第一针方式
1.登陆私有镜像仓库
docker login reg.test.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
2.登陆成功之后,查看登陆配置文件,并转码
cat ~/.docker/config.json | base64 -w 0
记录转码后的信息
3.编辑secret的yaml文件
apiVersion: v1
kind: Secret
metadata:
name: registry-pull-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjMxLjYxIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCg6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXItQ2xpZW50LzE4LjA2LjEtY2UgKGxpbnV4KSIKCX0KfQ== #转码后的信息
type: kubernetes.io/dockerconfigjson
4.在指定的命名空间创建 registry-pull-secret
kubectl create -f registry-pull-secret.yaml
二.第二种方式创建
1.kubectl create secret docker-registry local-registry \
--docker-server=reg.test.com \ #docker 镜像的服务器地址
--docker-username=admin \
--docker-password=****** \
--docker-email=****** \
-n default
2.kubernetes资源的引用
apiVersion: v1
kind: Pod
metadata:
name: test-imagePullSecret
namespace: default
spec:
containers:
- name: ngiunx
image: reg.test.com/nginx
imagePullSecrets:
- name: myregistrykey
三.在所有命名空间创建registry-pull-secret.yaml的脚本
#!/bin/bash
ns_list=`kubectl get ns | awk '{print $1}' | grep -v NAME`
for ns in $ns_list;
do
kubectl create secret docker-registry imagePullSecret-registry \
--docker-server=服务器地址 \
--docker-username=admin \
--docker-password=****** \
--docker-email=****** \
-n $ns
done;
四.批量对kubernetes节点上面的容器打tag标签
docker images | grep reg.aone.htjs | awk '{print $1":"$2}' | while read -r line; do src=$line; dst="$(echo $line | sed "s/^reg.aone.htjs.net\/k8s\///")"; docker tag $src $dst; done
五.批量上传kubernetes节点镜像上传到镜像仓库
docker images | grep 'reg.aone.htjs.net' | awk '{print $1":"$2}' | while read -r line; do docker push $line; done