k8s——kubenertesPod资源管理及安装harbor
这里写目录标题一、Pod资源管理1.1 pod特点1.2 Pod容器分类1:infrastructure container 基础容器2:initcontainers 初始化容器3:container 业务容器master01操作2. 部署k8s的harbor创建私有项目实验目的实验步骤一、Pod资源管理1.1 pod特点最小部署单元一组容器的集合一个Pod中的容器共享网络命名空间Pod是短暂的1
这里写目录标题
一、Pod资源管理
1.1 pod特点
- 最小部署单元
- 一组容器的集合
- 一个Pod中的容器共享网络命名空间
- Pod是短暂的
1.2 Pod容器分类
1:infrastructure container 基础容器
作用:维护整个Pod网络空间
node节点操作:查看容器的网络
[root@localhost ~]# cat /opt/kubernetes/cfg/kubelet
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
每次创建Pod时候就会创建,与Pod对应的,对于用户是透明的
2:initcontainers 初始化容器
先于业务容器开始执行,原先Pod中容器是并行开启,现在进行了改进
3:container 业务容器
并行启动
官方网站
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
示例:
master01操作
[root@localhost demo]# kubectl edit deployment/nginx
spec:
containers:
- image: nginx:latest
imagePullPolicy: Always #改成always
name: nginx
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
[root@master01 ~]# cd demo/
[root@master01 demo]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: Always
command: [ "echo", "SUCCESS" ]
[root@master01 demo]# kubectl create -f pod1.yaml
pod/mypod created
[root@master01 demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 0/1 ContainerCreating 0 19s
[root@master01 demo]# kubectl get pods -w
NAME READY STATUS RESTARTS AGE
mypod 0/1 Completed 0 25s
mypod 0/1 Completed 1 33s #一直在尝试重启
mypod 0/1 CrashLoopBackOff 1 34s
mypod 0/1 Completed 2 59s
mypod 0/1 CrashLoopBackOff 2 60s
mypod 0/1 Completed 3 102s
mypod 0/1 CrashLoopBackOff 3 112s
[root@master01 demo]# kubectl logs mypod
SUCCESS
//失败的状态的原因是因为命令启动冲突
删除 command: [ "echo", "SUCCESS" ]
//同时更改一下版本
image: nginx:1.14
//删除原有的资源
[root@master01 demo]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx:1.14
imagePullPolicy: Always
[root@master01 demo]# kubectl delete -f pod1.yaml //删除原有的资源
pod "mypod" deleted
[root@master01 demo]# kubectl get all
NAME READY STATUS RESTARTS AGE
[root@master01 demo]# kubectl apply -f pod1.yaml //更新资源
pod/mypod created
[root@master01 demo]# kubectl get pods -w
NAME READY STATUS RESTARTS AGE
mypod 0/1 ContainerCreating 0 6s
mypod 1/1 Running 0 19s
[root@master01 demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
mypod 1/1 Running 0 24s 172.17.4.3 192.168.200.120 <none>
//在mypod的node节点使用curl 查看头部信息
[root@node02 ~]# curl -I 172.17.4.3
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 12 Oct 2020 09:25:46 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 04 Dec 2018 14:44:49 GMT
Connection: keep-alive
ETag: "5c0692e1-264"
Accept-Ranges: bytes
2. 部署k8s的harbor创建私有项目
实验目的
为k8s创建一个harbor私库
实验步骤
1.新开一个虚拟机,节点IP为192.168.200.60,安装dockers服务
[root@localhost ~]# iptables -F
[root@localhost ~]# setenforce 0
[root@localhost ~]# hostnamectl set-hostname harbor
[root@localhost ~]# su
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce docker-ce-cli containerd.io
systemctl start docker
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://sno1b9w3.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
sysctl -p
service network restart
systemctl restart docker
2.安装docker-compose命令
[root@harbor ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg 模板 图片 下载 桌面
docker-compose 公共 视频 文档 音乐
[root@harbor ~]# chmod +x docker-compose
[root@harbor ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg 模板 图片 下载 桌面
docker-compose 公共 视频 文档 音乐
[root@harbor ~]# cp docker-compose /usr/local/bin/
[root@harbor ~]# docker-compose -v
docker-compose version 1.21.1, build 5a3f1a3
3.安装harbor
[root@harbor ~]# tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
[root@harbor ~]# vim /usr/local/harbor/harbor.cfg
5 hostname = 192.168.200.60
[root@harbor ~]# cd /usr/local/harbor/
[root@harbor harbor]# sh install.sh #执行安装脚本
[Step 0]: checking installation environment ...
