Shulou(Shulou.com)06/02 Report--

1. kubernetes pull private image test

Create a secret (two ways to create it, one command, the second file)

My private repository is as follows:

reg.k8s.test.comureg.k8s.test.coma. The requested URL/docker/daemon/was not found on this server.

Modify docker 's/etc/docker/daemon. json file in all nodes to modify the insecure-registries parameter. Must include the address of the private repository above:

{"registry-mirrors": [ "https://registry.docker-cn.com"],"insecure-registries":["reg.k8s.test.com","ureg.k8s.test.com","uhub.service.ucloud.cn"]}

Restart docker service

systemctl restart docker

###Method 1. Using files to generate secrets

Generate~/. docker/config. json config file [root@ip-172 - 31 - 10 - 110~]#docker login reg.k8s.test.comUsername: lvnianPassword: WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded[root@ip-172-31-10-110 ~]# [root@ip-172-31-10-110 ~]# docker login ureg.k8s.test.comUsername: lvnianPassword: WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded[root@ip-172-31-10-110 ~]# ll ~/.docker/config.json -rw------- 1 root root 261 Nov 8 13:21 /root/.docker/config.json

Test password success, push images to private repository

[root@ip-172-31-10-110 ~]# docker pull nginxUsing default tag: latestlatest: Pulling from library/nginxf17d81b4b692: Pull complete 82dca86e04c3: Pull complete 046ccb106982: Pull complete Digest: sha256:d59a1aa7866258751a261bae525a1842c7ff0662d4f34a355d5f36826abc0341Status: Downloaded newer image for nginx:latest[root@ip-172-31-10-110 ~]# docker tag nginx ureg.k8s.test.com/test/nginx[root@ip-172-31-10-110 ~]# docker push ureg.k8s.test.com/test/nginxThe push refers to repository [ureg.k8s.test.com/test/nginx]ad9ac0e6043b: Pushed 6ccbee34dd10: Pushed 237472299760: Pushed latest: digest: sha256:427498d66ad8a3437939bb7ef613fe76458b550f6c43b915d8d4471c7d34a544 size: 948[root@ip-172-31-10-110 ~]# docker tag nginx reg.k8s.test.com/test/nginx[root@ip-172-31-10-110 ~]# docker push reg.k8s.test.com/test/nginxThe push refers to repository [reg.k8s.test.com/test/nginx]ad9ac0e6043b: Layer already exists 6ccbee34dd10: Layer already exists 237472299760: Layer already exists latest: digest: sha256:427498d66ad8a3437939bb7ef613fe76458b550f6c43b915d8d4471c7d34a544 size: 948

Password's fine.

Get base64-w 0~/. docker/config. json ciphertext

[root@ip-172 - 31 - 10 - 110~]#base64-w 0~/. docker/config.jsonewoJImF1dGhjNWdlpHVnVaenB5Wld4aFFFeFdUa2xCVGtBeU1ERTMiCgkJfSwKCQkidXJlZy5rOHMueXVud2VpLnJlbGEubWUiOiB7CgkJCSJhdXRoI@ogIloyRnZaM1Z2WkdWdVp6cHlaV3hoUUV4V1RrbEJUa0F5TURFMyIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDYuMS1jZSAobGlGln udXgpIgoJfQp9 [root@ip-172 - 31 - 10 - 110~]#Create Secret ##vim secret. yamlapiVersion: v1kind: Secretmetadata: name: regsecret namespace: defaultdata: .dockerconfigjson: ewoJImF1dGhjNWdlpHVnVaenB5Wld4aFFFeFdUa2xCVGtBeU1ERTMiCgkJfSwKCQkidXJlZy5rOHMueXVud2VpLnJlbGEubWUiOiB7CgkJCSJhdXRoIjogIloyRnZaM1Z2WkdWdVp6cHlaV3hoUUV4V1RrbEJUa0F5TURFMyIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDYuMS1jZSAobGludXgpIgoJfQp9type: kubernetes.io/dockerconfigjson

kubectl create -f secret.yaml \

kubectl describe Secret regsecret

Create deployment test to see if you can pull images of private repositories [root@ip-172 - 31 - 10 - 110~]#vim test. yamlapiVersion: extensions/v1 beta1 kind: Deploymentmetadata: name: dentestreplcspec: replicas: 1 template: metadata: labels: name: dentestreplace spec: containers: - name: dentestreplace imagePullPolicy: Always image: ureg.k8s.test.com/rela_dev/logreport:latest imagePullSecrets: - name: regsecret[root@ip-172-31-10-110 ~]# kubectl create -f test.yaml[root@ip-172-31-10-110 ~]# kubectl describe po/dentestreplce-6f788968fb-dr768 ... Volumes: default-token-tfmc8: Type: Secret (a volume populated by a Secret) SecretName: default-token-tfmc8 Optional: falseQoS Class: BestEffortNode-Selectors: Tolerations: Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 57s default-scheduler Successfully assigned dentestreplce-6f788968fb-dr768 to 172.31.40.120 Normal SuccessfulMountVolume 57s kubelet, 172.31.40.120 MountVolume.SetUp succeeded for volume "default-token-tfmc8" Normal Pulling 57s kubelet, 172.31.40.120 pulling image "ureg.k8s.test.com/rela_dev/logreport:latest" Normal Pulled 15s kubelet, 172.31.40.120 Successfully pulled image "ureg.k8s.test.com/rela_dev/logreport:latest" Normal Created 15s kubelet, 172.31.40.120 Created container Normal Started 15s kubelet, 172.31.40.120 Started container[root@ip-172-31-10-110 ~]#

Check the results, success. The above is using the first private repository, and the second test is the same.

Note that you must make sure that the private repository already has the image ureg.k8s.test.com/rela_dev/logreport:latest

Another private reference is tested in the same way.

Method 2:

Create Secret with Command

The order reads as follows:

kubectl create secret docker-registry regsecret --docker-server=ureg.k8s.test.com --docker-username=lvnian --docker-password=LVNIAN@2017 --docker-email=lvnian@rela.me

of which:

regsecret: Specify the key name of the key, you can define it yourself--docker-server: specify docker repository address--docker-username: specify docker repository account--docker-password: specify docker repository password--docker-email: specify email address-n: namespace, create in that namespace, you can only use this secret in that namespace

The other steps are the same as above.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.