文档地址:https://kubernetes.io/zh/docs/tasks/configure-pod-container/pull-image-private-registry/
$ docker login
$ cat ~/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "aGFja3NvdWw6WHVqaXlvdS4xOTk3MTExOA=="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.5 (linux)"
}
}$ kubectl create secret docker-registry regcred --docker-server=hub.docker.com --docker-username=hacksoul --docker-password=Xujiyou.19971118 [email protected]
$ kubectl get secret regcred --output=yaml
$ kubectl get secret regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyJodWIuZG9ja2VyLmNvbSI6eyJ1c2VybmFtZSI6ImhhY2tzb3VsIiwicGFzc3dvcmQiOiJYdWppeW91LjE5OTcxMTE4IiwiZW1haWwiOiI1NTIwMDMyNzFAcXEuY29tIiwiYXV0aCI6ImFHRmphM052ZFd3NldIVnFhWGx2ZFM0eE9UazNNVEV4T0E9PSJ9fX0=
kind: Secret
metadata:
creationTimestamp: "2020-01-28T06:10:51Z"
name: regcred
namespace: default
resourceVersion: "2083203"
selfLink: /api/v1/namespaces/default/secrets/regcred
uid: c40c639b-0eb8-4d9e-936a-e63c39c2f488
type: kubernetes.io/dockerconfigjson$ kubectl get secret regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
{"auths":{"hub.docker.com":{"username":"hacksoul","password":"Xujiyou.19971118","email":"[email protected]","auth":"aGFja3NvdWw6WHVqaXlvdS4xOTk3MTExOA=="}}}
$ echo "aGFja3NvdWw6WHVqaXlvdS4xOTk3MTExOA==" | base64 --decode
hacksoul:Xujiyou.19971118
注意,Secret 数据包含与本地 ~/.docker/config.json 文件类似的授权令牌。
这样您就已经成功地将 Docker 凭据设置为集群中的名为 regcred 的 Secret。
apiVersion: v1
kind: Pod
metadata:
name: private-reg
spec:
containers:
- name: private-reg-container
image: hacksoul/coredns:1.6.2
imagePullSecrets:
- name: regcred