转自:https://randyou.github.io/2020/06/16/k8s-pull-from-harbor/

登录 Harbor
进入一个私有项目
点击机器人账户页签,添加一个机器人账号
输入名称如 test,可以勾选永不过期,权限只需要拉取权限就够了,保存
保存后生成一个为 robot$test 的机器人账号和对应的令牌,保存成文件待用。

创建 imagePullSecrets
方式一:使用命令直接创建
harbor-registry-key 是要创建的 secrets 的名称,这里叫 harbor-registry-key
docker-server 对应 Harbor 仓库地址
docker-username 是上面的 robottestdocker−password是robottest docker-password 是 robottestdocker−password是robottest 对应的令牌 token

1
kubectl create secret docker-registry harbor-registry-key --docker-server=10.104.6.214 --docker-username=robot$test --docker-password=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1OTIzMDA1MTQsImlzcyI6ImhhcmJvci10b2tlbi1kZWZhdWx0SXNzdWVyIiwiaWQiOjQsInBpZCI6MiwiYWNjZXNzIjpbeyJSZXNvdXJjZSI6Ii9wcm9qZWN0LzIvcmVwb3NpdG9yeSIsIkFjdGlvbiI6InB1bGwiLCJFZmZlY3QiOiIifV19.sSUxZjxElPHxIlwK7d9yxQ6YpD29mKywXkf5poJeFDdFiDdz3QiNhwlrIcUAX0kt2-j7aeEOnO0mtlmCYRVCgKDQkPLNe3M6O_NN73_HSUWuZyJGGus–nTTe3J2uqFnrN1q9CFtYlhGcuoRPteqoeG4mHwjvnNfpvLAvQZI2Zz2iRG4Nob-5VcBZ0xzyY5oRC3TT0gImLAPQcwZ3ftSccLhXaAJGE2wlrzfWm3UBfAiN_JAhSvlNLX2sg_69YysQmNdwXGYZysTd-xrGl8pihs53CEqQtP_3-KuO1k07qSoG3O85F0qly0CivdIzD2HRJjQ4JrKFY24BiQf7syIvulygYIahYgNY8OF3giCF0q1jY0eg8qFBGAYa4M3KH7aOy_XsJbpHQgLat88lr6se0nWH16OLkRwtHMHvaAjDLm-EWfCMEV7mJgH2lrByqEpuUd5MApMuWoTwR6paNDjlRDunnshYEuy9V3xzcbJwOS4eCGWkGBGyL6vy41Xf87TCDIzKDiH3c4aUueaStlDbRpwPJHHGUpxqontids-YxH5TBf6Bz7mZt9iqdf1aU91bQgwfkmULFo-AqwFF0d5XfsNbAg3-owySgjj3CdT8bkgEj1zh70K8qxjrUMw7gNZLnEyCwVvDEdJKN0b7ZWXnRUezpkQdJs5jLEnifVxF8I
方式二:使用 ~/.docker/config.json 创建

使用 docker login 登录 Harbor,生成 .docker/config.json

[root@test-10-104-6-215 ~]# docker login 10.104.6.214
Username: robot$test
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
将文件内容转成 base64 输出

