一、Pod资源管理

1.1 pod特点

  • 最小部署单元
  • 一组容器的集合
  • 一个Pod中的容器共享网络命名空间
  • Pod是短暂的

1.2 Pod容器分类

1:infrastructure container 基础容器

作用:维护整个Pod网络空间

node节点操作:查看容器的网络
[root@localhost ~]# cat /opt/kubernetes/cfg/kubelet
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
每次创建Pod时候就会创建,与Pod对应的,对于用户是透明的

2:initcontainers 初始化容器

先于业务容器开始执行,原先Pod中容器是并行开启,现在进行了改进

3:container 业务容器

并行启动
官方网站
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
示例:
在这里插入图片描述

master01操作

[root@localhost demo]# kubectl edit deployment/nginx
spec:
      containers:
      - image: nginx:latest
        imagePullPolicy: Always   #改成always
        name: nginx
        ports:
        - containerPort: 80
          protocol: TCP
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
[root@master01 ~]# cd demo/
[root@master01 demo]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
    - name: nginx
      image: nginx
      imagePullPolicy: Always
      command: [ "echo", "SUCCESS" ]
[root@master01 demo]# kubectl create -f pod1.yaml 
pod/mypod created
[root@master01 demo]# kubectl get pods  
NAME                                READY   STATUS              RESTARTS   AGE
mypod                               0/1     ContainerCreating   0          19s
[root@master01 demo]# kubectl get pods -w
NAME                                READY   STATUS      RESTARTS   AGE
mypod                               0/1     Completed   0          25s
mypod   0/1   Completed   1     33s             #一直在尝试重启
mypod   0/1   CrashLoopBackOff   1     34s      
mypod   0/1   Completed   2     59s
mypod   0/1   CrashLoopBackOff   2     60s
mypod   0/1   Completed   3     102s
mypod   0/1   CrashLoopBackOff   3     112s
[root@master01 demo]# kubectl logs mypod
SUCCESS
//失败的状态的原因是因为命令启动冲突
删除 command: [ "echo", "SUCCESS" ]
//同时更改一下版本
image: nginx:1.14
//删除原有的资源
[root@master01 demo]# vim pod1.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
    - name: nginx
      image: nginx:1.14
      imagePullPolicy: Always
[root@master01 demo]# kubectl delete -f pod1.yaml    //删除原有的资源
pod "mypod" deleted
[root@master01 demo]# kubectl get all
NAME                                    READY   STATUS    RESTARTS   AGE
[root@master01 demo]# kubectl apply -f pod1.yaml    //更新资源
pod/mypod created
[root@master01 demo]# kubectl get pods -w
NAME                                READY   STATUS              RESTARTS   AGE
mypod                               0/1     ContainerCreating   0          6s
mypod   1/1   Running   0     19s
[root@master01 demo]# kubectl get pods -o wide
NAME                                READY   STATUS    RESTARTS   AGE   IP            NODE              NOMINATED NODE
mypod                               1/1     Running   0          24s   172.17.4.3    192.168.200.120   <none>
//在mypod的node节点使用curl 查看头部信息
[root@node02 ~]# curl -I 172.17.4.3
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 12 Oct 2020 09:25:46 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 04 Dec 2018 14:44:49 GMT
Connection: keep-alive
ETag: "5c0692e1-264"
Accept-Ranges: bytes

2. 部署k8s的harbor创建私有项目

实验目的

为k8s创建一个harbor私库

实验步骤

1.新开一个虚拟机,节点IP为192.168.200.60,安装dockers服务

[root@localhost ~]# iptables -F
[root@localhost ~]# setenforce 0
[root@localhost ~]# hostnamectl set-hostname harbor
[root@localhost ~]# su
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce docker-ce-cli containerd.io
systemctl start docker
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://sno1b9w3.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
vim /etc/sysctl.conf 
net.ipv4.ip_forward=1
sysctl -p
service network restart
systemctl restart docker

