1. Node使用docker login阿里云的私有仓库,保证调度过来pod时可以及时拉取到镜像
docker login --username=xxx@hotmail.com registry.cn-hangzhou.aliyuncs.com
2. 需要在master上生成secret秘钥
kubectl create secret docker-registry alidockerregistryssecret --docker-server=registry.cn-hangzhou.aliyuncs.com --docker-username=xxx --docker-password=xxx --docker-email=xxxx@xxx.com
说明:
alidockerregistryssecret :指定秘钥的键名称,可自行定义
--docker-server :指定docker仓库的地址
--docker-username :指定docker仓库账号
--docker-password :指定docker仓库密码
--docker-email: 指定docker邮件地址(选填)
alidockerregistryssecret 只能在默认namespace下使用,其他要使用则在创建时指定namespace(-n xxx)
3.将ImagePullSecrets添加到default
kubectl patch serviceaccount default -p ‘{"imagePullSecrets": [{"name": "alidockerregistryssecret"}]}‘
4. deployment,并执行kubectl create -f alidocker.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: centos-test
labels:
app: centos-test
spec:
replicas: 2
selector:
matchLabels:
app: centos-test
template:
metadata:
labels:
app: centos-test
spec:
serviceAccountName: default
imagePullSecrets:
- name: alidockerregistryssecret
containers:
- name: centos-test
image: registry.cn-hangzhou.aliyuncs.com/mj_ns/centos7:jre-slim
imagePullPolicy: IfNotPresent
command: ["/bin/bash"]
args: ["-c", "while true; do echo ‘Hello World‘; sleep 10;done"]
ports:
- containerPort: 80