Pulling images from private registry in Kubernetes

2019-01-17 04:05发布

站内问答 / Docker
1143 5 5

I have built a 4 node kubernetes cluster running multi-container pods all running on CoreOS. The images come from public and private repositories. Right now I have to log into each node and manually pull down the images each time I update them. I would like be able to pull them automatically.

  1. I have tried running docker login on each server and putting the .dockercfg file in /root and /core
  2. I have also done the above with the .docker/config.json
  3. I have added secret to the kube master and added imagePullSecrets:
    • name: docker.io to the Pod configuration file.

When I create the pod i get the error message Error: 

image <user/image>:latest not found

If I log in and run docker pull it will pull the image. I have tried this using docker.io and quay.io.

5条回答
混吃等死
2楼-- · 2019-01-17 04:29

For centos7, the docker config file is under /root/.dockercfg

  1. echo $(cat /root/.dockercfg) | base64 -w 0

  2. Copy and paste result to secret YAML based on the old format:

    apiVersion:  v1
kind: Secret
metadata:
  name: docker-secret
  type: kubernetes.io/dockercfg
data:
  .dockercfg: <YOUR_BASE64_JSON_HERE>

And it worked for me, hope that could also help.

查看更多
0人赞 添加讨论(0) 举报
神经病院院长
3楼-- · 2019-01-17 04:31

Kubernetes supports a special type of secret that you can create that will be used to fetch images for your pods. More details here.

查看更多
0人赞 添加讨论(0) 举报
放我归山
4楼-- · 2019-01-17 04:31

To add to what @rob said, as of docker 1.7, the use of .dockercfg has been deprecated and they now use a ~/.docker/config.json file. There is support for this type of secret in kube 1.1, but you must create it using different keys/type configuration in the yaml:

First, base64 encode your ~/.docker/config.json:

cat ~/.docker/config.json | base64 -w0

Note that the base64 encoding should appear on a single line so with -w0 we disable the wrapping.

Next, create a yaml file: my-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: registrypullsecret
data:
  .dockerconfigjson: <base-64-encoded-json-here>
type: kubernetes.io/dockerconfigjson

-

$ kubectl create -f my-secret.yaml && kubectl get secrets

NAME                  TYPE                                  DATA
default-token-olob7   kubernetes.io/service-account-token   2
registrypullsecret    kubernetes.io/dockerconfigjson        1

Then, in your pod's yaml you need to reference registrypullsecret or create a replication controller:

apiVersion: v1
kind: Pod
metadata:
  name: my-private-pod
spec:
  containers:
    - name: private
      image: yourusername/privateimage:version
  imagePullSecrets:
    - name: registrypullsecret
查看更多
0人赞 添加讨论(0) 举报
放荡不羁爱自由
5楼-- · 2019-01-17 04:35

I can confirm that imagePullSecrets not working with deployment, but you can

kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
kubectl edit serviceaccounts default

Add

imagePullSecrets:
- name: myregistrykey

To the and after Secrets, save and exit. And its works. Tested with Kubernetes 1.6.7

查看更多
0人赞 添加讨论(0) 举报
贪生不怕死
6楼-- · 2019-01-17 04:37

If you need to pull an image from a private Docker Hub repository, you can use the following.

Create your secret key 

kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

secret "myregistrykey" created.

Then add the newly created key to your Kubernetes service account.

Retrieve the current service account

kubectl get serviceaccounts default -o yaml > ./sa.yaml

Edit sa.yaml and add the ImagePullSecret after Secrets

imagePullSecrets:
- name: myregistrykey

Update the service account 

kubectl replace serviceaccount default -f ./sa.yaml
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)