2.安装docker-compose命令

[root@harbor ~]# ls
anaconda-ks.cfg  initial-setup-ks.cfg  模板  图片  下载  桌面
docker-compose   公共                  视频  文档  音乐
[root@harbor ~]# chmod +x docker-compose 
[root@harbor ~]# ls
anaconda-ks.cfg  initial-setup-ks.cfg  模板  图片  下载  桌面
docker-compose   公共                  视频  文档  音乐
[root@harbor ~]# cp docker-compose /usr/local/bin/
[root@harbor ~]# docker-compose -v
docker-compose version 1.21.1, build 5a3f1a3

3.安装harbor

[root@harbor ~]# tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
[root@harbor ~]# vim /usr/local/harbor/harbor.cfg
 5 hostname = 192.168.200.60 
[root@harbor ~]# cd /usr/local/harbor/
[root@harbor harbor]# sh install.sh   #执行安装脚本

[Step 0]: checking installation environment ...

Note: docker version: 19.03.13

Note: docker-compose version: 1.21.1

[Step 1]: loading Harbor images ...
dd60b611baaa: Loading layer  133.2MB/133.2MB
abf0579c40fd: Loading layer  1.536kB/1.536kB
ea1fc7bed9c5: Loading layer  22.48MB/22.48MB
1d6671367c69: Loading layer  7.168kB/7.168kB
b322bb3e4765: Loading layer  5.339MB/5.339MB
0cf512d418ac: Loading layer  9.728kB/9.728kB
4a7cdc0b1a2b: Loading layer   2.56kB/2.56kB
ef1130526636: Loading layer  22.48MB/22.48MB
Loaded image: vmware/harbor-ui:v1.2.2
4a050fccec52: Loading layer  12.16MB/12.16MB
d918d73369ec: Loading layer   17.3MB/17.3MB
22898836924e: Loading layer  15.87kB/15.87kB
Loaded image: vmware/notary-photon:server-0.5.0
76c156eab077: Loading layer    134MB/134MB
1eae6563289a: Loading layer  16.42MB/16.42MB
Loaded image: vmware/nginx-photon:1.11.13
2e814f7ef645: Loading layer  2.048kB/2.048kB
bc5742b580db: Loading layer  2.048kB/2.048kB
5413bcdb81b0: Loading layer   2.56kB/2.56kB
c4e2be066795: Loading layer  3.584kB/3.584kB
a4ea62be60b0: Loading layer   22.8MB/22.8MB
800a351ae5da: Loading layer   22.8MB/22.8MB
Loaded image: vmware/registry:2.6.2-photon
Loaded image: photon:1.0
a39bd6a7f897: Loading layer  10.95MB/10.95MB
6f79b8337a1f: Loading layer   17.3MB/17.3MB
74bbd0e81dd0: Loading layer  15.87kB/15.87kB
Loaded image: vmware/notary-photon:signer-0.5.0
2202528221a2: Loading layer   7.07MB/7.07MB
4fe250d3c912: Loading layer   7.07MB/7.07MB
Loaded image: vmware/harbor-adminserver:v1.2.2
9463fb852970: Loading layer  75.37MB/75.37MB
d2c9a2a395d9: Loading layer  3.584kB/3.584kB
b08aea2a8a82: Loading layer  3.072kB/3.072kB
103e65a1013b: Loading layer  3.072kB/3.072kB
Loaded image: vmware/harbor-log:v1.2.2
5d6cbe0dbcf9: Loading layer  129.2MB/129.2MB
435f2dfbd884: Loading layer  344.6kB/344.6kB
814d7b59f0cc: Loading layer  4.657MB/4.657MB
aae399245bd0: Loading layer  1.536kB/1.536kB
21e2ae955f72: Loading layer  33.84MB/33.84MB
a2d0f7b84059: Loading layer  25.09kB/25.09kB
819fa6af55b8: Loading layer  3.584kB/3.584kB
78914c99a468: Loading layer  167.7MB/167.7MB
36e79c658afb: Loading layer  6.144kB/6.144kB
f73503aca003: Loading layer  9.216kB/9.216kB
a21b39f6da59: Loading layer  1.536kB/1.536kB
ef81eb7c77b3: Loading layer  8.704kB/8.704kB
08d0cfe60b0d: Loading layer  4.608kB/4.608kB
0864dda8f611: Loading layer  4.608kB/4.608kB
Loaded image: vmware/harbor-db:v1.2.2
29d1f4ae97dd: Loading layer  18.31MB/18.31MB
7caf936e1402: Loading layer  18.31MB/18.31MB
Loaded image: vmware/harbor-jobservice:v1.2.2
78dbfa5b7cbc: Loading layer  130.9MB/130.9MB
5f70bf18a086: Loading layer  1.024kB/1.024kB
8deec01122be: Loading layer  344.6kB/344.6kB
574ab36807f2: Loading layer  1.536kB/1.536kB
d8f2cde2eef8: Loading layer  20.48kB/20.48kB
eaa3924b054e: Loading layer   5.12kB/5.12kB
8aa2c772121c: Loading layer  184.3MB/184.3MB
c3014bbccb0b: Loading layer  8.704kB/8.704kB
978a35efaa8c: Loading layer  4.608kB/4.608kB
c2385ae7d6e5: Loading layer   16.6MB/16.6MB
Loaded image: vmware/harbor-notary-db:mariadb-10.1.10
c192a34d4ff4: Loading layer  155.2MB/155.2MB
d012a9276a83: Loading layer  10.75MB/10.75MB
b8befd881cb5: Loading layer  10.75MB/10.75MB
Loaded image: vmware/clair:v2.0.1-photon
bbda1562018e: Loading layer  101.6MB/101.6MB
1171ab08cc04: Loading layer  6.656kB/6.656kB
6df81d3a0683: Loading layer  6.656kB/6.656kB
Loaded image: vmware/postgresql:9.6.4-photon


