caas k8s主控节点如何查询_k8s--04 部署harbor作为k8s镜像仓库
生活随笔
收集整理的這篇文章主要介紹了
caas k8s主控节点如何查询_k8s--04 部署harbor作为k8s镜像仓库
小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.
k8s實戰(zhàn)
部署harbor作為k8s鏡像倉庫
1.實驗?zāi)繕?biāo)
部署k8s私有鏡像倉庫harbor把demo小項目需要的鏡像上傳到harbor上修改demo項目的資源配置清單,鏡像地址修改為harbord的地址2.再node1上安裝harbor
[root@node1 ~]# cd /opt/#上傳harbor軟件包[root@node1 /opt]# rz -Erz waiting to receive.#解壓[root@node1 /opt]# tar zxf harbor-offline-installer-v1.9.0-rc1.tgz#進入解壓后的文件目錄[root@node1 /opt]# cd harbor/3.編輯harbor配置文件
#備份[root@node1 /opt/harbor]# cp harbor.yml harbor.yml.bak#編輯配置文件[root@node1 /opt/harbor]# vim harbor.yml #需要更改的地方hostname: 10.0.0.11port: 8888harbor_admin_password: 123456data_volume: /data/harbor4.執(zhí)行安裝
#在安裝harbor是許諾先安裝docker-compose,否則報錯[root@node1 /opt/harbor]# yum install docker-compose -y#安裝harbor(注意命令執(zhí)行的所在目錄)[root@node1 /opt/harbor]# ./install.sh5.瀏覽器訪問
http://10.0.0.11:8888用戶:admin密碼:1234566.建立鏡像倉庫
這里有2種訪問級別:公開:任何人都可以直接訪問并下載鏡像私有:登陸授權(quán)后才允許下載鏡像#注意如果創(chuàng)建私有倉庫,k8s是不能直接下載的,需要配置安全文件7. 所有節(jié)點都配置docker信任harbor倉庫并重啟docker 注意:所有節(jié)點
#配置信任倉庫cat >/etc/docker/daemon.json <8.docker登陸harbor ( 所有節(jié)點 都執(zhí)行 )
[root@node1 /opt/harbor]# docker login 10.0.0.11:8888Username: adminPassword: #密碼 123456WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded9.下載鏡像修改tag并push到harbor上 ( 注意:從節(jié)點執(zhí)行 )
1.在主節(jié)點查詢鏡像存放的節(jié)點位置[root@node1 ~]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESmysql-8fcd9f64-vqkm9 1/1 Running 1 18m 10.2.1.4 node2 myweb-6f974fdbdc-gsncp 1/1 Running 1 18m 10.2.1.5 node2 myweb-6f974fdbdc-ngngv 1/1 Running 1 18m 10.2.2.3 node3 2.根據(jù)主節(jié)點獲取的信息在從節(jié)點執(zhí)行打標(biāo)簽[root@node2 ~]# docker tag kubeguide/tomcat-app:v1 10.0.0.11:8888/k8s/tomcat-app:v1[root@node2 ~]# docker tag mysql:5.7 10.0.0.11:8888/k8s/mysql:5.73.將打好的標(biāo)簽的鏡像上傳到harbor倉庫[root@node2 ~]# docker push 10.0.0.11:8888/k8s/tomcat-app:v1 [root@node2 ~]# docker push 10.0.0.11:8888/k8s/mysql:5.710.節(jié)點上刪除鏡像
#注意需要先刪除標(biāo)簽鏡像在刪除源鏡像docker rmi 10.0.0.11:8888/k8s/mysql:5.7 docker rmi 10.0.0.11:8888/k8s/tomcat-app:v1docker rmi mysql:5.7 docker rmi kubeguide/tomcat-app:v111.刪除以前的demo項目 注意:主節(jié)點執(zhí)行
[root@node1 ~]# kubectl delete -f tomcat-demo.yamldeployment.apps "mysql" deletedservice "mysql" deleteddeployment.apps "myweb" deletedservice "myweb" deleted12.修改demo項目的資源配置清單里的鏡像地址
[root@node1 ~]# vim tomcat-demo.yaml #注意更改的位置原來image: mysql:5.7 變更為: image: 10.0.0.11:8888/k8s/mysql:5.7原來image: k8s/tomcat-app:v1 變更為: image: 10.0.0.11:8888/k8s/tomcat-app:v113.應(yīng)用資源配置清單
[root@node1 ~]# kubectl create -f tomcat-demo.yaml deployment.apps/mysql createdservice/mysql createddeployment.apps/myweb createdservice/myweb created14.報錯
#此時查看pod狀態(tài)會發(fā)現(xiàn)鏡像拉取失敗了[root@node1 ~]# kubectl get podNAME READY STATUS RESTARTS AGEmysql-7d746b5577-wtxtm 0/1 ErrImagePull 0 15smyweb-764df5ffdd-jvvmf 0/1 ImagePullBackOff 0 15smyweb-764df5ffdd-rc9pc 0/1 ImagePullBackOff 0 15s#查看pod創(chuàng)建的詳細信息[root@node1 ~]# kubectl describe pod mysql-7d746b5577-可以tab自己的數(shù)據(jù)#關(guān)鍵報錯信息:Failed to pull image "10.0.0.11:8888/k8s/mysql:5.7": rpc error: code = Unknown desc = Error response from daemon: pull access denied for 10.0.0.11:8888/k8s/mysql, repository does not exist or may require 'docker login'翻譯:項目不出在或者需要登錄15.查看docker登陸的密碼文件
[root@node1 ~]# docker login 10.0.0.11:8888Authenticating with existing credentials...WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded#查看加密密碼文件[root@node1 ~]# cat /root/.docker/config.json{"auths": {"10.0.0.11:8888": {"auth": "YWRtaW46MTIzNDU2"}},"HttpHeaders": {"User-Agent": "Docker-Client/18.09.9 (linux)"}16.將docker密碼文件解碼成base64編碼 解碼:base64
[root@node1 ~]# cat /root/.docker/config.json|base64ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTE6ODg4OCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZNVEl6TkRVMiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9#每一個人的都不一樣17.創(chuàng)建并應(yīng)用docker登陸的Secret資源
