當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

caas k8s主控节点如何查询_k8s--04 部署harbor作为k8s镜像仓库

發布時間：2024/9/27 编程问答 25 豆豆

生活随笔收集整理的這篇文章主要介紹了 caas k8s主控节点如何查询_k8s--04 部署harbor作为k8s镜像仓库小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

k8s實戰

部署harbor作為k8s鏡像倉庫

1.實驗目標

部署k8s私有鏡像倉庫harbor把demo小項目需要的鏡像上傳到harbor上修改demo項目的資源配置清單，鏡像地址修改為harbord的地址

2.再node1上安裝harbor

[root@node1 ~]# cd /opt/#上傳harbor軟件包[root@node1 /opt]# rz -Erz waiting to receive.#解壓[root@node1 /opt]# tar zxf harbor-offline-installer-v1.9.0-rc1.tgz#進入解壓后的文件目錄[root@node1 /opt]# cd harbor/

3.編輯harbor配置文件

#備份[root@node1 /opt/harbor]# cp harbor.yml harbor.yml.bak#編輯配置文件[root@node1 /opt/harbor]# vim harbor.yml #需要更改的地方hostname: 10.0.0.11port: 8888harbor_admin_password: 123456data_volume: /data/harbor

4.執行安裝

#在安裝harbor是許諾先安裝docker-compose，否則報錯[root@node1 /opt/harbor]# yum install docker-compose -y#安裝harbor(注意命令執行的所在目錄)[root@node1 /opt/harbor]# ./install.sh

5.瀏覽器訪問

http://10.0.0.11:8888用戶：admin密碼：123456

6.建立鏡像倉庫

這里有2種訪問級別：公開：任何人都可以直接訪問并下載鏡像私有：登陸授權后才允許下載鏡像#注意如果創建私有倉庫，k8s是不能直接下載的，需要配置安全文件

7. 所有節點都配置docker信任harbor倉庫并重啟docker 注意：所有節點

#配置信任倉庫cat >/etc/docker/daemon.json <

8.docker登陸harbor ( 所有節點都執行 )

[root@node1 /opt/harbor]# docker login 10.0.0.11:8888Username: adminPassword: #密碼 123456WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded

9.下載鏡像修改tag并push到harbor上 ( 注意：從節點執行 )

1.在主節點查詢鏡像存放的節點位置[root@node1 ~]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESmysql-8fcd9f64-vqkm9 1/1 Running 1 18m 10.2.1.4 node2 myweb-6f974fdbdc-gsncp 1/1 Running 1 18m 10.2.1.5 node2 myweb-6f974fdbdc-ngngv 1/1 Running 1 18m 10.2.2.3 node3 2.根據主節點獲取的信息在從節點執行打標簽[root@node2 ~]# docker tag kubeguide/tomcat-app:v1 10.0.0.11:8888/k8s/tomcat-app:v1[root@node2 ~]# docker tag mysql:5.7 10.0.0.11:8888/k8s/mysql:5.73.將打好的標簽的鏡像上傳到harbor倉庫[root@node2 ~]# docker push 10.0.0.11:8888/k8s/tomcat-app:v1 [root@node2 ~]# docker push 10.0.0.11:8888/k8s/mysql:5.7

10.節點上刪除鏡像

#注意需要先刪除標簽鏡像在刪除源鏡像docker rmi 10.0.0.11:8888/k8s/mysql:5.7 docker rmi 10.0.0.11:8888/k8s/tomcat-app:v1docker rmi mysql:5.7 docker rmi kubeguide/tomcat-app:v1

11.刪除以前的demo項目注意：主節點執行

[root@node1 ~]# kubectl delete -f tomcat-demo.yamldeployment.apps "mysql" deletedservice "mysql" deleteddeployment.apps "myweb" deletedservice "myweb" deleted

12.修改demo項目的資源配置清單里的鏡像地址

[root@node1 ~]# vim tomcat-demo.yaml #注意更改的位置原來image: mysql:5.7 變更為： image: 10.0.0.11:8888/k8s/mysql:5.7原來image: k8s/tomcat-app:v1 變更為： image: 10.0.0.11:8888/k8s/tomcat-app:v1

13.應用資源配置清單

[root@node1 ~]# kubectl create -f tomcat-demo.yaml deployment.apps/mysql createdservice/mysql createddeployment.apps/myweb createdservice/myweb created

14.報錯

#此時查看pod狀態會發現鏡像拉取失敗了[root@node1 ~]# kubectl get podNAME READY STATUS RESTARTS AGEmysql-7d746b5577-wtxtm 0/1 ErrImagePull 0 15smyweb-764df5ffdd-jvvmf 0/1 ImagePullBackOff 0 15smyweb-764df5ffdd-rc9pc 0/1 ImagePullBackOff 0 15s#查看pod創建的詳細信息[root@node1 ~]# kubectl describe pod mysql-7d746b5577-可以tab自己的數據#關鍵報錯信息：Failed to pull image "10.0.0.11:8888/k8s/mysql:5.7": rpc error: code = Unknown desc = Error response from daemon: pull access denied for 10.0.0.11:8888/k8s/mysql, repository does not exist or may require 'docker login'翻譯：項目不出在或者需要登錄

