K8S-secrets拉取私有镜像

#使用docker login登录
[root@test-node1 ~]# docker login -u username  -p passwd  harbor.com

#使用secrets-响应式
kubectl create secret -n h5 docker-registry images-secrets --docker-server=harbor.com --docker-username=username   --docker-password=passwd

#使用secrets-声明式
1.先使用docker login登录镜像仓库
[root@k8s151.ansre.cn ~/configMap]# docker login https://harbor.ansre.cn -u admin -p 1
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded   

2.查看登录的密钥数据
[root@k8s151.ansre.cn ~/configMap]# cat ~/.docker/config.json
{
	"auths": {
		"harbor.ansre.cn": {
			"auth": "YWRtaW46MQ=="
		}
	},
	"HttpHeaders": {
		"User-Agent": "Docker-Client/18.09.9 (linux)"
	}
}

3.对密钥进行加密 ，用BASE64编码dockercfg内容，#注意一下要用到编码后的子串
[root@k8s151.ansre.cn ~/configMap]# cat ~/.docker/config.json |base64 -w 0
ewoJImF1dGhzIjogewoJCSJoYXJib3IuYW5zcmUuY24iOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2TVE9PSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9[root@k8s151.ansre.cn ~/configMap]# cd
4.使用yaml文件创建secrets
[root@k8s151.ansre.cn ~]# cd secret/
[root@k8s151.ansre.cn ~/secret]# cat 02-secret-harbor.yml 
apiVersion: v1
kind: Secret
metadata:
  name: harbor-login-secret
  namespace: pro
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJoYXJib3IuYW5zcmUuY24iOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2TVE9PSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9
[root@k8s151.ansre.cn ~]# kubectl apply -f 02-secret-harbor.yml