[Step 2]: preparing environment ...
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.


[Step 3]: checking existing instance of Harbor ...


[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating harbor-db          ... done
Creating registry           ... done
Creating harbor-ui          ... done
Creating nginx              ... done
Creating harbor-jobservice  ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://192.168.200.60 . 
For more details, please visit https://github.com/vmware/harbor .
[root@harbor harbor]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
vmware/harbor-log           v1.2.2              36ef78ae27df        2 years ago         200MB
vmware/harbor-jobservice    v1.2.2              e2af366cba44        2 years ago         164MB
vmware/harbor-ui            v1.2.2              39efb472c253        2 years ago         178MB
vmware/harbor-adminserver   v1.2.2              c75963ec543f        2 years ago         142MB
vmware/harbor-db            v1.2.2              ee7b9fa37c5d        2 years ago         329MB
vmware/nginx-photon         1.11.13             6cc5c831fc7f        3 years ago         144MB
vmware/registry             2.6.2-photon        5d9100e4350e        3 years ago         173MB
vmware/postgresql           9.6.4-photon        c562762cbd12        3 years ago         225MB
vmware/clair                v2.0.1-photon       f04966b4af6c        3 years ago         297MB
vmware/harbor-notary-db     mariadb-10.1.10     64ed814665c6        3 years ago         324MB
vmware/notary-photon        signer-0.5.0        b1eda7d10640        3 years ago         156MB
vmware/notary-photon        server-0.5.0        6e2646682e3c        3 years ago         157MB
photon                      1.0                 e6e4e4a2ba1b        4 years ago         128MB
[root@harbor harbor]# docker ps -a
CONTAINER ID        IMAGE                              COMMAND                  CREATED             STATUS              PORTS                                                              NAMES
1e8c92c9c595        vmware/nginx-photon:1.11.13        "nginx -g 'daemon of…"   2 minutes ago       Up 2 minutes        0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp   nginx
3099b8ddd0ea        vmware/harbor-jobservice:v1.2.2    "/harbor/harbor_jobs…"   2 minutes ago       Up 2 minutes                                                                           harbor-jobservice
91360379e51f        vmware/harbor-ui:v1.2.2            "/harbor/harbor_ui"      2 minutes ago       Up 2 minutes                                                                           harbor-ui
9cc34ed8e953        vmware/registry:2.6.2-photon       "/entrypoint.sh serv…"   2 minutes ago       Up 2 minutes        5000/tcp                                                           registry
343058843b37        vmware/harbor-adminserver:v1.2.2   "/harbor/harbor_admi…"   2 minutes ago       Up 2 minutes                                                                           harbor-adminserver
54b26109a052        vmware/harbor-db:v1.2.2            "docker-entrypoint.s…"   2 minutes ago       Up 2 minutes        3306/tcp                                                           harbor-db
a5162dc95552        vmware/harbor-log:v1.2.2           "/bin/sh -c 'crond &…"   2 minutes ago       Up 2 minutes        127.0.0.1:1514->514/tcp                                            harbor-log
[root@harbor harbor]# cd /usr/local/harbor/
[root@harbor harbor]# docker-compose ps
       Name                     Command               State                Ports             
---------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/harbor_adminserver       Up                                     
harbor-db            docker-entrypoint.sh mysqld      Up      3306/tcp                       
harbor-jobservice    /harbor/harbor_jobservice        Up                                     
harbor-log           /bin/sh -c crond && rm -f  ...   Up      127.0.0.1:1514->514/tcp        
harbor-ui            /harbor/harbor_ui                Up                                     
nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp,          
                                                              0.0.0.0:4443->4443/tcp,        
                                                              0.0.0.0:80->80/tcp             
registry             /entrypoint.sh serve /etc/ ...   Up      5000/tcp           

