日日操夜夜添-日日操影院-日日草夜夜操-日日干干-精品一区二区三区波多野结衣-精品一区二区三区高清免费不卡

公告:魔扣目錄網為廣大站長提供免費收錄網站服務,提交前請做好本站友鏈:【 網站目錄:http://www.ylptlb.cn 】, 免友鏈快審服務(50元/站),

點擊這里在線咨詢客服
新站提交
  • 網站:51998
  • 待審:31
  • 小程序:12
  • 文章:1030137
  • 會員:747

kubernetes之基于ServiceAccount拉取私有鏡像

發布時間:2023-07-02 23:16:59 作者:網友整理

前面可以通過ImagPullPolicy和ImageullSecrets指定下載鏡像的策略,ServiceAccount也可以基于spec.imagePullSecret字段附帶一個由下載鏡像專用的Secret資源組成的列表,用于在容器創建時,從某個私有鏡像倉庫下載鏡像文件之前的服務認證。

1.創建Secrets資源

這里根據自己的實際去定義即可;一定要是對方的地址和認證信息;否則無法pull/push

root@ks-master01-10:~# kubectl create secret Docker-registry 
> aliyun-haitang-registry 
> --docker-server=registry.cn-hangzhou.aliyuncs.com 
> --docker-username=xxxxxxx
> --docker-password=xxxxxx
secret/aliyun-haitang-registry created

1.1查看Secrets

root@ks-master01-10:~#  kubectl describe secret aliyun-haitang
Name:         aliyun-haitang
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  kube.NETes.io/dockerconfigjson

Data
====
.dockerconfigjson:  140 bytes

2.創建ServiceAccount

2.1不設置任何策略,測試是否能拉取私有倉庫鏡像

此處不配置任何鏡像拉取策略,測試是否能拉取私有倉庫鏡像;

root@ks-master01-10:~#  cat pod-serviceaccount-secret.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: stree-serviceaccount
spec:
  containers:
  - name: stree
    image: registry.cn-hangzhou.aliyuncs.com/lengyuye/stress:latest

2.2查看Pod,處于ErrImage

root@ks-master01-10:~# kubectl get pods
NAME                                      READY   STATUS         RESTARTS       AGE
stree-serviceaccount                      0/1     ErrImagePull   0              8s

2.3describe查看Events

可以看到事件,是Docker認證的問題;

root@ks-master01-10:~# kubectl describe pods stree-serviceaccount
Events:
  Type     Reason     Age               From               Message
  ----     ------     ----              ----               -------
  Normal   Scheduled  20s               default-scheduler  Successfully assigned default/stree-serviceaccount to ks-node02-12
  Normal   BackOff    17s               kubelet            Back-off pulling image "registry.cn-hangzhou.aliyuncs.com/lengyuye/stress:latest"
  Warning  Failed     17s               kubelet            Error: ImagePullBackOff
  Normal   Pulling    2s (x2 over 19s)  kubelet            Pulling image "registry.cn-hangzhou.aliyuncs.com/lengyuye/stress:latest"
  Warning  Failed     2s (x2 over 18s)  kubelet            Failed to pull image "registry.cn-hangzhou.aliyuncs.com/lengyuye/stress:latest": rpc error: code = Unknown desc = Error response from daemon: pull access denied for registry.cn-hangzhou.aliyuncs.com/lengyuye/stress, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
  Warning  Failed     2s (x2 over 18s)  kubelet            Error: ErrImagePull

2.4創建ServiceAccount

aliyun-haitang是docker-registry類型的Secrets對象,由用戶提前手動創建,它可以通過鍵值數據提供docker倉庫服務器的地址,接入服務器的用戶名,密碼及用戶的電子郵件信息等,認證通過后,引用ServiceAccount的Pod資源即可從指定的鏡像倉庫下載image。

root@ks-master01-10:~# cat serviceaccount-imagepullsecret.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
   name: imagepull-aliyun-sa
imagePullSecrets:
- name: aliyun-haitang
root@ks-master01-10:~# kubectl Apply -f serviceaccount-imagepullsecret.yaml 
serviceaccount/imagepull-aliyun-sa created

2.5查看SA

root@ks-master01-10:~# kubectl get sa imagepull-aliyun-sa -o yaml
apiVersion: v1
imagePullSecrets:
- name: aliyun-haitang
kind: ServiceAccount
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","imagePullSecrets":[{"name":"aliyun-haitang"}],"kind":"ServiceAccount","metadata":{"annotations":{},"name":"imagepull-aliyun-sa","namespace":"default"}}
  creationTimestamp: "2022-09-07T02:31:05Z"
  name: imagepull-aliyun-sa
  namespace: default
  resourceVersion: "226300"
  uid: fabc93b1-572c-4703-a2dd-465d4e0915cb
secrets:
- name: imagepull-aliyun-sa-token-vf67z

2.6Pod引用ServiceAccount

root@ks-master01-10:~# cat pod-serviceaccount-secret.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: stree-serviceaccount   
spec:
  serviceAccount: imagepull-aliyun-sa   # 這里則是創建的sa的名稱
  containers:
  - name: stree
    image: registry.cn-hangzhou.aliyuncs.com/lengyuye/stress:latest
root@ks-master01-10:~/rbac# kubectl apply -f pod-serviceaccount-secret.yaml 
pod/stree-serviceaccount created

3.創建Pod測試;

3.1查看Pod

root@ks-master01-10:~# kubectl get pods
NAME                                      READY   STATUS    RESTARTS       AGE
stree-serviceaccount                      1/1     Running   0              8s

3.2describe查看事件

root@ks-master01-10:~# kubectl describe pods stree-serviceaccount
Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  3m36s  default-scheduler  Successfully assigned default/stree-serviceaccount to ks-node02-12
  Normal  Pulling    3m35s  kubelet            Pulling image "registry.cn-hangzhou.aliyuncs.com/lengyuye/stress:latest"
  Normal  Pulled     3m33s  kubelet            Successfully pulled image "registry.cn-hangzhou.aliyuncs.com/lengyuye/stress:latest" in 1.729555429s
  Normal  Created    3m33s  kubelet            Created container stree
  Normal  Started    3m33s  kubelet            Started container stree

3.3查看詳細信息

root@ks-master01-10:~# kubectl get pods stree-serviceaccount -o yaml
  imagePullSecrets:
  - name: aliyun-haitang
  nodeName: ks-node02-12
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: imagepull-aliyun-sa
  serviceAccountName: imagepull-aliyun-sa

分享到:
標簽:kubernetes
用戶無頭像

網友整理

注冊時間:

網站:5 個   小程序:0 個  文章:12 篇

  • 51998

    網站

  • 12

    小程序

  • 1030137

    文章

  • 747

    會員

趕快注冊賬號,推廣您的網站吧!
最新入駐小程序

數獨大挑戰2018-06-03

數獨一種數學游戲,玩家需要根據9

答題星2018-06-03

您可以通過答題星輕松地創建試卷

全階人生考試2018-06-03

各種考試題,題庫,初中,高中,大學四六

運動步數有氧達人2018-06-03

記錄運動步數,積累氧氣值。還可偷

每日養生app2018-06-03

每日養生,天天健康

體育訓練成績評定2018-06-03

通用課目體育訓練成績評定