一,先部署镜像仓库harbor服务
(1)harbor服务是通过docker-compose安装的
下载:

[root@k8s-node1 bin]# wget "https://github.com/docker/compose/releases/download/v2.3.2/docker-compose-$(uname -s)-$(uname -m)" -O /usr/local/bin/docker-compose
--2023-12-11 15:45:55--  https://github.com/docker/compose/releases/download/v2.3.2/docker-compose-Linux-x86_64
Resolving github.com (github.com)... 20.205.243.166
Connecting to github.com (github.com)|20.205.243.166|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/15045751/cf3a8959-5abe-4d83-9f1d-1fd2e770f30b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231211T074556Z&X-Amz-Expires=300&X-Amz-Signature=107dde0364d4a520eb1c94e5523a790a8c50dc41f9eaac6e00d05450b6788b7b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=15045751&response-content-disposition=attachment%3B%20filename%3Ddocker-compose-linux-x86_64&response-content-type=application%2Foctet-stream [following]
--2023-12-11 15:45:56--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/15045751/cf3a8959-5abe-4d83-9f1d-1fd2e770f30b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231211T074556Z&X-Amz-Expires=300&X-Amz-Signature=107dde0364d4a520eb1c94e5523a790a8c50dc41f9eaac6e00d05450b6788b7b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=15045751&response-content-disposition=attachment%3B%20filename%3Ddocker-compose-linux-x86_64&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.110.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 26001408 (25M) [application/octet-stream]
Saving to: ‘/usr/local/bin/docker-compose’

100%[===============================================================================================================>] 26,001,408   128KB/s   in 2m 57s

2023-12-11 15:48:55 (143 KB/s) - ‘/usr/local/bin/docker-compose’ saved [26001408/26001408]