15.查看docker登陸的密碼文件

[root@node1 ~]# docker login 10.0.0.11:8888Authenticating with existing credentials...WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded#查看加密密碼文件[root@node1 ~]# cat /root/.docker/config.json{"auths": {"10.0.0.11:8888": {"auth": "YWRtaW46MTIzNDU2"}},"HttpHeaders": {"User-Agent": "Docker-Client/18.09.9 (linux)"}

16.將docker密碼文件解碼成base64編碼解碼：base64

[root@node1 ~]# cat /root/.docker/config.json|base64ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTE6ODg4OCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZNVEl6TkRVMiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9#每一個人的都不一樣

17.創建并應用docker登陸的Secret資源

#注意！！！1.dockerconfigjson: xxx直接寫base64的編碼，不需要換行2.base64編碼是一整行，不是好幾行3.最后的type字段不能少[root@node1 ~]# cat >harbor-secret.yaml<

18.修改demo資源配置清單，添加拉取鏡像的參數

查看命令幫助kubectl explain deployment.spec.template.spec.imagePullSecrets修改資源配置清單修改文件---------------------------- imagePullSecrets: - name: harbor-secret---------------------------- #注意：mysql和tomcat都需要增加[root@node1 ~/demo]# cat tomcat-demo.yaml apiVersion: apps/v1kind: Deployment metadata: name: mysqlspec: replicas: 1 selector: matchLabels: app: mysql template: metadata: labels: app: mysql spec: containers: - name: mysql image: 10.0.0.11:8888/k8s/mysql:5.7 ports: - containerPort: 3306 env: - name: MYSQL_ROOT_PASSWORD value: "123456" imagePullSecrets: - name: harbor-secret---apiVersion: v1kind: Servicemetadata: name: mysqlspec: ports: - port: 3306 selector: app: mysql---apiVersion: apps/v1kind: Deployment metadata: name: mywebspec: replicas: 2 selector: matchLabels: app: myweb template: metadata: labels: app: myweb spec: containers: - name: myweb image: 10.0.0.11:8888/k8s/tomcat-app:v1 ports: - containerPort: 8080 env: - name: MYSQL_SERVICE_HOST value: 'mysql' - name: MYSQL_SERVICE_PORT value: '3306' imagePullSecrets: - name: harbor-secret---apiVersion: v1kind: Servicemetadata: name: mywebspec: type: NodePort ports: - port: 8080 nodePort: 30001 selector: app: myweb

19.應用資源配置清單并查看

1.刪除資源配置清單[root@node1 ~]# kubectl delete -f tomcat-demo.yaml2.創建新的資源[root@node1 ~]# kubectl create -f tomcat-demo.yaml deployment.apps/mysql createdservice/mysql createddeployment.apps/myweb createdservice/myweb created3.查詢下載的資源kubectl get pod -o wide

20.瀏覽器查看

http://10.0.0.11:30001/demo

報錯總結：

#報錯總結：1.如果要刪除的鏡像正在被容器使用，那么你是刪不了的2.harbor卸載不干凈，/data/harbor/目錄下的數據也要刪除3.secret配置只寫了一個dp，實際上有幾個deployment就需要寫幾個重做k8s使用harbor作為私有倉庫1.停止harbor正在運行的容器2.刪除harbor的容器docker ps -a|grep "goharbor"|awk '{print "docker rm "$1}'3.刪除harbor的鏡像dockerimages|grep "goharbor"|awk '{print "docker rmi "$1":"$2}'4.解壓并修改harbor配置文件hostname: 10.0.0.11port: 8888harbor_admin_password: 123456data_volume: /data/harbor5.執行安裝并訪問./install.shhttp://10.0.0.11:88886.創建一個私有倉庫k8s7.配置docker信任倉庫并重啟--三臺服務器都操作!!! { "registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"], "insecure-registries" : ["http://10.0.0.11:8888"] }systemctl restart docker注意！！！node1重啟后harbor會失效，需要重啟harborcd /opt/harbordocker-compose stopdocker-compose start8.docker登陸harbordocker login 10.0.0.11:88889.將docker登陸憑證轉化為k8s能識別的base64編碼[root@node1 ~]# cat /root/.docker/config.json|base64ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTE6ODg4OCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZNVEl6TkRVMiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp910.編寫Secert資源配置清單[root@node1 ~/demo]# cat harbor-secret.yaml apiVersion: v1kind: Secretmetadata: name: harbor-secretdata: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTE6ODg4OCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZNVEl6TkRVMiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9type: kubernetes.io/dockerconfigjson11.應用Secret資源kubectl delete -f harbor-secret.yaml kubectl create -f harbor-secret.yamlkubectl get secrets12.修改鏡像tag并上傳到harbordocker tag kubeguide/tomcat-app:v1 10.0.0.11:8888/k8s/tomcat-app:v1docker tag mysql:5.7 10.0.0.11:8888/k8s/mysql:5.7docker push 10.0.0.11:8888/k8s/tomcat-app:v1docker push 10.0.0.11:8888/k8s/mysql:5.7 13.修改demo資源配置清單####mysqlimagePullSecrets: - name: harbor-secret###tomcatimagePullSecrets: - name: harbor-secret14.應用資源清單并查看kubectl apply -f .kubectl get pod

總結

以上是生活随笔為你收集整理的caas k8s主控节点如何查询_k8s--04 部署harbor作为k8s镜像仓库的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

上一篇： centos 7 安装golang遇到问
下一篇： Docker Harbor 2.3.4