创建阿里云镜像仓库imagePullSecrets

一、通过docker config.json

1.docker登录仓库，根据提示

[root@ks-node05 ~]# docker login --username=mq-ops2@1910650714221478 registry-vpc.cn-hangzhou.aliyuncs.com  #因为是阿里云ECS，所以用了registry-vpc
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

登录过程会创建或更新保存有授权令牌的 config.json 文件

[root@ks-node05 ~]# ll .docker/
total 4
-rw------- 1 root root 157 Nov  9 11:48 config.json
[root@ks-node05 ~]# cat  .docker/config.json 
{
	"auths": {
		"registry-vpc.cn-hangzhou.aliyuncs.com": {
			"auth": "bXEtb3BzMkAxOTEwNjUwNzExxxxxxxxTZWQ0dGS0hPMEdrM3BlN3VneUkzRFh1SmRyS0hU"
		}
	}
}

2.通过config.json创建secret

[root@ks-node05 ~]# kubectl create secret generic  aliyuncs-registry-key --from-file=.dockerconfigjson=/root/.docker/config.json --type=kubernetes.io/dockerconfigjson --namespace=mk1-uat
secret/aliyuncs-registry-key created
[root@ks-node05 ~]# kubectl get secret -n mk1-uat
NAME                                TYPE                                  DATA   AGE
aliyuncs-registry-key               kubernetes.io/dockerconfigjson        1      30s

3.YAML引用

在pods的spec.imagePullSecrets下引用即可

二、通过命令行直接创建

# aliyuncs-registry-key2  secret 名称，自定义
kubectl --namespace=mk1-uat create secret docker-registry aliyuncs-registry-key2 \ 
> --docker-server=registry-vpc.cn-hangzhou.aliyuncs.com \
> --docker-username=mq-ops2@1910650714221478 \
> --docker-password=${registry_passwd} \
> --docker-email=xxxx@qq.com