At the beginning of the k8s, there will always be a lot of pits, because it is open source projects, the version is always updated, so be always concerned about the version you use there are different commands and parameters.
This pit is for k8s to be able to pull the mirror in the private vault when the pod is built. According to the official website or online information, you can record the private library authentication information by creating secret. The following are the specific practices:
First, log in to the private repository on one of the node (Docker Access private library configuration, not described here)
Docker Login My.registry
Once the login is successful, the Config.json file is produced in the/root/.docker directory and the following command is executed:
Cat/root/.docker/config.json | Base64-w 0
This command will encode your authentication information by base64 and generate an encoded string.
Create the Secret.yaml in the master node in Kubernetes:
Apiversion:v1
Kind:secret
Metadata
Name:myregistrykey
Type:kubernetes.io/dockercfg
Data
. dockercfg:ewojimf1dghzijogewojcsjidxmuz2eioib7cgkjcsjhdxroijogillxunrhvzq2wvdsdgfxnhhovgsztlrnpsikcql9cgl9cn0 =
The master node in Kubernetes creates the secret:
Kubectl create-f Secret.yaml
See if Secret is created:
Kubectl Get Secret
Then specify when you create the other elements: Imagespullsecrets.
For example:
Pod:
Apiversion:v1
Kind:pod
Metadata
Name:redis-test
Containers
- Name:redis-test
Image:my.registry/redis
Imagepullsecrets:
- Name:myregistrykey
This is the way the online and official website provides access to the private library when k8s starts the pod.
Many people can also be used, but since k8s has been updated, many of the online materials are based on the old version of the verification, in the new version of some parameters are changed.
This mining pit is to edit the secret element when the type and date parameters are changed, from k8s 1.8, kubernetes.io/dockercfg becomes Kubernetes.io/dockerconfigjson, corresponds to. Dockercfg also becomes. Dockerconfigjson, so when you create secret with k8s version 1.8, the elements become as follows:
Apiversion:v1
Kind:secret
Metadata
Name:myregistrykey
Data
. Dockerconfigjson: ewojimf1dghzijogewojcsjidxmuz2eioib7cgkjcsjhdxroijogillxunrhvzq2wvdsdgfxnhhovgsztlrnpsikcql9cgl9cn0=
Type:kubernetes.io/dockerconfigjson
Otherwise, when the secret is created, the Pod Launcher will report an error that requires authentication or cannot be found, and the image cannot be used properly.
Points to note about Kubernetes pull Private library image