Kubernetes从多个私有Docker注册表中提取 [英] Kubernetes pull from multiple private docker registries
问题描述
要使用私有Docker存储库中的Docker容器,kubernetes建议创建一个类型为 docker-registry的机密,并在您的部署中引用它。
To use a docker container from a private docker repo, kubernetes recommends creating a secret of type 'docker-registry' and referencing it in your deployment.
https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
然后在头盔图或kubernetes部署文件中,使用 imagePullSecrets
Then in your helm chart or kubernetes deployment file, use imagePullSecrets
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: foo
spec:
replicas: {{ .Values.replicaCount }}
template:
spec:
imagePullSecrets:
- name: regcred
containers:
- name: foo
image: foo.example.com
这可行,但是要求所有容器都来自同一注册表。
This works, but requires that all containers be sourced from the same registry.
您将如何从2个注册表中提取2个容器(例如,当使用与主要容器分开存放的边车时)?
How would you pull 2 containers from 2 registries (e.g. when using a sidecar that is stored separate from the primary container) ?
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: foo
spec:
replicas: {{ .Values.replicaCount }}
template:
spec:
containers:
- name: foo
image: foo.example.com
imagePullSecrets:
- name: foo-secret
- name: bar
image: bar.example.com
imagePullSecrets:
- name: bar-secret
我尝试创建2个机密 foo -secret
和 bar-secret
并分别引用它们,但是我发现它无法拉出两个容器。
I've tried creating 2 secrets foo-secret
and bar-secret
and referencing each appropriately, but I find it fails to pull both containers.
推荐答案
您必须直接在容器级别添加 imagePullSecrets:
,但是您可以在那里拥有多个秘密。
You have to include imagePullSecrets:
directly at the pod level, but you can have multiple secrets there.
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: foo
spec:
replicas: {{ .Values.replicaCount }}
template:
spec:
imagePullSecrets:
- name: foo-secret
- name: bar-secret
containers:
- name: foo
image: foo.example.com/foo-image
- name: bar
image: bar.example.com/bar-image
如果需要访问多个注册表,则可以为每个注册表创建一个秘密。当为您的Pod提取图像时,Kubelet会将任何
imagePullSecrets
合并到单个虚拟.docker / config.json
中。
这篇关于Kubernetes从多个私有Docker注册表中提取的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!