[root@k8s-node1 bin]# chmod +x /usr/local/bin/docker-compose


赋权:

```bash
[root@k8s-node1 ~]# chmod +x /usr/local/bin/docker-compose

验证:

[root@k8s-node1 bin]# docker-compose --version
Docker Compose version v2.3.2

安装harbor镜像服务

配置harbor.yml的配置文件
hostname: 192.168.21.121         #配置成本机IP
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 5000                     #服务访问的端口
harbor_admin_password: admin     #配置登录harbor服务的admin用户的密码
data_volume: /data/software/harbor/data       #配置数据的存放目录
  #执行安装脚本
[root@k8s-master2 harbor]# ./install.sh

登录验证
在这里插入图片描述
harbor镜像上传和下载

镜像上传:docker tag SOURCE_IMAGE[:TAG] 192.168.21.121:5000/app/REPOSITORY[:TAG]
[root@k8s-master3 ~]# docker tag busybox:latest 192.168.21.121:5000/app/busybox:latest
[root@k8s-master3 ~]# docker push 192.168.21.121:5000/app/busybox:latest
The push refers to repository [192.168.21.121:5000/app/busybox]
Get "https://192.168.21.121:5000/v2/": http: server gave HTTP response to HTTPS client
镜像上传报http: server gave HTTP response to HTTPS client需要配置一下docker服务,在/etc/docker/daemon.json服务配上"insecure-registries": ["192.168.21.121:5000"]
参数配置完重启docker
[root@k8s-master3 ~]# systemctl daemon-reload
[root@k8s-master3 ~]# systemctl restart docker
[root@k8s-master3 ~]# docker push 192.168.21.121:5000/app/busybox:latest
The push refers to repository [192.168.21.121:5000/app/busybox]
01fd6df81c8e: Preparing
unauthorized: unauthorized to access repository: app/busybox, action: push: unauthorized to access repository: app/busybox, action: push
这个报错是咱们配置的私有仓库,在上传镜像时需要先登录
[root@k8s-master3 ~]# docker login 192.168.21.121:5000
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@k8s-master3 ~]# docker push 192.168.21.121:5000/app/busybox:latest
The push refers to repository [192.168.21.121:5000/app/busybox]
01fd6df81c8e: Pushed
latest: digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee size: 527
[root@k8s-master3 ~]#

在这里插入图片描述
镜像下载

[root@k8s-master3 ~]# docker pull 192.168.21.121:5000/app/busybox:latest
latest: Pulling from app/busybox
Digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee
Status: Image is up to date for 192.168.21.121:5000/app/busybox:latest
192.168.21.121:5000/app/busybox:latest

咱们在通过K8S部署的pod在harbor镜像仓库下载镜像时,要提前配置好登录的用户验证:

陆到harbor,有一个属于自己的认证秘钥,在家目录下的.docker/config.json里面

[root@k8s-master3 ~]# cat .docker/config.json
{
        "auths": {
                "192.168.21.121:5000": {
                        "auth": "YWRtaW46YWRtaW4="
                }
        }

因为我们要在k8s集群的master上面新建由私库拉取下来的镜像生成的pod,而登陆私库需要认证,所以需要获得秘钥认证才可以,这时可以直接用2个节点的秘钥,并生成可用的二进制秘钥,-w 0 表示生成秘钥不转行,默认转行不是正确的格式会出错

[root@k8s-master3 ~]# cat .docker/config.json |base64 -w 0
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIxLjEyMTo1MDAwIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NllXUnRhVzQ9IgoJCX0KCX0KfQ==

创建secret文件,制作secret资源的yaml

[root@k8s-master1 yaml]# cat registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: registry-pull-secret
  namespace: app
data:
  .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIxLjEyMTo1MDAwIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NllXUnRhVzQ9IgoJCX0KCX0KfQ==
type: kubernetes.io/dockerconfigjson
#创建secret
[root@k8s-master1 yaml]# kubectl apply -f registry-pull-secret.yaml
查看创建的secret
[root@k8s-master1 ~]# kubectl get Secret -n app
NAME                   TYPE                                  DATA   AGE
default-token-w6q98    kubernetes.io/service-account-token   3      11d
registry-pull-secret   kubernetes.io/dockerconfigjson        1      80m

通过私有仓库下的镜像创建一个pod验证一下

[root@k8s-master1 yaml]# kubectl create deployment busybox --image=192.168.21.121:5000/app/busybox@sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee -n app
deployment.apps/busybox created
#容器拉取镜像失败,失败原因是未授权访问
[root@k8s-master1 yaml]# kubectl get pods -n app
NAME                           READY   STATUS             RESTARTS      AGE
busybox-7c897889b-c2qkz        0/1     ImagePullBackOff   0             5s
在pod的deployment中进行配置

imagePullSecrets:
      - name: registry-pull-secret     #这个是你创建的Secret 的名字

没成功下载一次,下载数累加1
在这里插入图片描述

# kubernetes # 云原生
Logo
K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 |  韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号​前言台湾作家林清玄在接受记者采访的时候,如此评价自己 30 多年写作生涯:“第一个十年我才华横溢,‘贼光闪现’,令周边黯然失色;第二个十年,我终于‘宝光现形’,不再去抢风头,反而与身边的美丽相得益彰;进入第三个十年,繁华落尽见真醇,我进入了‘醇光初现’的阶段,真正体味到了境界之美”。​长夜有穷,真水无香。领略过了 K8s“身在江

avatar K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台?

作者 | 孙健波(天元)导读:当前云原生 DevOps 体系现状如何?面临哪些挑战?如何通过 OAM 解决云原生 DevOps 场景下的诸多问题?云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答,并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps?为什么基于 Kub

avatar K8S/Kubernetes

k8s 火了!

2020,上云之年,产品云端化成为一种趋势。在一线城市,很多公司都已经构建了自己的私有云环境,比如阿里云、网易云、华为云等。而Kubernetes 作为基于容器编排领域的王者,具备扩展...

avatar K8S/Kubernetes