创建机器人账户,用来给 k8s 从一个私有项目拉取镜像
转自:https://randyou.github.io/2020/06/16/k8s-pull-from-harbor/
登录 Harbor
进入一个私有项目
点击机器人账户页签,添加一个机器人账号
输入名称如 test,可以勾选永不过期,权限只需要拉取权限就够了,保存
保存后生成一个为 robot$test 的机器人账号和对应的令牌,保存成文件待用。
创建 imagePullSecrets
方式一:使用命令直接创建
harbor-registry-key 是要创建的 secrets 的名称,这里叫 harbor-registry-key
docker-server 对应 Harbor 仓库地址
docker-username 是上面的 robottestdocker−password是robottest docker-password 是 robottestdocker−password是robottest 对应的令牌 token
1
kubectl create secret docker-registry harbor-registry-key --docker-server=10.104.6.214 --docker-username=robot$test --docker-password=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1OTIzMDA1MTQsImlzcyI6ImhhcmJvci10b2tlbi1kZWZhdWx0SXNzdWVyIiwiaWQiOjQsInBpZCI6MiwiYWNjZXNzIjpbeyJSZXNvdXJjZSI6Ii9wcm9qZWN0LzIvcmVwb3NpdG9yeSIsIkFjdGlvbiI6InB1bGwiLCJFZmZlY3QiOiIifV19.sSUxZjxElPHxIlwK7d9yxQ6YpD29mKywXkf5poJeFDdFiDdz3QiNhwlrIcUAX0kt2-j7aeEOnO0mtlmCYRVCgKDQkPLNe3M6O_NN73_HSUWuZyJGGus–nTTe3J2uqFnrN1q9CFtYlhGcuoRPteqoeG4mHwjvnNfpvLAvQZI2Zz2iRG4Nob-5VcBZ0xzyY5oRC3TT0gImLAPQcwZ3ftSccLhXaAJGE2wlrzfWm3UBfAiN_JAhSvlNLX2sg_69YysQmNdwXGYZysTd-xrGl8pihs53CEqQtP_3-KuO1k07qSoG3O85F0qly0CivdIzD2HRJjQ4JrKFY24BiQf7syIvulygYIahYgNY8OF3giCF0q1jY0eg8qFBGAYa4M3KH7aOy_XsJbpHQgLat88lr6se0nWH16OLkRwtHMHvaAjDLm-EWfCMEV7mJgH2lrByqEpuUd5MApMuWoTwR6paNDjlRDunnshYEuy9V3xzcbJwOS4eCGWkGBGyL6vy41Xf87TCDIzKDiH3c4aUueaStlDbRpwPJHHGUpxqontids-YxH5TBf6Bz7mZt9iqdf1aU91bQgwfkmULFo-AqwFF0d5XfsNbAg3-owySgjj3CdT8bkgEj1zh70K8qxjrUMw7gNZLnEyCwVvDEdJKN0b7ZWXnRUezpkQdJs5jLEnifVxF8I
方式二:使用 ~/.docker/config.json 创建
使用 docker login 登录 Harbor,生成 .docker/config.json
[root@test-10-104-6-215 ~]# docker login 10.104.6.214
Username: robot$test
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
将文件内容转成 base64 输出
[root@test-10-104-6-215 ~]# cat ~/.docker/config.json |base64 -w 0