Note: docker version: 19.03.13
Note: docker-compose version: 1.21.1
[Step 1]: loading Harbor images ...
dd60b611baaa: Loading layer 133.2MB/133.2MB
abf0579c40fd: Loading layer 1.536kB/1.536kB
ea1fc7bed9c5: Loading layer 22.48MB/22.48MB
1d6671367c69: Loading layer 7.168kB/7.168kB
b322bb3e4765: Loading layer 5.339MB/5.339MB
0cf512d418ac: Loading layer 9.728kB/9.728kB
4a7cdc0b1a2b: Loading layer 2.56kB/2.56kB
ef1130526636: Loading layer 22.48MB/22.48MB
Loaded image: vmware/harbor-ui:v1.2.2
4a050fccec52: Loading layer 12.16MB/12.16MB
d918d73369ec: Loading layer 17.3MB/17.3MB
22898836924e: Loading layer 15.87kB/15.87kB
Loaded image: vmware/notary-photon:server-0.5.0
76c156eab077: Loading layer 134MB/134MB
1eae6563289a: Loading layer 16.42MB/16.42MB
Loaded image: vmware/nginx-photon:1.11.13
2e814f7ef645: Loading layer 2.048kB/2.048kB
bc5742b580db: Loading layer 2.048kB/2.048kB
5413bcdb81b0: Loading layer 2.56kB/2.56kB
c4e2be066795: Loading layer 3.584kB/3.584kB
a4ea62be60b0: Loading layer 22.8MB/22.8MB
800a351ae5da: Loading layer 22.8MB/22.8MB
Loaded image: vmware/registry:2.6.2-photon
Loaded image: photon:1.0
a39bd6a7f897: Loading layer 10.95MB/10.95MB
6f79b8337a1f: Loading layer 17.3MB/17.3MB
74bbd0e81dd0: Loading layer 15.87kB/15.87kB
Loaded image: vmware/notary-photon:signer-0.5.0
2202528221a2: Loading layer 7.07MB/7.07MB
4fe250d3c912: Loading layer 7.07MB/7.07MB
Loaded image: vmware/harbor-adminserver:v1.2.2
9463fb852970: Loading layer 75.37MB/75.37MB
d2c9a2a395d9: Loading layer 3.584kB/3.584kB
b08aea2a8a82: Loading layer 3.072kB/3.072kB
103e65a1013b: Loading layer 3.072kB/3.072kB
Loaded image: vmware/harbor-log:v1.2.2
5d6cbe0dbcf9: Loading layer 129.2MB/129.2MB
435f2dfbd884: Loading layer 344.6kB/344.6kB
814d7b59f0cc: Loading layer 4.657MB/4.657MB
aae399245bd0: Loading layer 1.536kB/1.536kB
21e2ae955f72: Loading layer 33.84MB/33.84MB
a2d0f7b84059: Loading layer 25.09kB/25.09kB
819fa6af55b8: Loading layer 3.584kB/3.584kB
78914c99a468: Loading layer 167.7MB/167.7MB
36e79c658afb: Loading layer 6.144kB/6.144kB
f73503aca003: Loading layer 9.216kB/9.216kB
a21b39f6da59: Loading layer 1.536kB/1.536kB
ef81eb7c77b3: Loading layer 8.704kB/8.704kB
08d0cfe60b0d: Loading layer 4.608kB/4.608kB
0864dda8f611: Loading layer 4.608kB/4.608kB
Loaded image: vmware/harbor-db:v1.2.2
29d1f4ae97dd: Loading layer 18.31MB/18.31MB
7caf936e1402: Loading layer 18.31MB/18.31MB
Loaded image: vmware/harbor-jobservice:v1.2.2
78dbfa5b7cbc: Loading layer 130.9MB/130.9MB
5f70bf18a086: Loading layer 1.024kB/1.024kB
8deec01122be: Loading layer 344.6kB/344.6kB
574ab36807f2: Loading layer 1.536kB/1.536kB
d8f2cde2eef8: Loading layer 20.48kB/20.48kB
eaa3924b054e: Loading layer 5.12kB/5.12kB
8aa2c772121c: Loading layer 184.3MB/184.3MB
c3014bbccb0b: Loading layer 8.704kB/8.704kB
978a35efaa8c: Loading layer 4.608kB/4.608kB
c2385ae7d6e5: Loading layer 16.6MB/16.6MB
Loaded image: vmware/harbor-notary-db:mariadb-10.1.10
c192a34d4ff4: Loading layer 155.2MB/155.2MB
d012a9276a83: Loading layer 10.75MB/10.75MB
b8befd881cb5: Loading layer 10.75MB/10.75MB
Loaded image: vmware/clair:v2.0.1-photon
bbda1562018e: Loading layer 101.6MB/101.6MB
1171ab08cc04: Loading layer 6.656kB/6.656kB
6df81d3a0683: Loading layer 6.656kB/6.656kB
Loaded image: vmware/postgresql:9.6.4-photon
[Step 2]: preparing environment ...
