K8s集群从私有镜像仓库中拉取镜像

Node节点已经配置了docker私有库，docker pull镜像可以正常拉取，但是在k8s master节点创建deployment时，pod一直处于ImagePullBackOff,ErrImagePull状态来回切换。

kubectl describe pod 查看pod错误提示，看到Failed to pull image “xxx.xxx.xxx/job:latest”: rpc error: code = Unknown desc = Error response from daemon:pull access denied for xxx.xxx.xxx/job, repository does not exist or may require ‘docker login’: denied: requested access to the resource is denied

查了一会文档，为了方便以后操作，创建一个Secret，在deployment里指定imagePullSecrets，就可以正常拉取。

1.创建Secret

kubectl create secret docker-registry myregcred -n ceres\
     --docker-server=<your-registry-server> \
     --docker-username=<your-name> \
     --docker-password=<your-password> \
     --docker-email=<your-email> 

可以通过下面这个命令查看，docker私有仓库的详细信息

kubectl get secret myregcred -n ceres --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode

2.在deployment指定imagePullSecrets

---
apiVersion: apps/v1
kind: Deployment
metadata:
 name: ceres-job
 namespace: ceres
spec:
 selector:
   matchLabels:
     app: job
 replicas: 2
 template:
   metadata:
     labels:
       app: job
   spec:
     containers:
       - name: ceres-job
         image: xxx.xxx.xxx/ceres_k8s/job:latest
         ports:
           - containerPort: 8080
     imagePullSecrets:
       - name: myregcred

3.重新创建deployment，查看pod状态。

[root@m0001 ceres]# kubectl get pod -n ceres
NAME                         READY   STATUS    RESTARTS   AGE
ceres-job-77586dc854-9tmdt   1/1     Running   0          43m
ceres-job-77586dc854-jqhvb   1/1     Running   0          43m
[root@m0001 ceres]#

已经看到pod已经启动。