当pod从私用仓库拉取镜像时,k8s集群使用类型为docker-registry的Secret来提供身份认证,创建一个名为registry-key的Secret
如果命名空间中有secret 先删除:kubectl delete secret registry-key -n delevopment
-n delevopment 为指定命名空间 不写就是default
新建secret
kubectl -n delevopment create secret docker-registry registry-key
--docker-server=kvmdocker:5000
--docker-username=gongdear
--docker-password=
--docker-email=gongdear@gmail.com
执行后新建成功
yaml中配置
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: gateway-dev
namespace: development
labels:
name: gateway-dev
spec:
replicas: 1
template:
metadata:
labels:
name: gateway-dev
spec:
imagePullSecrets:
- name: registry-key
containers:
- name: gateway-dev
image: kvmdocker:5000/gateway/2.0
imagePullPolicy: Always
ports:
- containerPort: 8118
protocol: TCP
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /etc/resolv.conf
name: resolv
readOnly: true
resources:
limits:
memory: "1Gi"
cpu: "2"
requests:
memory: "500Mi"
cpu: "1"
volumes:
- hostPath:
path: /etc/localtime
name: localtime
- hostPath:
path: /etc/resolv.conf
name: resolv
kubernetes从私有仓库拉取镜像
宝剑锋从磨砺出,梅花香自苦寒来.