ewoJImF1dGhzIjogewoJCSIxMC4xMDQuNi4yMTQiOiB7CgkJCSJhdXRoIjogImNtOWliM1FrZEdWemREcGxlVXBvWWtkamFVOXBTbE5WZWtreFRtbEpjMGx1VWpWalEwazJTV3R3V0ZaRFNqa3VaWGxLY0ZsWVVXbFBha1V4VDFSSmVrMUVRVEZOVkZGelNXMXNlbU41U1RaSmJXaG9ZMjFLZG1OcE1UQmlNblJzWW1reGExcFhXbWhrVjNnd1UxaE9lbVJYVm5sSmFYZHBZVmRSYVU5cVVYTkpia0p3V2tOSk5rMXBkMmxaVjA1cVdsaE9la2xxY0dKbGVVcFRXbGhPZG1SWVNtcGFVMGsyU1drNWQyTnRPWEZhVjA0d1RIcEpkbU50Vm5kaU0wNXdaRWM1ZVdWVFNYTkphMFpxWkVkc2RtSnBTVFpKYmtJeFlrZDNhVXhEU2taYWJWcHNXVE5SYVU5cFNXbG1WakU1TG5OVFZYaGFhbmhGYkZCSWVFbHNkMHMzWkRsNWVGRTJXWEJFTWpsdFMzbDNXR3RtTlhCdlNtVkdSR1JHYVVSa2VqTlJhVTVvZDJ4eVNXTlZRVmd3YTNReUxXbzNZV1ZGVDI1UE1HMTBiRzFEV1ZKV1EyZExSRkZyVUV4T1pUTk5OazlmVGs0M00xOUlVMVZYZFZwNVNrZEhkWE10TFc1VVZHVXpTakoxY1VadWNrNHhjVGxEUm5SWmJHaEhZM1Z2VWxCMFpYRnZaVWMwYlVoM2FuWnVUbVp3ZGt4QmRsRmFTVEphZWpKcFVrYzBUbTlpTFRWV1kwSmFNSGg2ZVZrMWIxSkRNMVJVTUdkSmJVeEJVRkZqZDFvelpuUlRZMk5NYUZoaFFVcEhSVEozYkhKNlpsZHRNMVZDWmtGcFRsOUtRV2hUZG14T1RGZ3ljMmRmTmpsWmVYTlJiVTVrZDFoSFdWcDVjMVJrTFhoeVIydzRjR2xvY3pVelEwVnhVWFJRWHpNdFMzVlBNV3N3TjNGVGIwY3pUemcxUmpCeGJIa3dRMmwyWkVsNlJESklVa3BxVVRSS2NrdEdXVEkwUW1sUlpqZHplVWwyZFd4NVoxbEpZV2haWjA1Wk9FOUdNMmRwUTBZd2NURnFXVEJsWnpoeFJrSkhRVmxoTkUwelMwZzNZVTk1WDFoelNtSndTRkZuVEdGME9EaHNjalp6WlRCdVYwZ3hOazlNYTFKM2RFaE5TSFpoUVdwRVRHMHRSVmRtUTAxRlZqZHRTbWRJTW14eVFubHhSWEIxVldRMVRVRndUWFZYYjFSM1VqWndZVTVFYW14U1JIVnVibk5vV1VWMWVUbFdNM2g2WTJKS2QwOVROR1ZEUjFkclIwSkhlVXcyZG5rME1WaG1PRGRVUTBSSmVrdEVhVWd6WXpSaFZYVmxZVk4wYkVSaVVuQjNVRXBJU0VkVmNIaHhiMjUwYVdSekxWbDRTRFZVUW1ZMlFubzNiVnAwT1dseFpHWXhZVlU1TVdKUlozZG1hMjFWVEVadkxVRnhkMFpHTUdRMVdHWnpUbUpCWnpNdGIzZDVVMmRxYWpORFpGUTRZbXRuUldveGVtZzNNRXM0Y1hocWNsVk5kemRuVGxwTWJrVjVRM2RXZGtSRlpFcExUakJpTjFwWFdHNVNWV1Y2Y0d0UlpFcHpOV3BNUlc1cFpsWjRSamhKIgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy44IChsaW51eCkiCgl9Cn0=
创建 secret.yaml 文件,内容如下,.dockerconfigjson 的值为上面输出的内容
apiVersion: v1
kind: Secret
metadata:
name: harbor-registry-key
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4xMDQuNi4yMTQiOiB7CgkJCSJhdXRoIjogImNtOWliM1FrZEdWemREcGxlVXBvWWtkamFVOXBTbE5WZWtreFRtbEpjMGx1VWpWalEwazJTV3R3V0ZaRFNqa3VaWGxLY0ZsWVVXbFBha1V4VDFSSmVrMUVRVEZOVkZGelNXMXNlbU41U1RaSmJXaG9ZMjFLZG1OcE1UQmlNblJzWW1reGExcFhXbWhrVjNnd1UxaE9lbVJYVm5sSmFYZHBZVmRSYVU5cVVYTkpia0p3V2tOSk5rMXBkMmxaVjA1cVdsaE9la2xxY0dKbGVVcFRXbGhPZG1SWVNtcGFVMGsyU1drNWQyTnRPWEZhVjA0d1RIcEpkbU50Vm5kaU0wNXdaRWM1ZVdWVFNYTkphMFpxWkVkc2RtSnBTVFpKYmtJeFlrZDNhVXhEU2taYWJWcHNXVE5SYVU5cFNXbG1WakU1TG5OVFZYaGFhbmhGYkZCSWVFbHNkMHMzWkRsNWVGRTJXWEJFTWpsdFMzbDNXR3RtTlhCdlNtVkdSR1JHYVVSa2VqTlJhVTVvZDJ4eVNXTlZRVmd3YTNReUxXbzNZV1ZGVDI1UE1HMTBiRzFEV1ZKV1EyZExSRkZyVUV4T1pUTk5OazlmVGs0M00xOUlVMVZYZFZwNVNrZEhkWE10TFc1VVZHVXpTakoxY1VadWNrNHhjVGxEUm5SWmJHaEhZM1Z2VWxCMFpYRnZaVWMwYlVoM2FuWnVUbVp3ZGt4QmRsRmFTVEphZWpKcFVrYzBUbTlpTFRWV1kwSmFNSGg2ZVZrMWIxSkRNMVJVTUdkSmJVeEJVRkZqZDFvelpuUlRZMk5NYUZoaFFVcEhSVEozYkhKNlpsZHRNMVZDWmtGcFRsOUtRV2hUZG14T1RGZ3ljMmRmTmpsWmVYTlJiVTVrZDFoSFdWcDVjMVJrTFhoeVIydzRjR2xvY3pVelEwVnhVWFJRWHpNdFMzVlBNV3N3TjNGVGIwY3pUemcxUmpCeGJIa3dRMmwyWkVsNlJESklVa3BxVVRSS2NrdEdXVEkwUW1sUlpqZHplVWwyZFd4NVoxbEpZV2haWjA1Wk9FOUdNMmRwUTBZd2NURnFXVEJsWnpoeFJrSkhRVmxoTkUwelMwZzNZVTk1WDFoelNtSndTRkZuVEdGME9EaHNjalp6WlRCdVYwZ3hOazlNYTFKM2RFaE5TSFpoUVdwRVRHMHRSVmRtUTAxRlZqZHRTbWRJTW14eVFubHhSWEIxVldRMVRVRndUWFZYYjFSM1VqWndZVTVFYW14U1JIVnVibk5vV1VWMWVUbFdNM2g2WTJKS2QwOVROR1ZEUjFkclIwSkhlVXcyZG5rME1WaG1PRGRVUTBSSmVrdEVhVWd6WXpSaFZYVmxZVk4wYkVSaVVuQjNVRXBJU0VkVmNIaHhiMjUwYVdSekxWbDRTRFZVUW1ZMlFubzNiVnAwT1dseFpHWXhZVlU1TVdKUlozZG1hMjFWVEVadkxVRnhkMFpHTUdRMVdHWnpUbUpCWnpNdGIzZDVVMmRxYWpORFpGUTRZbXRuUldveGVtZzNNRXM0Y1hocWNsVk5kemRuVGxwTWJrVjVRM2RXZGtSRlpFcExUakJpTjFwWFdHNVNWV1Y2Y0d0UlpFcHpOV3BNUlc1cFpsWjRSamhKIgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy44IChsaW51eCkiCgl9Cn0=
创建 Secrets
kubectl create -f secret.yaml
使用 Secrets
创建 deployment.yaml,内容如下
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-app
spec:
replicas: 1
selector:
matchLabels:
app: nginx-app
template:
metadata:
labels:
app: nginx-app
spec:
containers:
- name: nginx-app
image: 10.104.6.214/nginx:alpine # 使用 Harbor 上的镜像
imagePullPolicy: Always
ports:
- containerPort: 80
imagePullSecrets:
- name: harbor-registry-key # 使用刚刚创建的 Harbor Secrets
执行部署
kubectl create -f deployment.yaml
如果没有成功,检查 deployment 与 创建 Secrets 的 namespace 是否相同
创建机器人账户,用来给 k8s 从一个私有项目拉取镜像相关推荐
- k8s实战之从私有仓库拉取镜像 - kubernetes
1.实战目的 从私有docker仓库拉取镜像,部署pod.上一篇中,我们搭建了私有的镜像仓库,这一篇我们将与k8s结合实战使用私有仓库. 2.登录docker 为了完成本次实战,需要登录docker, ...
