[zh] sync /containers/images.md
windsonsea
parent
45fc4852fe
commit
91774e8743
|
|
@ -321,12 +321,15 @@ Credentials can be provided in several ways:
|
|||
## 使用私有仓库 {#using-a-private-registry}
|
||||
|
||||
从私有仓库读取镜像时可能需要密钥。
|
||||
凭证可以用以下方式提供:
|
||||
凭据可以用以下方式提供:
|
||||
|
||||
<!--
|
||||
- Configuring Nodes to Authenticate to a Private Registry
|
||||
- all pods can read any configured private registries
|
||||
- requires node configuration by cluster administrator
|
||||
- Kubelet Credential Provider to dynamically fetch credentials for private registries
|
||||
- kubelet can be configured to use credential provider exec plugin
|
||||
for the respective private registry.
|
||||
- Pre-pulled Images
|
||||
- all pods can use any images cached on a node
|
||||
- requires root access to all nodes to set up
|
||||
|
|
@ -340,6 +343,8 @@ Credentials can be provided in several ways:
|
|||
- 配置节点向私有仓库进行身份验证
|
||||
- 所有 Pod 均可读取任何已配置的私有仓库
|
||||
- 需要集群管理员配置节点
|
||||
- kubelet 凭据提供程序,动态获取私有仓库的凭据
|
||||
- kubelet 可以被配置为使用凭据提供程序 exec 插件来访问对应的私有镜像库
|
||||
- 预拉镜像
|
||||
- 所有 Pod 都可以使用节点上缓存的所有镜像
|
||||
- 需要所有节点的 root 访问权限才能进行设置
|
||||
|
|
@ -370,7 +375,27 @@ task. That example uses a private registry in Docker Hub.
|
|||
-->
|
||||
有关配置私有容器镜像仓库的示例,
|
||||
请参阅任务[从私有镜像库中拉取镜像](/zh-cn/docs/tasks/configure-pod-container/pull-image-private-registry)。
|
||||
该示例使用 Docker Hub 中的私有注册表。
|
||||
该示例使用 Docker Hub 中的私有镜像仓库。
|
||||
|
||||
{{< note >}}
|
||||
<!--
|
||||
This approach is especially suitable when kubelet needs to fetch registry credentials dynamically.
|
||||
Most commonly used for registries provided by cloud providers where auth tokens are short-lived.
|
||||
-->
|
||||
此方法尤其适合 kubelet 需要动态获取仓库凭据时。
|
||||
最常用于由云提供商提供的仓库,其中身份认证令牌的生命期是短暂的。
|
||||
{{< /note >}}
|
||||
|
||||
<!--
|
||||
You can configure the kubelet to invoke a plugin binary to dynamically fetch registry credentials for a container image.
|
||||
This is the most robust and versatile way to fetch credentials for private registries, but also requires kubelet-level configuration to enable.
|
||||
|
||||
See [Configure a kubelet image credential provider](/docs/tasks/administer-cluster/kubelet-credential-provider/) for more details.
|
||||
-->
|
||||
你可以配置 kubelet,以调用插件可执行文件的方式来动态获取容器镜像的仓库凭据。
|
||||
这是为私有仓库获取凭据最稳健和最通用的方法,但也需要 kubelet 级别的配置才能启用。
|
||||
|
||||
有关更多细节请参见[配置 kubelet 镜像凭据提供程序](/docs/tasks/administer-cluster/kubelet-credential-provider/)。
|
||||
|
||||
<!--
|
||||
### Interpretation of config.json {#config-json}
|
||||
|
|
@ -459,7 +484,7 @@ would match successfully:
|
|||
The kubelet performs image pulls sequentially for every found credential. This
|
||||
means, that multiple entries in `config.json` are possible, too:
|
||||
-->
|
||||
kubelet 为每个找到的凭证的镜像按顺序拉取。这意味着在 `config.json` 中可能有多项:
|
||||
kubelet 为每个找到的凭据的镜像按顺序拉取。这意味着在 `config.json` 中可能有多项:
|
||||
|
||||
```json
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in New Issue