鍦ㄨ繖绡囨枃绔犱腑锛屾垜灏嗗悜鎮ㄥ睍绀哄浣曞湪Kubernetes涓娇鐢╥magePullSecrets銆俰magePullSecrets绠€浠婯ubernetes浣跨敤imagePullSecrets鍦ㄦ瘡涓狿od鎴栨瘡涓懡鍚嶇┖闂寸殑鍩虹涓婇獙璇佺鏈夊鍣ㄦ敞鍐岃〃銆備负姝わ紝浣犻渶瑕佸垱寤轰竴涓猻ecret鍜宑redentials锛歿%notewarning%}鈿狅笍璀﹀憡锛氱幇鍦ㄩ殢鐫€鍏叡闀滃儚浠撳簱锛堝锛歞ocker.io绛夛級寮€濮嬮檺鍒跺尶鍚嶇敤鎴凤紝閰嶇疆public韬唤浠撳簱璁よ瘉涔熷彉寰楀繀瑕併€倇%灏炬敞%}kubectlcreatesecretdocker-registryimage-pull-secret\-n\--docker-server=\--docker-username=\--docker-password=\--docker-email=渚嬪閰嶇疆docker.io鐨刾ullsecret:kubectlcreatesecretdocker-registryimage-pull-secret-src\-nimagepullsecret-patcher\--docker-server=docker.io\--docker-username=caseycui\--docker-password=c874d654-xxxx-40c6-xxxx-xxxxxxxx89c2\--docker-email=cuikaidong@foxmail銆俢om{%noteinfo%}鈩癸笍淇℃伅锛氬鏋滃湪docker.io涓婂惎鐢ㄤ簡鈥?-stageauthentication鈥濓紝浣犲彲鑳介渶瑕佸垱寤轰竴涓狝ccessToken锛堝搴斾笂闈㈢殑docker-password锛屽垱寤洪摼鎺ュ湪杩欓噷锛欰ccount->瀹夊叏鎬%endnote%}鐜板湪鎴戜滑鍙互鍦╬od涓娇鐢ㄨ繖涓瀵嗘潵涓嬭浇docker闀滃儚锛歛piVersion:v1kind:Podmetadata:name:busyboxnamespace:private-registry-testspec:containers:-name:my-appimage:my-private-registry.infra/busybox:v1imagePullSecrets:-name:image-pull-secret鍙︿竴绉嶆柟娉曟槸灏嗗叾娣诲姞鍒板懡鍚嶇┖闂村湪榛樿ServiceAccount:kubectlpatchserviceaccountdefault\-p"{\"imagePullSecrets\":[{\"name\":\"image-pull-secret\"}]}"\-n涓璌8S闆嗙兢鑼冨洿鍐呬娇鐢╥magePullSecrets鎴戝彂鐜颁簡涓€涓悕涓篿magepullsecret-patch鐨勫伐鍏凤紝瀹冨彲浠ュ湪浣犳墍鏈夌殑鍛藉悕绌洪棿涓婃墽琛屾鎿嶄綔锛歸gethttps://raw.githubusercontent.com/titansoft-pte-ltd/imagepullsecret-patcher/185aec934bd01fa9b6ade2c44624e5f2023e2784/deploy-example/kubernetes-manifest/1_rbac.yamlwgethttps://raw.githubusercontent.com/titansoft-pte-ltd/imagepullsecret-patcher/master/deploy-example/kubernetes-manifest/2_deployment.yamlkubectlcreatensimagepullsecret-patcher瑕佺紪杈戜笅杞界殑鏂囦欢锛屾偍涓€鑸渶瑕佷慨鏀筰mage-pull-secret-src鐨勫唴瀹癸紝杩欎釜pullsecret浼氬簲鐢ㄥ埌K8S闆嗙兢鑼冨洿nano1_rbac.yamlnano2_deployment.yamlkubectlapply-f1_rbac.yamlkubectlapply-f2_deployment.yaml杩欓噷鍚庨潰鍒涘缓鐨勮祫婧愭槸锛歂ameSpaceRBAC鏉冮檺鐩稿叧锛歩magepullsecret-patcherServiceAccountimagepullsecret-patcherClusterRole锛屾嫢鏈塻erviceaccount鍜宻ecretimagepatchClusterRoleBinding鐨勬墍鏈夋潈闄愶紝鎺堜簣imagepullsecret-patcherClusterRole瀵筰magepullsecret-patcherServiceAccount鐨勬潈闄愩€俫lobalpullsecretimage-pull-secret-src锛岄噷闈㈠寘鍚簡浣犵殑K8S鍏ㄥ眬鍖呭惈鐨勬墍鏈夐暅鍍忓簱鍦板潃鍜岃璇佷俊鎭€侱eploymentimagepullsecret-patcher锛屾寚瀹歋erviceAccount涓篿magepullsecret-patcher锛屽皢鎷ユ湁鎿嶄綔serviceaccount鍜宻ecret鐨勬墍鏈夋潈闄愶紝灏嗕笂闈㈢殑secret鎸傝浇鍒癉eploymentpod涓€傚彲浠ュ寘鍚涓暅鍍忎粨搴撳湴鍧€鍜岃璇佷俊鎭紝濡傦細.com","auth":"Y2FzxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxWMy"},"quay.io":{"auth":"ZWFzdxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxlXWmpNPQ==","email":""}}}base64缂栫爜鍚庡啓鍒皊ecret鐨?dockerconfigjson瀛楁鍗冲彲鐢細apiVersion锛歷1kind锛歋ecretmetadata锛氬悕绉帮細image-pull-secret-src鍛藉悕绌洪棿锛歩magepullsecret-patcherdata锛?dockerconfigjson锛?