4.如果一切都正常,应该可以打开浏览器访问 http://192.168.200.60 的管理页面,默认 的管理员用户名和密码是 admin/Harbor12345。
在这里插入图片描述
5.部署harbor创建私有项目
在这里插入图片描述
6.node节点配置连接私有仓库(注意后面的逗号要添加)

[root@node01 ~]# vim /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://sno1b9w3.mirror.aliyuncs.com"],
  "insecure-registries":["192.168.200.60"]     #添加这句
}
[root@node01 ~]# systemctl restart docker


[root@node02 ~]#  vim /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://sno1b9w3.mirror.aliyuncs.com"],
  "insecure-registries":["192.168.200.60"]     #添加这句
}
[root@node02 ~]# systemctl restart docker   #重启docker

7.node节点登录harbor私有仓库

[root@node01 ~]# docker login 192.168.200.60
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@node02 ~]# docker login 192.168.200.60
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

8.下载Tomcat镜像进行推送

[root@node01 ~]# docker pull tomcat   #从公有库下载镜像
Using default tag: latest
latest: Pulling from library/tomcat
Digest: sha256:1bab37d5d97bd8c74a474b2c1a62bbf1f1b4b62f151c8dcc472c7d577eb3479d
Status: Image is up to date for tomcat:latest
docker.io/library/tomcat:latest
//打标签
[root@node01 ~]# docker tag tomcat 192.168.200.60/project/tomcat8   为下载的镜像打标签
[root@node01 ~]# docker images
REPOSITORY                                                        TAG                 IMAGE ID            CREATED             SIZE
nginx                                                             latest              992e3b7be046        6 days ago          133MB
192.168.200.60/project/tomcat8                                    latest              f796d3d2c195        3 weeks ago          647MB     ###打完标签的镜像
tomcat                                                            latest              f796d3d2c195        3 weeks ago         647MB
centos                                                            7                   7e6257c9f8d8        2 months ago        203MB
nginx                                                             1.14                295c7be07902        18 months ago       109MB
nginx                                                             1.15.4              bc26f1ed35cf        2 years ago         109MB
siriuszg/kubernetes-dashboard-amd64                               v1.8.3              784cf2722f44        2 years ago         102MB
registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64   3.0                 99e59f495ffa        4 years ago         747kB
[root@node01 ~]# docker push 192.168.200.60/project/tomcat8//推送成功
The push refers to repository [192.168.200.60/project/tomcat8]
b654a29de9ee: Pushed 
1485ce09f585: Pushed 
eb6e8fe5c6dc: Pushed 
8b185d674aef: Pushed 
4f17d163126f: Pushed 
df95ed2a791d: Pushed 
17bdf5e22660: Pushed 
d37096232ed8: Pushed 
6add0d2b5482: Pushed 
4ef54afed780: Pushed 
latest: digest: sha256:99c20ba4ab117d182a0aa2266123b2cfb425777495fd62e2ba37f489c3e2f808 size: 2421
[root@node01 ~]# cd .docker/   进入私库下发文件目录
[root@node01 .docker]# ls
config.json
[root@node01 .docker]# cat config.json | base64 -w 0   # 使用64位解码并且不换行输出查看
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIwMC42MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy4xMyAobGludXgpIgoJfQp9Cg==