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[Step 3]: checking existing instance of Harbor ...
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating harbor-db ... done
Creating registry ... done
Creating harbor-ui ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.200.60 .
For more details, please visit https://github.com/vmware/harbor .
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-log v1.2.2 36ef78ae27df 2 years ago 200MB
vmware/harbor-jobservice v1.2.2 e2af366cba44 2 years ago 164MB
vmware/harbor-ui v1.2.2 39efb472c253 2 years ago 178MB
vmware/harbor-adminserver v1.2.2 c75963ec543f 2 years ago 142MB
vmware/harbor-db v1.2.2 ee7b9fa37c5d 2 years ago 329MB
vmware/nginx-photon 1.11.13 6cc5c831fc7f 3 years ago 144MB
vmware/registry 2.6.2-photon 5d9100e4350e 3 years ago 173MB
vmware/postgresql 9.6.4-photon c562762cbd12 3 years ago 225MB
vmware/clair v2.0.1-photon f04966b4af6c 3 years ago 297MB
vmware/harbor-notary-db mariadb-10.1.10 64ed814665c6 3 years ago 324MB
vmware/notary-photon signer-0.5.0 b1eda7d10640 3 years ago 156MB
vmware/notary-photon server-0.5.0 6e2646682e3c 3 years ago 157MB
photon 1.0 e6e4e4a2ba1b 4 years ago 128MB
[root@harbor harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1e8c92c9c595 vmware/nginx-photon:1.11.13 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
3099b8ddd0ea vmware/harbor-jobservice:v1.2.2 "/harbor/harbor_jobs…" 2 minutes ago Up 2 minutes harbor-jobservice
91360379e51f vmware/harbor-ui:v1.2.2 "/harbor/harbor_ui" 2 minutes ago Up 2 minutes harbor-ui
9cc34ed8e953 vmware/registry:2.6.2-photon "/entrypoint.sh serv…" 2 minutes ago Up 2 minutes 5000/tcp registry
343058843b37 vmware/harbor-adminserver:v1.2.2 "/harbor/harbor_admi…" 2 minutes ago Up 2 minutes harbor-adminserver
54b26109a052 vmware/harbor-db:v1.2.2 "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 3306/tcp harbor-db
a5162dc95552 vmware/harbor-log:v1.2.2 "/bin/sh -c 'crond &…" 2 minutes ago Up 2 minutes 127.0.0.1:1514->514/tcp harbor-log
[root@harbor harbor]# cd /usr/local/harbor/
[root@harbor harbor]# docker-compose ps
Name Command State Ports
---------------------------------------------------------------------------------------------
harbor-adminserver /harbor/harbor_adminserver Up
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 127.0.0.1:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp,
0.0.0.0:4443->4443/tcp,
0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
4.如果一切都正常,应该可以打开浏览器访问 http://192.168.200.60 的管理页面,默认 的管理员用户名和密码是 admin/Harbor12345。
5.部署harbor创建私有项目
6.node节点配置连接私有仓库(注意后面的逗号要添加)
[root@node01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://sno1b9w3.mirror.aliyuncs.com"],
"insecure-registries":["192.168.200.60"] #添加这句
}
[root@node01 ~]# systemctl restart docker
[root@node02 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://sno1b9w3.mirror.aliyuncs.com"],
"insecure-registries":["192.168.200.60"] #添加这句
}
[root@node02 ~]# systemctl restart docker #重启docker
7.node节点登录harbor私有仓库
[root@node01 ~]# docker login 192.168.200.60
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@node02 ~]# docker login 192.168.200.60
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
8.下载Tomcat镜像进行推送
[root@node01 ~]# docker pull tomcat #从公有库下载镜像
Using default tag: latest
latest: Pulling from library/tomcat
Digest: sha256:1bab37d5d97bd8c74a474b2c1a62bbf1f1b4b62f151c8dcc472c7d577eb3479d
Status: Image is up to date for tomcat:latest
docker.io/library/tomcat:latest
//打标签
[root@node01 ~]# docker tag tomcat 192.168.200.60/project/tomcat8 为下载的镜像打标签
[root@node01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 992e3b7be046 6 days ago 133MB
192.168.200.60/project/tomcat8 latest f796d3d2c195 3 weeks ago 647MB ###打完标签的镜像
tomcat latest f796d3d2c195 3 weeks ago 647MB
centos 7 7e6257c9f8d8 2 months ago 203MB
