Kunbernetes从私有仓库nexus拉取镜像

1.docker登陆认证

[root@master ~]# vim /etc/docker/daemon.json
{
 "insecure-registries": ["10.0.1.99:5000"]
}

进行登录认证才能进行后续的操作，私有镜像仓库登录认证的语法和格式：docker login <nexus-hostname>:<repository-port>

[root@master ~]# docker login 10.0.1.99:500
Username(admin): admin
Password:
login Succeeded
[root@master ~]# 

登录时，需要提供用户名和密码。认证的信息会被保存在~/.docker/config.json文件，在后续与私有镜像仓库交互时就可以被重用，而不需要每次都进行登录认证。

[root@master ~]# cat ./.docker/config.json 
{
    "auths": {
        "10.0.1.99:5000": {
            "auth": "YWRtaW46aGFpcGFpMTIzQA=="
        },
        "134.205.136.89:5000": {
            "auth": "YWRtaW46aGFpcGFpMTIzQA=="
        }
    },
    "HttpHeaders": {
        "User-Agent": "Docker-Client/18.09.6 (linux)"
    }
}

2.Kubernetes从私有镜像拉取镜像

在使用私有镜像拉取镜像时，需要为私有镜像仓库创建一个镜像仓库的密钥，并在创建容器中进行引用。创建镜像仓库的语法和格式：kubectl create secret docker–registry <regsecret-name> —docker–server=<your–registry–server> —docker–username=<your–name> —docker–password=<your–pword> —docker–email=<your–email>。

<regsecret-name>：所创建的私有镜像仓库密钥的名称；
<your-registry-server>：为镜像仓库的服务器地址；
<your-name>：登录镜像仓库的用户名；
<your-pword>：登录镜像仓库的密码；
<your-email>：用户的邮箱地址。

//--docker-server=10.0.1.99:5000 值不要加http://        
[root@master ~]# kubectl create secret docker-registry mysecret --docker-server=10.0.1.99:5000 --docker-username=admin --docker-password=123456 --docker-email=yiyo@126.com
[root@master ~]# kubectl get secret
NAME                  TYPE                                  DATA   AGE
default-token-pwlvv   kubernetes.io/service-account-token   3      5d7h
mysecret              kubernetes.io/dockerconfigjson        1      22h
mysql-root-password   Opaque                                1      3d
newsecret             kubernetes.io/dockerconfigjson        1      13h
[root@master ~]# 

定义拉取镜像的yaml

[root@master ~]# vim admin.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: dentestreplce
spec:
  replicas: 2
  template:
    metadata:
      labels:
        name: dentestreplace
    spec:
      containers:
      - name: dentestreplace
        imagePullPolicy: Always
        #imagePullPolicy: IfNotPresent
        image: 10.0.1.99:5000/test/travel-admin:1.0.0
        ports:
        - containerPort: 8001
      imagePullSecrets:
      - name: mysecret        //我们上面创建的secret的名称

创建Deployment

如果不成功就在每个节点做开头第一步操作

root@master test]# kubectl apply -f admin.yaml 
deployment.extensions/dentestreplce created
[root@master test]# kubectl get pod -o wide
NAME                             READY   STATUS    RESTARTS   AGE     IP             NODE     NOMINATED NODE   READINESS GATES
dentestreplce-5759f6c9b6-89r8r   1/1     Running   0          48s     10.244.1.100   node01   <none>           <none>
dentestreplce-5759f6c9b6-d2p2x   1/1     Running   0          48s     10.244.3.91    node02   <none>           <none>

//查看过程
[root@master test]# kubectl  describe pod dentestreplce-5759f6c9b6-89r8r
Name:               dentestreplce-5759f6c9b6-89r8r
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               node01/10.0.1.133
Start Time:         Thu, 16 May 2019 22:13:04 +0800
Labels:             name=dentestreplace
                    pod-template-hash=5759f6c9b6
Annotations:        <none>
Status:             Running
IP:                 10.244.1.100
Controlled By:      ReplicaSet/dentestreplce-5759f6c9b6
Containers:
  dentestreplace:
    Container ID:   docker://17c5b9e8878c194cfd020ebecb84b963851f37b9a7fc5cff11b2423475098445
    Image:          10.0.1.99:5000/test/travel-admin:1.0.0
    Image ID:       docker-pullable://10.0.1.99:5000/test/travel-admin@sha256:71eee17b1d9692343e8b91075bfff86676549aadf4ba440a0f0116183480a42f
    Port:           7001/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Thu, 16 May 2019 22:13:05 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-pwlvv (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  default-token-pwlvv:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-pwlvv
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  96s   default-scheduler  Successfully assigned default/dentestreplce-5759f6c9b6-89r8r to node01
  Normal  Pulling    91s   kubelet, node01    Pulling image "10.0.1.99:5000/test/travel-admin:1.0.0"
  Normal  Pulled     91s   kubelet, node01    Successfully pulled image "10.0.1.99:5000/test/travel-admin:1.0.0"
  Normal  Created    91s   kubelet, node01    Created container dentestreplace
  Normal  Started    90s   kubelet, node01    Started container dentestreplace
[root@master test]#