart 或 kubernetes 部署文件中,使用
imagePullSecrets
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: foo
spec:
replicas: {{ .Values.replicaCount }}
template:
spec:
imagePullSecrets:
- name: regcred
containers:
- name: foo
image: foo.example.com
这可行,但要求所有容器都来自同一个注册表。
您将如何从 2 个注册表中提取 2 个容器 (例如,当使用与主容器分开存储的边车时)?
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: foo
spec:
replicas: {{ .Values.replicaCount }}
template:
spec:
containers:
- name: foo
image: foo.example.com
imagePullSecrets:
- name: foo-secret
- name: bar
image: bar.example.com
imagePullSecrets:
- name: bar-secret
我尝试创建 2 个 secret
foo-secret和
bar-secret并适本地引用每个,但我发现它无法拉动两个容器。
请您参考如下方法:
您必须包含 imagePullSecrets:直接在 pod 级别,但你可以在那里有多个 secret 。
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: foo
spec:
replicas: {{ .Values.replicaCount }}
template:
spec:
imagePullSecrets:
- name: foo-secret
- name: bar-secret
containers:
- name: foo
image: foo.example.com/foo-image
- name: bar
image: bar.example.com/bar-image
Kubernetes documentation on this笔记:
If you need access to multiple registries, you can create one secret for each registry. Kubelet will merge any
imagePullSecretsinto a single virtual.docker/config.jsonwhen pulling images for your Pods.