[root@test-10-104-6-215 ~]# cat ~/.docker/config.json |base64 -w 0
ewoJImF1dGhzIjogewoJCSIxMC4xMDQuNi4yMTQiOiB7CgkJCSJhdXRoIjogImNtOWliM1FrZEdWemREcGxlVXBvWWtkamFVOXBTbE5WZWtreFRtbEpjMGx1VWpWalEwazJTV3R3V0ZaRFNqa3VaWGxLY0ZsWVVXbFBha1V4VDFSSmVrMUVRVEZOVkZGelNXMXNlbU41U1RaSmJXaG9ZMjFLZG1OcE1UQmlNblJzWW1reGExcFhXbWhrVjNnd1UxaE9lbVJYVm5sSmFYZHBZVmRSYVU5cVVYTkpia0p3V2tOSk5rMXBkMmxaVjA1cVdsaE9la2xxY0dKbGVVcFRXbGhPZG1SWVNtcGFVMGsyU1drNWQyTnRPWEZhVjA0d1RIcEpkbU50Vm5kaU0wNXdaRWM1ZVdWVFNYTkphMFpxWkVkc2RtSnBTVFpKYmtJeFlrZDNhVXhEU2taYWJWcHNXVE5SYVU5cFNXbG1WakU1TG5OVFZYaGFhbmhGYkZCSWVFbHNkMHMzWkRsNWVGRTJXWEJFTWpsdFMzbDNXR3RtTlhCdlNtVkdSR1JHYVVSa2VqTlJhVTVvZDJ4eVNXTlZRVmd3YTNReUxXbzNZV1ZGVDI1UE1HMTBiRzFEV1ZKV1EyZExSRkZyVUV4T1pUTk5OazlmVGs0M00xOUlVMVZYZFZwNVNrZEhkWE10TFc1VVZHVXpTakoxY1VadWNrNHhjVGxEUm5SWmJHaEhZM1Z2VWxCMFpYRnZaVWMwYlVoM2FuWnVUbVp3ZGt4QmRsRmFTVEphZWpKcFVrYzBUbTlpTFRWV1kwSmFNSGg2ZVZrMWIxSkRNMVJVTUdkSmJVeEJVRkZqZDFvelpuUlRZMk5NYUZoaFFVcEhSVEozYkhKNlpsZHRNMVZDWmtGcFRsOUtRV2hUZG14T1RGZ3ljMmRmTmpsWmVYTlJiVTVrZDFoSFdWcDVjMVJrTFhoeVIydzRjR2xvY3pVelEwVnhVWFJRWHpNdFMzVlBNV3N3TjNGVGIwY3pUemcxUmpCeGJIa3dRMmwyWkVsNlJESklVa3BxVVRSS2NrdEdXVEkwUW1sUlpqZHplVWwyZFd4NVoxbEpZV2haWjA1Wk9FOUdNMmRwUTBZd2NURnFXVEJsWnpoeFJrSkhRVmxoTkUwelMwZzNZVTk1WDFoelNtSndTRkZuVEdGME9EaHNjalp6WlRCdVYwZ3hOazlNYTFKM2RFaE5TSFpoUVdwRVRHMHRSVmRtUTAxRlZqZHRTbWRJTW14eVFubHhSWEIxVldRMVRVRndUWFZYYjFSM1VqWndZVTVFYW14U1JIVnVibk5vV1VWMWVUbFdNM2g2WTJKS2QwOVROR1ZEUjFkclIwSkhlVXcyZG5rME1WaG1PRGRVUTBSSmVrdEVhVWd6WXpSaFZYVmxZVk4wYkVSaVVuQjNVRXBJU0VkVmNIaHhiMjUwYVdSekxWbDRTRFZVUW1ZMlFubzNiVnAwT1dseFpHWXhZVlU1TVdKUlozZG1hMjFWVEVadkxVRnhkMFpHTUdRMVdHWnpUbUpCWnpNdGIzZDVVMmRxYWpORFpGUTRZbXRuUldveGVtZzNNRXM0Y1hocWNsVk5kemRuVGxwTWJrVjVRM2RXZGtSRlpFcExUakJpTjFwWFdHNVNWV1Y2Y0d0UlpFcHpOV3BNUlc1cFpsWjRSamhKIgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy44IChsaW51eCkiCgl9Cn0=
创建 secret.yaml 文件,内容如下,.dockerconfigjson 的值为上面输出的内容

