要使用来自私有(private) docker repo 的 docker 容器,kubernetes 建议创建一个类型为“docker-registry”的 secret 并在您的部署中引用它。
https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
然后在您的 helm chart 或 kubernetes 部署文件中,使用
imagePullSecrets
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: foo
spec:
replicas: {{ .Values.replicaCount }}
template:
spec:
imagePullSecrets:
- name: regcred
containers:
- name: foo
image: foo.example.com
这可行,但要求所有容器都来自同一个注册表。
您将如何从 2 个注册表中提取 2 个容器 (例如,当使用与主容器分开存储的边车时)?
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: foo
spec:
replicas: {{ .Values.replicaCount }}
template:
spec:
containers:
- name: foo
image: foo.example.com
imagePullSecrets:
- name: foo-secret
- name: bar
image: bar.example.com
imagePullSecrets:
- name: bar-secret
我尝试创建 2 个 secret
foo-secret
和 bar-secret
并适本地引用每个,但我发现它无法拉动两个容器。
最佳答案
您必须包含 imagePullSecrets:
直接在 pod 级别,但你可以在那里有多个 secret 。
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: foo
spec:
replicas: {{ .Values.replicaCount }}
template:
spec:
imagePullSecrets:
- name: foo-secret
- name: bar-secret
containers:
- name: foo
image: foo.example.com/foo-image
- name: bar
image: bar.example.com/bar-image
Kubernetes documentation on this笔记:
If you need access to multiple registries, you can create one secret for each registry. Kubelet will merge any
imagePullSecrets
into a single virtual.docker/config.json
when pulling images for your Pods.
关于docker - Kubernetes 从多个私有(private) Docker 注册表中提取,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53489844/