Original link of this article: https://blog.csdn.net/xzk9381/article/details/109570912
When using the K8S deployment service, if the specified mirror address is an internal mirror warehouse, a permission error may be reported when downloading the mirror. This is because when deploying services in K8S, K8S needs to go to Harbor for a verification. This verification is independent of using docker login to log in to Harbor in the node. Therefore, in order for K8S to be successfully verified, it is necessary to specify the secret for logging in to Harbor when deploying the service. For example, create the following Secret:
kubectl create secret docker-registry harbor-secret --namespace=default --docker-server=http://harbor.inner.com --docker-username=admin --docker-password=Harbor12345
- docker-registry: is a parameter that specifies the creation of a secret for Docker Registry
- harbor-secret: Specify the name of the secret
- --Namespace: Specify the namespace, and pay attention to keeping it consistent with the namespace of the deployment service, otherwise the secret cannot be referenced
After creation, you can use the following command to view:
[@k8s-master1 ~]# kubectl get secret -n default
NAME TYPE DATA AGE
default-token-qdgzk kubernetes.io/service-account-token 3 52d
harbor-secret kubernetes.io/dockerconfigjson 1 2d18h
Next, refer to the secret in the yaml file, an example is as follows:
spec:
containers:
- image: harbor.inner.com/alarm/alarm:prd-v1
imagePullPolicy: IfNotPresent
imagePullSecrets: # 添加该选项引用 secret
- name: harbor-secret # 指定 secret 的名称
Re-apply the yaml file.
Original link of this article: https://blog.csdn.net/xzk9381/article/details/109570912