apiVersion: v1
kind: Secret
metadata:
name: harbor-registry-key
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4xMDQuNi4yMTQiOiB7CgkJCSJhdXRoIjogImNtOWliM1FrZEdWemREcGxlVXBvWWtkamFVOXBTbE5WZWtreFRtbEpjMGx1VWpWalEwazJTV3R3V0ZaRFNqa3VaWGxLY0ZsWVVXbFBha1V4VDFSSmVrMUVRVEZOVkZGelNXMXNlbU41U1RaSmJXaG9ZMjFLZG1OcE1UQmlNblJzWW1reGExcFhXbWhrVjNnd1UxaE9lbVJYVm5sSmFYZHBZVmRSYVU5cVVYTkpia0p3V2tOSk5rMXBkMmxaVjA1cVdsaE9la2xxY0dKbGVVcFRXbGhPZG1SWVNtcGFVMGsyU1drNWQyTnRPWEZhVjA0d1RIcEpkbU50Vm5kaU0wNXdaRWM1ZVdWVFNYTkphMFpxWkVkc2RtSnBTVFpKYmtJeFlrZDNhVXhEU2taYWJWcHNXVE5SYVU5cFNXbG1WakU1TG5OVFZYaGFhbmhGYkZCSWVFbHNkMHMzWkRsNWVGRTJXWEJFTWpsdFMzbDNXR3RtTlhCdlNtVkdSR1JHYVVSa2VqTlJhVTVvZDJ4eVNXTlZRVmd3YTNReUxXbzNZV1ZGVDI1UE1HMTBiRzFEV1ZKV1EyZExSRkZyVUV4T1pUTk5OazlmVGs0M00xOUlVMVZYZFZwNVNrZEhkWE10TFc1VVZHVXpTakoxY1VadWNrNHhjVGxEUm5SWmJHaEhZM1Z2VWxCMFpYRnZaVWMwYlVoM2FuWnVUbVp3ZGt4QmRsRmFTVEphZWpKcFVrYzBUbTlpTFRWV1kwSmFNSGg2ZVZrMWIxSkRNMVJVTUdkSmJVeEJVRkZqZDFvelpuUlRZMk5NYUZoaFFVcEhSVEozYkhKNlpsZHRNMVZDWmtGcFRsOUtRV2hUZG14T1RGZ3ljMmRmTmpsWmVYTlJiVTVrZDFoSFdWcDVjMVJrTFhoeVIydzRjR2xvY3pVelEwVnhVWFJRWHpNdFMzVlBNV3N3TjNGVGIwY3pUemcxUmpCeGJIa3dRMmwyWkVsNlJESklVa3BxVVRSS2NrdEdXVEkwUW1sUlpqZHplVWwyZFd4NVoxbEpZV2haWjA1Wk9FOUdNMmRwUTBZd2NURnFXVEJsWnpoeFJrSkhRVmxoTkUwelMwZzNZVTk1WDFoelNtSndTRkZuVEdGME9EaHNjalp6WlRCdVYwZ3hOazlNYTFKM2RFaE5TSFpoUVdwRVRHMHRSVmRtUTAxRlZqZHRTbWRJTW14eVFubHhSWEIxVldRMVRVRndUWFZYYjFSM1VqWndZVTVFYW14U1JIVnVibk5vV1VWMWVUbFdNM2g2WTJKS2QwOVROR1ZEUjFkclIwSkhlVXcyZG5rME1WaG1PRGRVUTBSSmVrdEVhVWd6WXpSaFZYVmxZVk4wYkVSaVVuQjNVRXBJU0VkVmNIaHhiMjUwYVdSekxWbDRTRFZVUW1ZMlFubzNiVnAwT1dseFpHWXhZVlU1TVdKUlozZG1hMjFWVEVadkxVRnhkMFpHTUdRMVdHWnpUbUpCWnpNdGIzZDVVMmRxYWpORFpGUTRZbXRuUldveGVtZzNNRXM0Y1hocWNsVk5kemRuVGxwTWJrVjVRM2RXZGtSRlpFcExUakJpTjFwWFdHNVNWV1Y2Y0d0UlpFcHpOV3BNUlc1cFpsWjRSamhKIgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy44IChsaW51eCkiCgl9Cn0=
创建 Secrets

kubectl create -f secret.yaml
使用 Secrets
创建 deployment.yaml,内容如下

apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-app
spec:
replicas: 1
selector:
matchLabels:
app: nginx-app
template:
metadata:
labels:
app: nginx-app
spec:
containers:
- name: nginx-app
image: 10.104.6.214/nginx:alpine # 使用 Harbor 上的镜像
imagePullPolicy: Always
ports:
- containerPort: 80
imagePullSecrets:
- name: harbor-registry-key # 使用刚刚创建的 Harbor Secrets
执行部署

kubectl create -f deployment.yaml
如果没有成功,检查 deployment 与 创建 Secrets 的 namespace 是否相同

创建机器人账户,用来给 k8s 从一个私有项目拉取镜像相关推荐

  1. k8s实战之从私有仓库拉取镜像 - kubernetes

    1.实战目的 从私有docker仓库拉取镜像,部署pod.上一篇中,我们搭建了私有的镜像仓库,这一篇我们将与k8s结合实战使用私有仓库. 2.登录docker 为了完成本次实战,需要登录docker, ...

