harbor has a feature that can create a robot account
robot account just can pull or push(you can choose)
harbor will generate a pair with "robot$xxx" and "token"
then, you can apply in automation script or k8s cluster
the pros is the robot account limit authority that reduce security problems
K8s can setting secrets to pull private registry => link
I’m trying using the harbor robot account and token as k8s secret to pull image.
$ kubectl create secret docker-registry harbor-registry-secret —- docker-server=xxx.com --docker-username=robot$xxx --docker-password=xxx
However, after add k8s secret success, when I pull image using that secret will return “ImagePullBackOff” and show unauthorized
then I figure our this problem by escape dollar sign
I create the secret using
--docker-username=”robot\$xxx” instead of
--docker-username=’robot$xxx’
The harbor robot account in k8s secret worked!