-eyJhdXRocyI6eyJkb2NrZXIuaW8iOnsidXNlcm5hbWUiOiJjYXNleWN1aSIsInB....................................IiwiZW1haWwiOiIifX19type:kubernetes.io/dockerconfigjson鍚姩鍚庯紝pod浼氬湪鎵€鏈塏ameSpaces涓嬪垱寤篿mage-pull-secretsecret锛堝唴瀹规潵鑷猧mage-pull-secret-src锛夊苟patch鍒伴粯璁ゆ湇鍔¤处鍙峰拰K8S闆嗙兢鐨勬墍鏈塖erviceAccounts.鏃ュ織濡備笅锛歵ime="2022-01-12T16:07:30Z"level=infomsg="Applicationstarted"time="2022-01-12T16:07:30Z"level=infomsg="[default]Createdsecret"time="2022-01-12T16:07:30Z"level=infomsg="[default]灏唅magePullSecrets淇ˉ鍒版湇鍔″笎鎴穂default]"time="2022-01-12T16:07:30Z"level=infomsg="[kube-system]Createdsecret"time="2022-01-12T16:07:31Z"level=infomsg="[kube-system]灏唅magePullSecrets淇ˉ鍒版湇鍔″笎鎴穂node-controller]"...鏃堕棿="2022-01-12T16:07:37Z"level=infomsg="[kube-public]鍒涘缓绉樺瘑"time="2022-01-12T16:07:37Z"level=infomsg="[kube-public]灏唅magePullSecrets淇ˉ鍒版湇鍔″笎鎴穂榛樿]"time="2022-01-12T16:07:38Z"level=infomsg="[kube-node-lease]鍒涘缓绉樺瘑"time="2022-01-12T16:07:38Z"level=infomsg="[kube-node-lease]灏唅magePullSecrets淇ˉ鍒版湇鍔″笎鎴穂default]"time="2022-01-12T16:07:38Z"level=infomsg="[prometheus]Createdsecret"time="2022-01-12T16:07:39Z"level=infomsg="[prometheus]灏唅magePullSecrets淇ˉ鍒版湇鍔″笎鎴穂榛樿]"...time="2022-01-12T16:07:41Z"level=infomsg="[imagepullsecret-patcher]Createdsecret"time="2022-01-12T16:07:41Z"level=infomsg="[imagepullsecret-patcher]灏唅magePullSecrets淇ˉ鍒版湇鍔″笎鎴穂榛樿]"time="2022-01-12T16:07:41Z"level=infomsg="[imagepullsecret-patcher]宸插皢imagePullSecrets淇ˉ鍒版湇鍔″笎鎴穂imagepullsecret-patcher]"浠ュ悗鎴戜滑鍙渶瑕佹洿鏂癷mage-pull-secret-src杩欎釜鍗冲彲浜嗮煈嶏笍馃憤锔忦煈嶏笍KyvernopolicyKyvernopolicy鍙互杈惧埌鍚屾牱鐨勬晥鏋滐細apiVersion:kyverno.io/v1kind:ClusterPolicymetadata:name:sync-secretspec:background:falserules:-name:sync-image-pull-secretmatch:resources:kinds:-Namespacegenerate:kind:Secretname:image-pull-secretnamespace:"{{request.object.metadata.name}}"synchronize:trueclone:namespace:defaultname:image-pull-secret---apiVersion:鍩洪煢灏旇銆俰o/v1kind:ClusterPolicymetadata:name:mutate-imagepullsecretspec:rules:-name:mutate-imagepullsecretmatch:resources:kinds:-Podmutate:patchStrategicMerge:spec:imagePullSecrets:-name:image-pull-secret##浣犲垱寤虹殑imagePullSecretwithdockerhubproaccount(containers):-(image):"*"##鍖归厤鎵€鏈夊鍣ㄩ暅鍍忔湰鏂囩敱澶氬彂鍗氭枃骞冲彴OpenWrite鍙戝竷锛?/p>
