预置
harbor url: https://harbor.test.com:6443
image url: harbor.test.com:6443/test/test-secret:latest
namespace: harbor-test
- 将harbor的ca.crt复制到node的/etc/docker/certs.d/harbor.test.com:6443目录下
cp ca.crt /etc/docker/certs.d/harbor.test.com:6443/- 创建Pod拉取镜像需使用的secret
kubectl create secret docker-registry my-harbor-secret --docker-server=harbor.test.com:6443 --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email> --namespace=harbor-testsecret默认仅在default namespace下有效,若不加--namespace,非default namespace无法使用该secret,会显示拉取镜像失败
Failed to pull image "harbor.test.com:6443/test/test-secret:latest": rpc error: code = Unknown desc = Error response from daemon: pull access denied for harbor.test.com:6443/test/test-secret:latest, repository does not exist or may require 'docker login': denied: requested access to the resource is denied- 创建测试用Pod private-reg-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: private-reg
namespace: harbor-test
spec:
containers:
- name: private-reg-container
image: harbor.test.com:6443/test/test-secret:latest
imagePullSecrets:
- name: my-harbor-secret
kubectl create -f private-reg-pod.yaml
来源:oschina
链接:https://my.oschina.net/u/4059319/blog/3216563