Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to use Harbor as a private image warehouse in kubernetes, which has a certain reference value. Interested friends can refer to it. I hope you will learn a lot after reading this article. Let's take a look at it.

One: preface

Harbor uses a role-based access control policy. When pulling an image from Harbor, authentication must be carried out first, and only after the authentication is passed can the image be pulled. In command line mode, you need to execute docker login first, and then you can docker pull after you have successfully logged in. Usually, when we use kubernetes in a private cloud environment, when we want to pull an image from docker registry, we will configure the docker daemo with the-insecure-registry attribute to tell docker daemo that the docker registry we are using is trusted, so that we can pull the image from the private docker registry. However, this method is not applicable if we want to use Harbor as the image repository for kubernetes. Let's see how to use Harbor as the image repository for kubernetes.

2: enable HTTPS configuration for Harbor

1. Generate ca certificate and key files (in the same way as when deploying Kubernetes)

CA profile ca-config.json

HarborIp/ca.crt

two。 Verify that the CA certificate is available

Verify whether you can successfully log in to harbor. Docker login harborIp. Make sure there are no errors: x509: certificate signed by unknown authority

3.kubernetes creates secret

Click (here) to collapse or open

Kubectl create secret docker-registry registry-secret-namespace=default-docker-server=harborIp-docker-username=desktop-docker-password=Weinongopde-docker-email=273936024@qq.com

Desktop is the user created in harbor and is already associated with the project.

4. Create a test busybox Pod

Busybox.yaml

Click (here) to collapse or open

ApiVersion: v1

Kind: Pod

Metadata:

Name: busybox

Namespace: default

Spec:

Containers:

-image: 120.79.156.135/desktop/busybox:latest

Command:

-sleep

-"3600"

ImagePullPolicy: IfNotPresent

Name: busybox

RestartPolicy: Always

ImagePullSecrets:

-name: registry-secret

Kubectl create-f busybox.yaml successfully mirrors busybox:latest from Harbor private mirror library and creates Pod

Thank you for reading this article carefully. I hope the article "how to use Harbor as a private image warehouse in kubernetes" shared by the editor will be helpful to you. At the same time, I also hope you will support us and follow the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.