nginx 1.14 295c7be07902 18 months ago 109MB
nginx 1.15.4 bc26f1ed35cf 2 years ago 109MB
siriuszg/kubernetes-dashboard-amd64 v1.8.3 784cf2722f44 2 years ago 102MB
registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64 3.0 99e59f495ffa 4 years ago 747kB
[root@node01 ~]# docker push 192.168.200.60/project/tomcat8//推送成功
The push refers to repository [192.168.200.60/project/tomcat8]
b654a29de9ee: Pushed
1485ce09f585: Pushed
eb6e8fe5c6dc: Pushed
8b185d674aef: Pushed
4f17d163126f: Pushed
df95ed2a791d: Pushed
17bdf5e22660: Pushed
d37096232ed8: Pushed
6add0d2b5482: Pushed
4ef54afed780: Pushed
latest: digest: sha256:99c20ba4ab117d182a0aa2266123b2cfb425777495fd62e2ba37f489c3e2f808 size: 2421
[root@node01 ~]# cd .docker/ 进入私库下发文件目录
[root@node01 .docker]# ls
config.json
[root@node01 .docker]# cat config.json | base64 -w 0 # 使用64位解码并且不换行输出查看
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIwMC42MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy4xMyAobGludXgpIgoJfQp9Cg==
9.查看私库,上传成功,然后删除私库
10.通过yaml文件创建资源
[root@localhost demo]# vim tomcat-deployment.yaml #创建yaml文件
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-tomcat
spec:
replicas: 2
template:
metadata:
labels:
app: my-tomcat
spec:
containers:
- name: my-tomcat
image: docker.io/tomcat:8.0.52 #镜像版本
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-tomcat
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 31111
selector:
app: my-tomcat
[root@master01 demo]# kubectl create -f tomcat-deplyment.yaml #创建资源
deployment.extensions/my-tomcat created
service/my-tomcat created
11.在node01上操作,上传私库(之前登陆过harbor仓库的节点,上传的前提是登录私库)
[root@node01 .docker]# docker tag tomcat:8.0.52 192.168.200.60/project/tomcat //镜像打标签
[root@node01 .docker]# docker push 192.168.200.60/project/tomcat //上传镜像到harbor
The push refers to repository [192.168.200.60/project/tomcat]
fe9cde45f959: Pushed
2ef8c178f6e1: Pushed
ec7635afeee4: Pushed
5525ae859b17: Pushed
5e4834f80277: Pushed
6e85077a6fde: Pushed
88ceb290c2a1: Pushed
f469346f8162: Pushed
29783d2ef871: Pushed
d7ed640784f1: Pushed
1618a71a1198: Pushed
latest: digest: sha256:f3cfaf433cb95dafca20143ba99943249ab830d0aca484c89ffa36cf2a9fb4c9 size: 2625
[root@node01 .docker]# cat config.json |base64 -w 0 # 查看登陆凭据
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIwMC42MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy4xMyAobGludXgpIgoJfQp9Cg==
12.使用master拉取私库一定要配置secret资源
[root@master01 demo]# vim registry-pull-secret.yaml #创建
apiVersion: v1
kind: Secret
metadata:
name: registry-pull-secret
data: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIwMC42MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy4xMyAobGludXgpIgoJfQp9Cg==
type: kubernetes.io/dockerconfigjson #一定要加解码,不然不可以远程拉取,解码要和登录的解码一样
//创建secret资源
[root@master01 demo]# kubectl create -f registry-pull-secret.yaml
secret/registry-pull-secret created
//查看secret资源
[root@master01 demo]# kubectl get secret
NAME TYPE DATA AGE
default-token-r77nm kubernetes.io/service-account-token 3 4d17h
registry-pull-secret kubernetes.io/dockerconfigjson 1 28s #资源创建成功
13.创建资源从harbor中下载镜像
[root@master01 demo]# vim tomcat-deployment.yaml #创建控制器和服务资源
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-tomcat
spec:
replicas: 2
template:
metadata:
labels:
app: my-tomcat
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: my-tomcat
image: 192.168.200.60/project/tomcat
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-tomcat
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 31111
selector:
app: my-tomcat
14.创建资源
[root@master01 demo]# kubectl delete -f tomcat-deployment.yaml 删除原有的资源
deployment.extensions "my-tomcat" deleted
service "my-tomcat" deleted
[root@master01 demo]# kubectl create -f tomcat-deployment.yaml #创建新的资源
deployment.extensions/my-tomcat created
service/my-tomcat created
15.私有仓库中的镜像被下载了2次
更多推荐
所有评论(0)