#注意!!!1.dockerconfigjson: xxx直接寫base64的編碼,不需要換行2.base64編碼是一整行,不是好幾行3.最后的type字段不能少[root@node1 ~]# cat >harbor-secret.yaml<18.修改demo資源配置清單,添加拉取鏡像的參數(shù)
查看命令幫助kubectl explain deployment.spec.template.spec.imagePullSecrets修改資源配置清單修改文件---------------------------- imagePullSecrets: - name: harbor-secret---------------------------- #注意:mysql和tomcat都需要增加[root@node1 ~/demo]# cat tomcat-demo.yaml apiVersion: apps/v1kind: Deployment metadata: name: mysqlspec: replicas: 1 selector: matchLabels: app: mysql template: metadata: labels: app: mysql spec: containers: - name: mysql image: 10.0.0.11:8888/k8s/mysql:5.7 ports: - containerPort: 3306 env: - name: MYSQL_ROOT_PASSWORD value: "123456" imagePullSecrets: - name: harbor-secret---apiVersion: v1kind: Servicemetadata: name: mysqlspec: ports: - port: 3306 selector: app: mysql---apiVersion: apps/v1kind: Deployment metadata: name: mywebspec: replicas: 2 selector: matchLabels: app: myweb template: metadata: labels: app: myweb spec: containers: - name: myweb image: 10.0.0.11:8888/k8s/tomcat-app:v1 ports: - containerPort: 8080 env: - name: MYSQL_SERVICE_HOST value: 'mysql' - name: MYSQL_SERVICE_PORT value: '3306' imagePullSecrets: - name: harbor-secret---apiVersion: v1kind: Servicemetadata: name: mywebspec: type: NodePort ports: - port: 8080 nodePort: 30001 selector: app: myweb19.應(yīng)用資源配置清單并查看
1.刪除資源配置清單[root@node1 ~]# kubectl delete -f tomcat-demo.yaml2.創(chuàng)建新的資源[root@node1 ~]# kubectl create -f tomcat-demo.yaml deployment.apps/mysql createdservice/mysql createddeployment.apps/myweb createdservice/myweb created3.查詢下載的資源kubectl get pod -o wide20.瀏覽器查看
http://10.0.0.11:30001/demo
報錯總結(jié):
#報錯總結(jié):1.如果要刪除的鏡像正在被容器使用,那么你是刪不了的2.harbor卸載不干凈,/data/harbor/目錄下的數(shù)據(jù)也要刪除3.secret配置只寫了一個dp,實際上有幾個deployment就需要寫幾個重做k8s使用harbor作為私有倉庫1.停止harbor正在運行的容器2.刪除harbor的容器docker ps -a|grep "goharbor"|awk '{print "docker rm "$1}'3.刪除harbor的鏡像dockerimages|grep "goharbor"|awk '{print "docker rmi "$1":"$2}'4.解壓并修改harbor配置文件hostname: 10.0.0.11port: 8888harbor_admin_password: 123456data_volume: /data/harbor5.執(zhí)行安裝并訪問./install.shhttp://10.0.0.11:88886.創(chuàng)建一個私有倉庫k8s7.配置docker信任倉庫并重啟--三臺服務(wù)器都操作!!! { "registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"], "insecure-registries" : ["http://10.0.0.11:8888"] }systemctl restart docker注意!!!node1重啟后harbor會失效,需要重啟harborcd /opt/harbordocker-compose stopdocker-compose start8.docker登陸harbordocker login 10.0.0.11:88889.將docker登陸憑證轉(zhuǎn)化為k8s能識別的base64編碼[root@node1 ~]# cat /root/.docker/config.json|base64ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTE6ODg4OCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZNVEl6TkRVMiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp910.編寫Secert資源配置清單[root@node1 ~/demo]# cat harbor-secret.yaml apiVersion: v1kind: Secretmetadata: name: harbor-secretdata: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTE6ODg4OCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZNVEl6TkRVMiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9type: kubernetes.io/dockerconfigjson11.應(yīng)用Secret資源kubectl delete -f harbor-secret.yaml kubectl create -f harbor-secret.yamlkubectl get secrets12.修改鏡像tag并上傳到harbordocker tag kubeguide/tomcat-app:v1 10.0.0.11:8888/k8s/tomcat-app:v1docker tag mysql:5.7 10.0.0.11:8888/k8s/mysql:5.7docker push 10.0.0.11:8888/k8s/tomcat-app:v1docker push 10.0.0.11:8888/k8s/mysql:5.7 13.修改demo資源配置清單####mysqlimagePullSecrets: - name: harbor-secret###tomcatimagePullSecrets: - name: harbor-secret14.應(yīng)用資源清單并查看kubectl apply -f .kubectl get pod總結(jié)
以上是生活随笔為你收集整理的caas k8s主控节点如何查询_k8s--04 部署harbor作为k8s镜像仓库的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: centos 7 安装golang遇到问
- 下一篇: Docker Harbor 2.3.4