我可以通过以下操作获取私人图像:
-
使用在GitHub中创建个人令牌
repo
通道
-
构建图像并将其推送到GitHub的容器注册表(我使用
okteto build -t ghcr.io/rberrelleza/go-getting-started:0.0.1
)
-
下载我的
kubeconfig credentials
从Okto Cloud通过运行
okteto context update-kubeconfig
.
-
使用我的凭据创建一个秘密:
kubectl create secret docker-registry gh-regcred --docker-server=ghcr.io --docker-username=rberrelleza --docker-password=ghp_XXXXXX
-
对默认帐户进行了修补,以将该机密作为图像拉取机密:
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "gh-regcred"}]}'
-
更新了kubernetes清单中的图像名称
-
创建了部署(
kubectl apply -f k8s.yaml
)
以下是我的kubernetes资源的样子,以防有所帮助:
# k8s.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-world
spec:
replicas: 1
selector:
matchLabels:
app: hello-world
template:
metadata:
labels:
app: hello-world
spec:
containers:
- image: ghcr.io/rberrelleza/go-getting-started:0.0.1
name: hello-world
---
apiVersion: v1
kind: Service
metadata:
name: hello-world
annotations:
dev.okteto.com/auto-ingress: "true"
spec:
type: ClusterIP
ports:
- name: "hello-world"
port: 8080
selector:
app: hello-world
# default SA
apiVersion: v1
imagePullSecrets:
- name: gh-regcred
- name: okteto-regcred
kind: ServiceAccount
metadata:
creationTimestamp: "2021-05-21T22:26:38Z"
name: default
namespace: rberrelleza
resourceVersion: "405042662"
uid: 2b6a6eef-2ce7-40d3-841a-c0a5497279f7
secrets:
- name: default-token-7tm42