9.查看私库,上传成功,然后删除私库
在这里插入图片描述

10.通过yaml文件创建资源

[root@localhost demo]# vim tomcat-deployment.yaml  #创建yaml文件
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: my-tomcat
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: my-tomcat
    spec:
      containers:
      - name: my-tomcat
        image: docker.io/tomcat:8.0.52   #镜像版本
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: my-tomcat
spec:
  type: NodePort
  ports:
  - port: 8080
    targetPort: 8080
    nodePort: 31111
  selector:
    app: my-tomcat
[root@master01 demo]# kubectl create -f tomcat-deplyment.yaml   #创建资源
deployment.extensions/my-tomcat created
service/my-tomcat created

11.在node01上操作,上传私库(之前登陆过harbor仓库的节点,上传的前提是登录私库)

[root@node01 .docker]# docker tag tomcat:8.0.52 192.168.200.60/project/tomcat  //镜像打标签
[root@node01 .docker]# docker push 192.168.200.60/project/tomcat  //上传镜像到harbor
The push refers to repository [192.168.200.60/project/tomcat]
fe9cde45f959: Pushed 
2ef8c178f6e1: Pushed 
ec7635afeee4: Pushed 
5525ae859b17: Pushed 
5e4834f80277: Pushed 
6e85077a6fde: Pushed 
88ceb290c2a1: Pushed 
f469346f8162: Pushed 
29783d2ef871: Pushed 
d7ed640784f1: Pushed 
1618a71a1198: Pushed 
latest: digest: sha256:f3cfaf433cb95dafca20143ba99943249ab830d0aca484c89ffa36cf2a9fb4c9 size: 2625
[root@node01 .docker]# cat config.json |base64 -w 0   # 查看登陆凭据
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIwMC42MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy4xMyAobGludXgpIgoJfQp9Cg==

12.使用master拉取私库一定要配置secret资源

[root@master01 demo]# vim registry-pull-secret.yaml  #创建
apiVersion: v1
kind: Secret
metadata:
  name: registry-pull-secret
data:  .dockerconfigjson:   ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIwMC42MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy4xMyAobGludXgpIgoJfQp9Cg==
type: kubernetes.io/dockerconfigjson       #一定要加解码,不然不可以远程拉取,解码要和登录的解码一样
//创建secret资源
[root@master01 demo]# kubectl create -f registry-pull-secret.yaml 
secret/registry-pull-secret created
//查看secret资源
[root@master01 demo]# kubectl get secret
NAME                   TYPE                                  DATA   AGE
default-token-r77nm    kubernetes.io/service-account-token   3      4d17h
registry-pull-secret   kubernetes.io/dockerconfigjson        1      28s     #资源创建成功

13.创建资源从harbor中下载镜像

[root@master01 demo]# vim tomcat-deployment.yaml   #创建控制器和服务资源
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: my-tomcat
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: my-tomcat
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - name: my-tomcat
        image: 192.168.200.60/project/tomcat
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: my-tomcat
spec:
  type: NodePort
  ports:
  - port: 8080
    targetPort: 8080
    nodePort: 31111
  selector:
    app: my-tomcat

14.创建资源

[root@master01 demo]# kubectl delete -f tomcat-deployment.yaml   删除原有的资源
deployment.extensions "my-tomcat" deleted
service "my-tomcat" deleted
[root@master01 demo]# kubectl create -f tomcat-deployment.yaml   #创建新的资源
deployment.extensions/my-tomcat created   
service/my-tomcat created

15.私有仓库中的镜像被下载了2次
在这里插入图片描述

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