基本了解
secret是为了存储一些安全、敏感的数据信息,比如说认证信息,帐号、sshkey等;它有很多的类型 secret-types;
docker认证
配置
首先登陆docker的私有仓库
docker login registry.idcos.com
输入用户名和密码后会生成一个配置文件
[root@ops-pre-4-175 k8sConfigs]# ll /root/.docker/config.json
-rw------- 1 root root 161 Dec 1 10:44 /root/.docker/config.json
对此配置文件进行base64后配置至secret的资源文件当中
apiVersion: v1
kind: Secret
metadata:
name: idcos-registry-key
data:
.dockercfg: {cat ~/.docker/config.json |base64 -w 0}
type: kubernets.io/dockercfgjson
其中type即为诸多secret-types当中的dockercfgjson;
创建并查看
[root@ops-pre-4-175 k8sConfigs]# kubectl create -f secret/image-pull-secret.yaml
[root@ops-pre-4-175 k8sConfigs]# kubectl get secret
NAME TYPE DATA AGE
idcos-registry-key kubernets.io/dockercfg 1 8m14s
或者使用curl请求创建
curl -X POST \
https://10.0.4.175:6443/api/v1/namespaces/idcos/secrets \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/json' \
-d '{
"apiVersion": "v1",
"kind": "Secret",
"metadata": {
"name": "idcos-registry-key",
"namespace": "idcos"
},
"data": {
".dockerconfigjson": "base64values"
},
"type": "kubernetes.io/dockerconfigjson"
}'
使用
apiVersion: v1
kind: Pod
metadata:
name: cloud-act2-docs
namespace: idcos
labels:
app: cloud-act2-docs
spec:
containers:
- name: cloud-act2-docs
image: registry.idcos.com/cloudpower/cloud-act2-docs:v1.0
restartPolicy: Always
## 使用imagePullSecrets
imagePullSecrets:
- name: idcos-registry-key