OpenShift-用于导入图像的凭据查找 [英] OpenShift - Credentials look-up for importing image

问题描述

我可以使用以下步骤从RedHat-registry.redhat.io/rhel8/redis-5启动带有Redis映像的应用程序.

I am able to a launch an application with the Redis image from RedHat - registry.redhat.io/rhel8/redis-5 using the following steps.

1. 在RedHat中创建服务帐户 https://access.redhat.com/
2. 为该帐户创建令牌后，下载YAML(请参阅下文)以获取图像拉密钥.
3. 使用YAML文件创建密钥.
4. 导入图像.

1. Create a service account at RedHat https://access.redhat.com/
2. Download the YAML (see below) for image pull secret once a token is created for that account.
3. Use the YAML file to create a secret.
4. Import the image.

apiVersion: v1
kind: Secret
metadata:
  name: accoutNum-userName-pull-secret
data:
  .dockerconfigjson: token-value....long........string
type: kubernetes.io/dockerconfigjson

添加秘密并导入图片:

oc create -f secret.yaml
oc import-image rhel8/redis-5 --from=registry.redhat.io/rhel8/redis-5 --confirm

图像元数据已导入:

oc get is
NAME      DOCKER REPO                       TAGS     UPDATED
redis-5   172.30.1.1:5000/project/redis-5   latest   About a minute ago

我不清楚import语句如何找到要使用的机密.

I am not clear how the import statement locates the secret to be used.

推荐答案

如果在拉/推图像时需要注册表进行身份验证，则OpenShift会自动从同一名称空间(项目)中的kubernetes.io/dockerconfigjson类型进行身份验证.因此，如果您需要访问多个外部注册表，则只需使用每个注册表的凭据创建匹配的机密.

OpenShift lookup automatically the authentication from type of kubernetes.io/dockerconfigjson in the same namespace(project) if the registry is required authentication when pulling/push images. So if you need to access multiple external registry, then just create matched secret with the credential per registry.

我希望它能对您有所帮助，谢谢.

I hope it help you, thanks.

这篇关于OpenShift-用于导入图像的凭据查找的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！