pod使用凭据连接harbor仓库

1. 配置secret

kubectl create secret docker-registry harbor-registry-creds --docker-server="https://harbor.dreame.tech" --docker-email=cicd@dreame.tech --docker-username='ci_autobuild'  --docker-password='7cmTieZ3L7RURZ' -n ci-test

注意：这里用户一定要有这个镜像的访问权限。

2. 使用secret去拉取镜像

# 实例：与containers平级     
       imagePullSecrets:
        - name: harbor-registry-creds #添加刚才配置的凭据



apiVersion: apps/v1
kind: Deployment
metadata:
  name: cicd-ubuntu
  namespace: ci-test
  labels:
    app: cicd-ubuntu
spec:
  replicas: 3
  selector:
    matchLabels:
      app: cicd-ubuntu
  template:
    metadata:
      labels:
        app: cicd-ubuntu
    spec:
      volumes:
        - name: mypd
          persistentVolumeClaim:
            claimName: cicd
      containers:
      - name: cicd
        image: harbor.dreame.tech/devops/wangkang/ci_base:V2
        command: ["/usr/bin/tail"]
        args: ["-f", "/etc/hosts"]
        resources:
          limits:
            cpu: '1'
            memory: 1Gi
        volumeMounts:
          - name: mypd
            mountPath: /home/ujenkins
      imagePullSecrets:
        - name: harbor-registry-creds #添加刚才配置的凭据
      nodeSelector:
        storagenode: cicd
      tolerations:
      - key: "cicd"
        operator: "Equal"
        value: "schedulable"
        effect: "NoSchedule"
      # affinity:
      #   podAntiAffinity:
      #     requiredDuringSchedulingIgnoredDuringExecution:
      #       nodeSelectorTerms:
      #       - matchExpressions:
      #         - key: cicd
      #           operator: In
      #           values:
      #           - schedulable

参数： imagePullSecrets