Gitlab Runner 使用私有Harbor仓库中的镜像#
遇到的问题:#
gitlabCI K8s Runner 中, 无法从私有仓库下载私有镜像.
1
2
3
4
5
| kubectl create secret docker-registry harbor-redstarclouds-secret \
--namespace redstarclouds-ci \
--docker-server=https://harbor.redstarclouds.com \
--docker-username="harbor$ci" \
--docker-password="xxxxxxx"
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| gitlabUrl: http://xxxxx:xxx
runnerRegistrationToken: xxxxx
rbac:
create: true
runners:
imagePullSecrets: ["harbor-redstarclouds-secret"]
privileged: true
config: |
[[runners]]
name = "arch-k8s-runner"
executor = "kubernetes"
[runners.kubernetes]
allowed_pull_policies = ["always", "if-not-present"]
|
- 报错如下
问题复现#
- 创建Harbor机器人账户,创建后,Harbor会自动添加前缀 ‘harbor$’
- 例如: 新建账户名称为
ci,则最后使用账户名称为harbor$ci
- 创建k8s secret
1
2
3
4
5
| kubectl create secret docker-registry harbor-redstarclouds-secret \
--namespace redstarclouds-ci \
--docker-server=https://harbor.redstarclouds.com \
--docker-username="harbor$ci" \
--docker-password="xxxxxxx"
|
- 使用 k8s secret
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| apiVersion: apps/v1
kind: Deployment
metadata:
name: maven-deployment
labels:
app: maven
spec:
replicas: 5
selector:
matchLabels:
app: maven
template:
metadata:
labels:
app: maven
spec:
imagePullSecrets:
- name: harbor-redstarclouds-secret
containers:
- name: maven
image: harbor.redstarclouds.com/archgroup/maven:3.8.6-openjdk-8-slim
ports:
- containerPort: 80
command: ["/bin/sh"]
args: ["-c","while true;do echo hello;sleep 1;done"]
|
执行$ kubectl apply -f deployment.yml -n redstarclouds-ci
执行$ kubectl describe pods -n redstarclouds-ci 显示镜像获取异常
问题原因#
原因是因为账户中,存在特殊字符$ ,在创建secret 时,需要使用反斜杠\进行转义
按照如下方式创建secret,即可解决.
1
2
3
4
5
| kubectl create secret docker-registry harbor-redstarclouds-secret \
--namespace redstarclouds-ci \
--docker-server=https://harbor.redstarclouds.com \
--docker-username="harbor\$ci" \
--docker-password="xxxxxxx"
|