k8s拉取阿里云私有镜像仓库

认知认识

已于 2025-02-21 22:28:52 修改

阅读量399

点赞数 8

文章标签： kubernetes 阿里云容器

于 2025-02-21 16:45:29 首次发布

本文链接：https://blog.youkuaiyun.com/m0_58991863/article/details/145779058

版权

容器镜像公有仓库经常容易暴毙，在网上到处各种复制粘贴很是浪费时间，所有创建一个私有的容器镜像仓库是非常有必要的。以下已阿里云私有镜像仓库为例，k8s拉取阿里云镜像仓库。

1.创建 secret

kubectl create secret docker-registry <secret-name> \
    --docker-server=<your-registry> \
    --docker-username=<your-username> \
    --docker-password=<your-password> \
    --docker-email=<your-email>

其中

<secret-name>:自己定义的secret名字

<your-registry>:阿里云镜像仓库地址

<your-username>:阿里云镜像仓库用户名

<your-password>:阿里云镜像仓库密码

<your-email>:阿里云镜像仓库邮箱

图1.1 用户名与仓库地址的位置

通过kubectl get secret命令可查看已创建的secret

[root@k8s-master01 ~]# kubectl get secret
NAME                  TYPE                                  DATA   AGE
default-token-rhtkz   kubernetes.io/service-account-token   3      28h
my-secret-registry    kubernetes.io/dockerconfigjson        1      14m

2.生成yaml文件

kubectl create deployment nginx --image=crpi-b61m2kxze9drb8r8.cn-shanghai.personal.cr.aliyuncs.com/cognition-images/nginx --dry-run -o yaml > nginx.yaml

注意：--image中的内容使用的是自己私有镜像仓库中镜像的地址，

编写生成的yaml文件（我用的是nginx.yaml文件为例），在containers的下面（与containers同级）写入拉取的镜像secret（imagePullSecrets）

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: nginx
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: nginx
    spec:
      containers:
      - image: crpi-b61m2kxze9drb8r8.cn-shanghai.personal.cr.aliyuncs.com/cognition-images/nginx
        name: nginx
        resources: {}
      imagePullSecrets:
      - name: my-secret-registry
status: {}

3.利用编写好的yaml文件，生成pod

[root@k8s-master01 ~]# kubectl create -f nginx.yaml

编写deployment的yaml文件

[root@k8s-master01 ~]# kubectl edit deployment nginx

和第二步一样在containers的下面（与containers同级）写入拉取的镜像secret（imagePullSecrets）

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "3"
  creationTimestamp: "2025-02-21T08:21:29Z"
  generation: 3
  labels:
    app: nginx
  name: nginx
  namespace: default
  resourceVersion: "159276"
  uid: ff8a9a32-2a65-4b04-83f5-b1052a1f1f77
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: nginx
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: nginx
    spec:
      containers:
      - image: crpi-b61m2kxze9drb8r8.cn-shanghai.personal.cr.aliyuncs.com/cognition-images/nginx
        imagePullPolicy: Always
        name: nginx
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      imagePullSecrets:
      - name: my-secret-registry
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2025-02-21T08:21:31Z"
    lastUpdateTime: "2025-02-21T08:21:31Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2025-02-21T08:21:29Z"
    lastUpdateTime: "2025-02-21T08:37:29Z"
    message: ReplicaSet "nginx-5d6d894b8c" has successfully progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  observedGeneration: 3
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1

4.验证

[root@k8s-master01 ~]# kubectl get pod
NAME                     READY   STATUS    RESTARTS   AGE
nginx-5d6d894b8c-f4vcz   1/1     Running   0          17m

至此，操作完毕！！！