发布springboot-demo到私有HARBOR并使用k8s部署
发布springboot-demo到私有HARBOR并使用k8s部署
HARBOR新版本安装
https://segmentfault.com/a/1190000022812745
tar -xvf harbor-offline-installer-v2.5.0.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml
#修改配置信息,这里不使用https
vim harbor.yml:
hostname: 172.16.12.200 #如果要用https需要添加证书,这里直接使用IP
http:
port: 80 #curl测试用
#https:
# port: 443 #自动监听443端口,不通过Nginx
# certificate: /opt/certs/client.pem
# private_key: /opt/certs/client-key.pem
database:
password: root123 #默认
harbor_admin_password: Harbor12345 #默认
log:
location: /data/harbor/logs
data_volume: /data/harbor/
#
./prepare
./install.sh
http://172.16.12.200/默认用户名和密码如下: user:admin password:Harbor12345
新建project名称为demo
一般工作环境project分为dev,test,prod,uat等,用来隔离各个环境的镜像
提交测试镜像
配置docker信任(使用http时)
如果采用http登录,需要修改docker配置,k8s所有节点的docke都需要配置,否则无法拉取镜像
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://ehbu9xsm.mirror.aliyuncs.com"],
"insecure-registries":["172.16.12.200"]
}
systemctl daemon-reload
systemctl restart docker
创建镜像
springboot-demo项目的Dockerfile.yaml
FROM openjdk:8-jdk-alpine
MAINTAINER bamoo
ADD springboot-demo.jar springboot-demo.jar
RUN echo "Asia/Shanghai" >/etc/timezone
RUN sh -c 'touch /springboot-demo.jar'
ENV JAVA_OPTS=""
CMD exec java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar /springboot-demo.jar
EXPOSE 8000
构建镜像
docker build . -t springboot-demo:v1 -f Dockerfile
## 运行镜像容器可以在docer环境测试下,这一步非必要可以跳过
docker run -d -p 8000:8000 --name demo-test springboot-demo:v1
curl localhost:8000
修改镜像tag前
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
springboot-demo v1 3ed4b8bc215f 26 minutes ago 140MB
修改镜像tag:镜像名称要加上域名(这里是ip)/project名称/镜像名称:版本号
docker tag springboot-demo:v1 172.16.12.200/demo/springboot-demo:v1
#修改镜像tag后
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.16.12.200/demo/springboot-demo v1 3ed4b8bc215f 28 minutes ago 140MB
发布镜像到harbor仓库中
docker push 172.16.12.200/demo/springboot-demo:v1
The push refers to repository [172.16.12.200/demo/springboot-demo]
bee8556929fc: Pushed
83d6eb80e314: Pushed
1ad5d9220ec2: Pushed
32229f31d413: Pushed
ceaf9e1ebef5: Pushed
9b9b7f3d56a0: Pushed
f1b5933fe4b5: Pushed
v1: digest: sha256:567b056ce9d54521c50ff888adcabaa8180ce50ccad01c5db0214bfa5ecbb30f size: 1786
如果不使用默认项目名library,则需要使用admin用户提前登录Harbor的Web界面,手动创建新项目后再进行Push操作
给镜像打上相应的标签, 注意标签格式: ip/{project-name}/{image-name}[:tag]
项目library只有admin有写的权限
docker tag centos:latest 192.168.1.130/library/centos:1.0将本地镜像Push到Harbor
docker push 192.168.1.130/library/centos:1.0
Docker搭建私有仓库管理系统Harbor
https://blog.51cto.com/wutengfei/2480749
https://blog.csdn.net/m0_37063785/article/details/101303898
dockerfile样版
FROM java:8u211
ENV JAVA_OPTS "\
-Xmx4096m \
-XX:MetaspaceSize=256m \
-XX:MaxMetaspaceSize=256m"
ENV JAVA_HOME /usr/local/java
ENV PATH ${PATH}:${JAVA_HOME}/bin
COPY target/myweb.jar myweb.jar
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
RUN echo 'Asia/Shanghai' >/etc/timezone
EXPOSE 8080
CMD java ${JAVA_OPTS} -jar myweb.jar
k8s使用私有仓库镜像发布服务
参考https://blog.csdn.net/wangsofa/article/details/108114593
1.要有自己的私有仓库
2.要有账号密码
登录Harbor
docker login -u admin -p Harbor12345 192.168.81.84
3.查看登录的秘钥数据:
登录成功后会在当前用户下生成 .docker/config.json 文件
cat ~/.docker/config.json
4.再对上面的 config.json 进行base64加密
cat ~/.docker/config.json |base64 -w 0
5.在K8S中创建 secret.yaml 文件:
apiVersion: v1
kind: Secret
metadata:
name: login
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxNzIuMTYuMTIuMjAwIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXItQ2xpZW50LzE4LjA2LjMtY2UgKGxpbnV4KSIKCX0KfQ==
6.创建secret对象
kubectl create -f harbo-secret.yaml
7.springboot-demo的k8s服务配置信息,这里拉取私有镜像需要密码,因此需要配置imagePullSecrets这里选择第5步创建的sercet名称为login的密码
apiVersion: v1
kind: Service
metadata:
name: springboot-demo
namespace: dev
spec:
#clusterIP: 10.109.179.231 #固定svc的内网ip,不配置则随机每次创建都不同IP
ports:
- port: 8000
protocol: TCP
targetPort: 8000
selector:
run: springboot-demo
#type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: springboot-demo
namespace: dev
spec:
replicas: 2
selector:
matchLabels:
run: springboot-demo
template:
metadata:
labels:
run: springboot-demo
spec:
containers:
- image: 172.16.12.200/demo/springboot-demo:v1.1
name: springboot-demo
ports:
- containerPort: 8000
protocol: TCP
imagePullSecrets:
- name: login
8.执行创建服务
kubectl create -f springboot-demo-k8s.yaml
K8S中Service的type类型
上面创建的Service的type类型为ClusterIP,这个ip地址只用集群内部可访问
kubectl get svc -n dev
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
springboot-demo ClusterIP 10.1.13.185 <none> 8000/TCP 10d
curl http://10.1.13.185:8000
如果需要创建外部也可以访问的Service,需要修改type为NodePort
kubectl get svc -n dev
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
springboot-demo NodePort 10.1.13.185 <none> 8000:32502/TCP 10d
curl http://k8s-master:8000
但是我们在正式服务中基本使用type为ClusterIP,因为所有的服务都禁止直接外网访问的,只有通过专有域名服务器才能访问内部服务
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献6条内容
所有评论(0)