- K8S从私有仓库拉取镜像
通常来讲,我们在通过公共镜像仓库拉取docker镜像的时候,不需要任何的认证操作,但我们在构建了企业的私有镜像以后,就不得不在拉取镜像之前通过用户名密码来完成认证. 在docker单机环境中,我们可以 ...
- linux 从仓库拉取镜像,k8s 从私有仓库拉取镜像
k8s 从私有仓库摘取镜像报错 with ErrImagePull: "rpc error: code = Unknown desc = Error response from daemon ...
- 解决k8s中node拉取镜像失败问题
在k8s集群的使用过程中,初学者可能会碰到这样的(怪异)问题: 在一个k8s集群里,部署服务(用的私有镜像仓库,如harbor)的时候,只有个别node的服务是部署成功的,其他都是部署失败的. 错误的 ...
- k8s(kubernetes)通过yaml从harbor拉取镜像(史诗级,保姆级)
上一篇:cat & EOF快速创建一个文件,并写入内容,特别棒!https://blog.csdn.net/fsjwin/article/details/109913049 1.现有环境先行交 ...
- k8s拉取镜像失败处理 ImagePullBackOff ErrImageNeverPull
目录 一.环境描述 二.pod失败状态 三.整体解决方案 四.补充一下Pod状态解释 一.环境描述 系统环境:CentOS Linux release 7.9.2009 (Core) 系统内核:Lin ...
- k8s 拉取镜像失败_k8s 拉取私有仓库失败
k8s 报错拉取镜像失败 Error response from daemon: pull access denied for istio/citadel, repository does not e ...
- 解决从k8s.gcr.io/gcr.io/quay.io等地址拉取镜像失败问题(Kubernetes国内镜像仓库地址)
解决从k8s.gcr.io/gcr.io/quay.io等地址拉取镜像失败问题(Kubernetes国内镜像仓库地址) 参考文章: (1)解决从k8s.gcr.io/gcr.io/quay.io等地址 ...
- Kubernetes:如何解决从k8s.gcr.io拉取镜像失败问题
安装k8s的时候需要从k8s.gcr.io拉取镜像 kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-addres ...
最新文章
- 【科普】:10分钟看明白XML和JSON
- 聊聊网络安全等级保护“能力验证”:配置核查(Linux系统)
- 按照姓名升序排序的代码_干货:6种EXCEL排序方法,让老板对你刮目相看
- React 16 Jest手动模拟(Manual Mocks)
- 过滤特征_万字长文讲解如何做特征工程
- 4.Mongodb之js脚本
- gitlab和github一起使用
- The Maven Integration requires that Eclipse be running in a JDK……
- 怎样通过计算机修改蓝牙音箱,有线音箱怎么改蓝牙无线音箱 有线音箱改无线音箱方法介绍【详解】...
- 【电商界的屠龙者-拼多多】——“拼多多”竞品分析
- python断点续传下载_Python 3 爬虫|第12章:并发下载大文件 支持断点续传
- 一步拿下抖音+微信生态圈,让内容变现再次加速
- 知乎回答一键导出为PDF——Python实现
- Python 让蔡徐坤在我的命令行里打篮球!
- Python基础语法笔记(十六)文件与文件系统
- ES6 lterator迭代器是个什么东西?有什么用?
- Qt按键值与Windows Virtual-Key Codes映射表
- Spring rebooted --重新认识Spring
- LabVIEW CompactRIO 开发指南10 确保可靠性与看门狗定时器
- 计算机网络-无线网络和移动网络
热门文章
- 【网页设计自习室#010】CSS01
- android 拦截webview加载url_WebView拦截url
- mysql-创建用户报错ERROR 1396 (HY000): Operation CREATE USER failed for 'XXXX'@'XXXX'
- The read operation timed out
- java request 方法_Request常用方法
- 写一个用户登入功能(html+ tomcat + mysql)
- 2012考研数学二第(20)题——不等式+导数应用:辅助函数单调性
- 大数据之路 -- 常用辅助框架
- OpenCV每日函数 特征检测和描述模块(6) BRISK类 (提取关键点和计算描述符)
- html5超链接怎么变成灰色,html超链接颜色怎么改