  2. K8S从私有仓库拉取镜像

    通常来讲,我们在通过公共镜像仓库拉取docker镜像的时候,不需要任何的认证操作,但我们在构建了企业的私有镜像以后,就不得不在拉取镜像之前通过用户名密码来完成认证. 在docker单机环境中,我们可以 ...

  3. linux 从仓库拉取镜像,k8s 从私有仓库拉取镜像

    k8s 从私有仓库摘取镜像报错 with ErrImagePull: "rpc error: code = Unknown desc = Error response from daemon ...

  4. 解决k8s中node拉取镜像失败问题

    在k8s集群的使用过程中,初学者可能会碰到这样的(怪异)问题: 在一个k8s集群里,部署服务(用的私有镜像仓库,如harbor)的时候,只有个别node的服务是部署成功的,其他都是部署失败的. 错误的 ...

  5. k8s(kubernetes)通过yaml从harbor拉取镜像(史诗级,保姆级)

    上一篇:cat & EOF快速创建一个文件,并写入内容,特别棒!https://blog.csdn.net/fsjwin/article/details/109913049 1.现有环境先行交 ...

  6. k8s拉取镜像失败处理 ImagePullBackOff ErrImageNeverPull

    目录 一.环境描述 二.pod失败状态 三.整体解决方案 四.补充一下Pod状态解释 一.环境描述 系统环境:CentOS Linux release 7.9.2009 (Core) 系统内核:Lin ...

  7. k8s 拉取镜像失败_k8s 拉取私有仓库失败

    k8s 报错拉取镜像失败 Error response from daemon: pull access denied for istio/citadel, repository does not e ...

  8. 解决从k8s.gcr.io/gcr.io/quay.io等地址拉取镜像失败问题(Kubernetes国内镜像仓库地址)

    解决从k8s.gcr.io/gcr.io/quay.io等地址拉取镜像失败问题(Kubernetes国内镜像仓库地址) 参考文章: (1)解决从k8s.gcr.io/gcr.io/quay.io等地址 ...

  9. Kubernetes:如何解决从k8s.gcr.io拉取镜像失败问题

    安装k8s的时候需要从k8s.gcr.io拉取镜像 kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-addres ...

最新文章

  1. 【科普】:10分钟看明白XML和JSON
  2. 聊聊网络安全等级保护“能力验证”:配置核查(Linux系统)
  3. 按照姓名升序排序的代码_干货:6种EXCEL排序方法,让老板对你刮目相看
  4. React 16 Jest手动模拟(Manual Mocks)
  5. 过滤特征_万字长文讲解如何做特征工程
  6. 4.Mongodb之js脚本
  7. gitlab和github一起使用
  8. The Maven Integration requires that Eclipse be running in a JDK……
  9. 怎样通过计算机修改蓝牙音箱,有线音箱怎么改蓝牙无线音箱 有线音箱改无线音箱方法介绍【详解】...
  10. 【电商界的屠龙者-拼多多】——“拼多多”竞品分析
  11. python断点续传下载_Python 3 爬虫|第12章:并发下载大文件 支持断点续传
  12. 一步拿下抖音+微信生态圈,让内容变现再次加速
  13. 知乎回答一键导出为PDF——Python实现
  14. Python 让蔡徐坤在我的命令行里打篮球!
  15. Python基础语法笔记(十六)文件与文件系统
  16. ES6 lterator迭代器是个什么东西?有什么用?
  17. Qt按键值与Windows Virtual-Key Codes映射表
  18. Spring rebooted --重新认识Spring
  19. LabVIEW CompactRIO 开发指南10 确保可靠性与看门狗定时器
  20. 计算机网络-无线网络和移动网络

热门文章

  1. 【网页设计自习室#010】CSS01
  2. android 拦截webview加载url_WebView拦截url
  3. mysql-创建用户报错ERROR 1396 (HY000): Operation CREATE USER failed for 'XXXX'@'XXXX'
  4. The read operation timed out
  5. java request 方法_Request常用方法
  6. 写一个用户登入功能(html+ tomcat + mysql)
  7. 2012考研数学二第(20)题——不等式+导数应用:辅助函数单调性
  8. 大数据之路 -- 常用辅助框架
  9. OpenCV每日函数 特征检测和描述模块(6) BRISK类 (提取关键点和计算描述符)
  10. html5超链接怎么变成灰色,html超链接颜色怎么改