1. 通过 kubectl create 添加
1
| kubectl create secret docker-registry mypullsecret --docker-server=harbor.chenshaowen.com --docker-username=robot-test --docker-password=xxxxxx
|
通过 kubectl create 可以直接添加拉取镜像的凭证。
2. 通过 ~/.docker/config.json 添加
1
| docker login harbor.chenshaowen.com:5000
|
1
| docker login harbor.chenshaowen.com
|
可以添加多个。
1
2
3
4
5
6
7
8
9
10
11
12
| cat ~/.docker/config.json
{
"auths": {
"harbor.chenshaowen.com:5000": {
"auth": "xxxxxx"
},
"harbor.chenshaowen.com": {
"auth": "xxxxxx"
}
}
}
|
1
2
3
| cat ~/.docker/config.json |base64 -w 0
base64XXXXXXXXXXXXXXXXXXXXXX
|
这里有一个细节,如果编码没有 -w 0 参数,创建负载时可能会遇到 Failed to pull image "harbor.chenshaowen.com:5000/library/nginx:latest": illegal base64 data at input byte 60 的错误。
-w 0 的含义是编码之后,不用换行对齐,而是输出完整的一行数据。
利用上面得到的 Base64 编码的凭证创建 Secret。
1
2
3
4
5
6
7
8
9
| cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: mypullsecret
data:
.dockerconfigjson: base64XXXXXXXXXXXXXXXXXXXXXX
type: kubernetes.io/dockerconfigjson
EOF
|
3. 负载测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: a1
spec:
replicas: 1
selector:
matchLabels:
app: a1
template:
metadata:
labels:
app: a1
spec:
containers:
- name: a1
image: harbor.chenshaowen.com:5000/library/nginx:latest
imagePullPolicy: Always
imagePullSecrets:
- name: mypullsecret
EOF
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: a2
spec:
replicas: 1
selector:
matchLabels:
app: a2
template:
metadata:
labels:
app: a2
spec:
containers:
- name: a2
image: harbor.chenshaowen.com/library/nginx:latest
imagePullPolicy: Always
imagePullSecrets:
- name: mypullsecret
EOF
|
1
| kubectl delete deployments.apps a2 a1
|
