创建阿里云镜像仓库imagePullSecrets
一、通过docker config.json
1.docker登录仓库,根据提示
[root@ks-node05 ~]# docker login --username=mq-ops2@1910650714221478 registry-vpc.cn-hangzhou.aliyuncs.com #因为是阿里云ECS,所以用了registry-vpc
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
登录过程会创建或更新保存有授权令牌的 config.json
文件
[root@ks-node05 ~]# ll .docker/
total 4
-rw------- 1 root root 157 Nov 9 11:48 config.json
[root@ks-node05 ~]# cat .docker/config.json
{
"auths": {
"registry-vpc.cn-hangzhou.aliyuncs.com": {
"auth": "bXEtb3BzMkAxOTEwNjUwNzExxxxxxxxTZWQ0dGS0hPMEdrM3BlN3VneUkzRFh1SmRyS0hU"
}
}
}
2.通过config.json
创建secret
[root@ks-node05 ~]# kubectl create secret generic aliyuncs-registry-key --from-file=.dockerconfigjson=/root/.docker/config.json --type=kubernetes.io/dockerconfigjson --namespace=mk1-uat
secret/aliyuncs-registry-key created
[root@ks-node05 ~]# kubectl get secret -n mk1-uat
NAME TYPE DATA AGE
aliyuncs-registry-key kubernetes.io/dockerconfigjson 1 30s
3.YAML引用
在pods的spec.imagePullSecrets下引用即可
二、通过命令行直接创建
# aliyuncs-registry-key2 secret 名称,自定义 kubectl --namespace=mk1-uat create secret docker-registry aliyuncs-registry-key2 \ > --docker-server=registry-vpc.cn-hangzhou.aliyuncs.com \ > --docker-username=mq-ops2@1910650714221478 \ > --docker-password=${registry_passwd} \ > --docker-email=xxxx@qq.com
"一劳永逸" 的话,有是有的,而 "一劳永逸" 的事却极少