|NO.Z.00181|——————————|CloudNative|——|KuberNetes&配置管理.V12|——|secret.v04|ImagePullSecret|

一、ImagePullSecret:
### --- ImagePullSecret:

~~~     Pod拉取私有镜像仓库时使用的账号密码,里面的账号信息会传递给kubelet,
~~~     然后kubelet就可以拉取有密码的仓库里面的镜像。
### --- 创建一个docker registry的secrets
~~~     手动创建docker registry的secrets

[root@k8s-master01 secrets]# kubectl create secret docker-registry  docker-secret --docker-server=hub.docker.com --docker-username=admin --docker-password=password --docker-email=xxx@xxx.com
secret/docker-secret created            
docker-registry  docker-secret          // secrets名称
--docker-server=hub.docker.com          // 公司内部镜像仓库地址 
--docker-username=admin                 // 账户名
--docker-password=password              // 密码
--docker-email=xxx@xxx.com              // 邮箱
secret/docker-secret created
### --- 查看它的类型
~~~     类型是dockerconfigjson类型

[root@k8s-master01 secrets]# kubectl get secret
NAME                  TYPE                                  DATA   AGE
docker-secret         kubernetes.io/dockerconfigjson        1      2m24s
二、查看创建的docker-secret.yaml配置文件
[root@k8s-master01 secrets]# kubectl get secret docker-secret -oyaml
apiVersion: v1
data:
  .dockerconfigjson: eyJhdXRocyI6eyJodWIuZG9ja2VyLmNvbSI6eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJwYXNzd29yZCIsImVtYWlsIjoieHh4QHh4eC5jb20iLCJhdXRoIjoiWVdSdGFXNDZjR0Z6YzNkdmNtUT0ifX19
kind: Secret
metadata:
  creationTimestamp: "2021-04-25T11:20:34Z"
    manager: kubectl-create
    operation: Update
    time: "2021-04-25T11:20:34Z"
  name: docker-secret
  namespace: default
  resourceVersion: "757264"
  uid: 61c68e06-d490-41cc-9385-e10e0c6b97c5
type: kubernetes.io/dockerconfigjson
三、解密加密的参数
### --- 解密查看它的输出值

[root@k8s-master01 secrets]# echo "eyJhdXRocyI6eyJodWIuZG9ja2VyLmNvbSI6eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJwYXNzd29yZCIsImVtYWlsIjoieHh4QHh4eC5jb20iLCJhdXRoIjoiWVdSdGFXNDZjR0Z6YzNkdmNtUT0ifX19" | base64 --decode
{"auths":{"hub.docker.com":{"username":"admin","password":"password","email":"xxx@xxx.com","auth":"YWRtaW46cGFzc3dvcmQ="}}}
四、将镜像挂载到容器中
### --- 挂载镜像使用

[root@k8s-master01 configmap]# vim pod-single-configmap-env-variable.yaml
apiVersion: v1
kind: Pod
metadata:
  name: dapi-test-pod-secret
spec:
  nodeName: k8s-master02
  imagePullSecrets:                 // 它和containers是同一级别的
    - name: docker-secret
  containers:
    - name: test-container
### --- 查看容器创建过程中镜像挂载参数

[root@k8s-master01 secrets]#  kubectl describe pod dapi-test-pod-secret
Events:
  Type    Reason   Age   From     Message
  ----    ------   ----  ----     -------
  Normal  Pulled   66s   kubelet  Container image "busybox:1.28" already present on machine
  Normal  Created  65s   kubelet  Created container test-container
  Normal  Started  65s   kubelet  Started container test-container
 
 
 
 
 
 
 
 
 
Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart
                                                                                                                                                   ——W.S.Landor
 

 

posted on 2022-03-30 13:26  yanqi_vip  阅读(57)  评论(0)    收藏  举报

导航