时间戳

首页 > 解决方案 > Kubernetes 使用图像拉取密钥创建 StatefulSet?

kubernetes - Kubernetes 使用图像拉取密钥创建 StatefulSet?

问题描述

对于 Kubernetes 部署,我们可以指定 imagePullSecrets 以允许它从我们的私有注册表中提取 Docker 映像。但据我所知,StatefulSet 不支持这个?

如何为我的 StatefulSet 提供 pullsecret?

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: redis
  namespace: {{ .Values.namespace }}
  labels:
    app: redis
spec:
  replicas: 1
  selector:
    matchLabels:
      app: redis
  serviceName: redis-service
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: redis
    spec:
      terminationGracePeriodSeconds: 10
      # imagePullSecrets not valid here for StatefulSet :-(
      containers:
        - image: {{ .Values.image }}

标签: kuberneteskubernetes-helm

解决方案

StatefulSet支持imagePullSecrets。您可以按如下方式进行检查。

$ kubectl explain statefulset.spec.template.spec --api-version apps/v1
:
   imagePullSecrets <[]Object>
     ImagePullSecrets is an optional list of references to secrets in the same
     namespace to use for pulling any of the images used by this PodSpec. If
     specified, these secrets will be passed to individual puller
     implementations for them to use. For example, in the case of docker, only
     DockerConfig type secrets are honored. More info:
     https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
:

例如,您可以尝试以下示例是否StatefulSet可以先在您的集群中创建。

$ kubectl create -f - <<EOF
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: web
spec:
  serviceName: "nginx"
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      imagePullSecrets:
      - name: YOUR-PULL-SECRET-NAME
      containers:
      - name: nginx
        image: k8s.gcr.io/nginx-slim:0.8
        ports:
        - containerPort: 80
          name: web
EOF

$ kubectl get pod web-0 -o yaml | \
  grep -E '^[[:space:]]+imagePullSecrets:' -A1
  imagePullSecrets:
  - name: YOUR-PULL-SECRET-NAME

推荐阅读