基于现有的Docker凭证文件创建Secret
refrence: kubernetes-pull image private registry
A Kubernetes cluster uses the Secret of docker-registry type to authenticate with a container registry to pull a private image.
If you already ran docker login, you can copy that credential into Kubernetes:
kubectl create secret generic regcred \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
--type=kubernetes.io/dockerconfigjson
If you need more control (for example, to set a namespace or a label on the new secret) then you can customise the Secret before storing it. Be sure to:
- set the name of the data item to
.dockerconfigjson - base64 encode the docker file and paste that string, unbroken as the value for field
data[".dockerconfigjson"] - set type to
kubernetes.io/dockerconfigjson
If you get the error message
error: no objects passed to create, it may mean the base64 encoded string is invalid. If you get an error message like
Secret "myregistrykey" is invalid:
data[.dockerconfigjson]: invalid value ...
, it means the base64 encoded string in the data was successfully decoded, but could not be parsed as a .docker/config.json file.