如何从 Vagrant 上的 Kubernetes 访问私有 Docker Hub 存储库
How to access private Docker Hub repository from Kubernetes on Vagrant
我无法从我的私有 Docker Hub 存储库中提取到我在 Vagrant 上的本地 Kubernetes 设置 运行:
Container "hellonode" in pod "hellonode-n1hox" is waiting to start: image can't be
pulled
Failed to pull image "username/hellonode": Error: image username/hellonode:latest not found
我已经按照描述通过 Vagrant 在本地设置了 Kubernetes here and created a secret named "dockerhub" with kubectl create secret docker-registry dockerhub --docker-server=https://registry.hub.docker.com/ --docker-username=username --docker-password=... --docker-email=... 我提供的图片拉取密码。
我是运行 Kubernetes 1.2.0.
您可以按照 how to configure nodes to authenticate to a private repository 上的这些说明来配置 kubelet 以使 Docker 使用您的凭据,或者按照适用于 pods 的 imagePullSecrets +Phagun Baya 的解决方案进行操作。
创建 k8 Secret:
apiVersion: v1
kind: Secret
metadata:
name: repositorySecretKey
data:
.dockerconfigjson: <base64 encoded docker auth config>
type: kubernetes.io/dockerconfigjson
然后在pod或rc config中提到这个秘密。示例:
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
containers:
- name: test-pod
image: quay.io/example/hello:1.1
imagePullSecrets:
- name: repositorySecretKey
Docker 授权配置
{
"https://quay.io": {
"email": ".",
"auth": "<base64 encoded auth token>"
}
}
或
kubectl create secret docker-registry myregistrykey \
--docker-server=DOCKER_REGISTRY_SERVER \
--docker-username=DOCKER_USER \
--docker-password=DOCKER_PASSWORD \
--docker-email=DOCKER_EMAIL
从 Kubernetes YAML 拉取私有 DockerHub 托管镜像:
运行 这些命令:
DOCKER_REGISTRY_SERVER=docker.io
DOCKER_USER=Type your dockerhub username, same as when you `docker login`
DOCKER_EMAIL=Type your dockerhub email, same as when you `docker login`
DOCKER_PASSWORD=Type your dockerhub pw, same as when you `docker login`
kubectl create secret docker-registry myregistrykey \
--docker-server=$DOCKER_REGISTRY_SERVER \
--docker-username=$DOCKER_USER \
--docker-password=$DOCKER_PASSWORD \
--docker-email=$DOCKER_EMAIL
如果您在 DockerHub 上的用户名是 DOCKER_USER,您的私有仓库名为 PRIVATE_REPO_NAME,并且您要拉取的镜像被标记为 latest,请创建此 example.yaml 文件:
apiVersion: v1
kind: Pod
metadata:
name: whatever
spec:
containers:
- name: whatever
image: DOCKER_USER/PRIVATE_REPO_NAME:latest
imagePullPolicy: Always
command: [ "echo", "SUCCESS" ]
imagePullSecrets:
- name: myregistrykey
然后运行:
kubectl create -f example.yaml
以防其他人在使用 Windows -
中的 kubectl 时遇到困难
set secretname="secret1"
set username="dockerhubUsername"
set pw="dockerhubPassword"
set email="dockerhubEmail@domain.com"
kubectl create secret docker-registry %secretname% --docker-username=%username% --docker-password=%pw% --docker-email=%email%
我无法从我的私有 Docker Hub 存储库中提取到我在 Vagrant 上的本地 Kubernetes 设置 运行:
Container "hellonode" in pod "hellonode-n1hox" is waiting to start: image can't be pulled
Failed to pull image "username/hellonode": Error: image username/hellonode:latest not found
我已经按照描述通过 Vagrant 在本地设置了 Kubernetes here and created a secret named "dockerhub" with kubectl create secret docker-registry dockerhub --docker-server=https://registry.hub.docker.com/ --docker-username=username --docker-password=... --docker-email=... 我提供的图片拉取密码。
我是运行 Kubernetes 1.2.0.
您可以按照 how to configure nodes to authenticate to a private repository 上的这些说明来配置 kubelet 以使 Docker 使用您的凭据,或者按照适用于 pods 的 imagePullSecrets +Phagun Baya 的解决方案进行操作。
创建 k8 Secret:
apiVersion: v1
kind: Secret
metadata:
name: repositorySecretKey
data:
.dockerconfigjson: <base64 encoded docker auth config>
type: kubernetes.io/dockerconfigjson
然后在pod或rc config中提到这个秘密。示例:
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
containers:
- name: test-pod
image: quay.io/example/hello:1.1
imagePullSecrets:
- name: repositorySecretKey
Docker 授权配置
{
"https://quay.io": {
"email": ".",
"auth": "<base64 encoded auth token>"
}
}
或
kubectl create secret docker-registry myregistrykey \
--docker-server=DOCKER_REGISTRY_SERVER \
--docker-username=DOCKER_USER \
--docker-password=DOCKER_PASSWORD \
--docker-email=DOCKER_EMAIL
从 Kubernetes YAML 拉取私有 DockerHub 托管镜像:
运行 这些命令:
DOCKER_REGISTRY_SERVER=docker.io
DOCKER_USER=Type your dockerhub username, same as when you `docker login`
DOCKER_EMAIL=Type your dockerhub email, same as when you `docker login`
DOCKER_PASSWORD=Type your dockerhub pw, same as when you `docker login`
kubectl create secret docker-registry myregistrykey \
--docker-server=$DOCKER_REGISTRY_SERVER \
--docker-username=$DOCKER_USER \
--docker-password=$DOCKER_PASSWORD \
--docker-email=$DOCKER_EMAIL
如果您在 DockerHub 上的用户名是 DOCKER_USER,您的私有仓库名为 PRIVATE_REPO_NAME,并且您要拉取的镜像被标记为 latest,请创建此 example.yaml 文件:
apiVersion: v1
kind: Pod
metadata:
name: whatever
spec:
containers:
- name: whatever
image: DOCKER_USER/PRIVATE_REPO_NAME:latest
imagePullPolicy: Always
command: [ "echo", "SUCCESS" ]
imagePullSecrets:
- name: myregistrykey
然后运行:
kubectl create -f example.yaml
以防其他人在使用 Windows -
中的 kubectl 时遇到困难set secretname="secret1"
set username="dockerhubUsername"
set pw="dockerhubPassword"
set email="dockerhubEmail@domain.com"
kubectl create secret docker-registry %secretname% --docker-username=%username% --docker-password=%pw% --docker-email=%email%