caas k8s主控节点如何查询_k8s--04 部署harbor作为k8s镜像仓库
k8s实战部署harbor作为k8s镜像仓库1.实验目标部署k8s私有镜像仓库harbor把demo小项目需要的镜像上传到harbor上修改demo项目的资源配置清单,镜像地址修改为harbord的地址2.再node1上安装harbor[root@node1 ~]# cd /opt/#上传harbor软件包[root@node1 /opt]# rz -Erz waiting to receive.
·
k8s实战
部署harbor作为k8s镜像仓库
1.实验目标
部署k8s私有镜像仓库harbor把demo小项目需要的镜像上传到harbor上修改demo项目的资源配置清单,镜像地址修改为harbord的地址2.再node1上安装harbor
[root@node1 ~]# cd /opt/#上传harbor软件包[root@node1 /opt]# rz -Erz waiting to receive.#解压[root@node1 /opt]# tar zxf harbor-offline-installer-v1.9.0-rc1.tgz#进入解压后的文件目录[root@node1 /opt]# cd harbor/3.编辑harbor配置文件
#备份[root@node1 /opt/harbor]# cp harbor.yml harbor.yml.bak#编辑配置文件[root@node1 /opt/harbor]# vim harbor.yml #需要更改的地方hostname: 10.0.0.11port: 8888harbor_admin_password: 123456data_volume: /data/harbor4.执行安装
#在安装harbor是许诺先安装docker-compose,否则报错[root@node1 /opt/harbor]# yum install docker-compose -y#安装harbor(注意命令执行的所在目录)[root@node1 /opt/harbor]# ./install.sh
5.浏览器访问
http://10.0.0.11:8888用户:admin密码:123456
6.建立镜像仓库
这里有2种访问级别:公开:任何人都可以直接访问并下载镜像私有:登陆授权后才允许下载镜像#注意如果创建私有仓库,k8s是不能直接下载的,需要配置安全文件
7. 所有节点都配置docker信任harbor仓库并重启docker 注意:所有节点
#配置信任仓库cat >/etc/docker/daemon.json <8.docker登陆harbor ( 所有节点 都执行 )
[root@node1 /opt/harbor]# docker login 10.0.0.11:8888Username: adminPassword: #密码 123456WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded9.下载镜像修改tag并push到harbor上 ( 注意:从节点执行 )
1.在主节点查询镜像存放的节点位置[root@node1 ~]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESmysql-8fcd9f64-vqkm9 1/1 Running 1 18m 10.2.1.4 node2 myweb-6f974fdbdc-gsncp 1/1 Running 1 18m 10.2.1.5 node2 myweb-6f974fdbdc-ngngv 1/1 Running 1 18m 10.2.2.3 node3 2.根据主节点获取的信息在从节点执行打标签[root@node2 ~]# docker tag kubeguide/tomcat-app:v1 10.0.0.11:8888/k8s/tomcat-app:v1[root@node2 ~]# docker tag mysql:5.7 10.0.0.11:8888/k8s/mysql:5.73.将打好的标签的镜像上传到harbor仓库[root@node2 ~]# docker push 10.0.0.11:8888/k8s/tomcat-app:v1 [root@node2 ~]# docker push 10.0.0.11:8888/k8s/mysql:5.7
10.节点上删除镜像
#注意需要先删除标签镜像在删除源镜像docker rmi 10.0.0.11:8888/k8s/mysql:5.7 docker rmi 10.0.0.11:8888/k8s/tomcat-app:v1docker rmi mysql:5.7 docker rmi kubeguide/tomcat-app:v111.删除以前的demo项目 注意:主节点执行
[root@node1 ~]# kubectl delete -f tomcat-demo.yamldeployment.apps "mysql" deletedservice "mysql" deleteddeployment.apps "myweb" deletedservice "myweb" deleted12.修改demo项目的资源配置清单里的镜像地址
[root@node1 ~]# vim tomcat-demo.yaml #注意更改的位置原来image: mysql:5.7 变更为: image: 10.0.0.11:8888/k8s/mysql:5.7原来image: k8s/tomcat-app:v1 变更为: image: 10.0.0.11:8888/k8s/tomcat-app:v113.应用资源配置清单
[root@node1 ~]# kubectl create -f tomcat-demo.yaml deployment.apps/mysql createdservice/mysql createddeployment.apps/myweb createdservice/myweb created14.报错
#此时查看pod状态会发现镜像拉取失败了[root@node1 ~]# kubectl get podNAME READY STATUS RESTARTS AGEmysql-7d746b5577-wtxtm 0/1 ErrImagePull 0 15smyweb-764df5ffdd-jvvmf 0/1 ImagePullBackOff 0 15smyweb-764df5ffdd-rc9pc 0/1 ImagePullBackOff 0 15s#查看pod创建的详细信息[root@node1 ~]# kubectl describe pod mysql-7d746b5577-可以tab自己的数据#关键报错信息:Failed to pull image "10.0.0.11:8888/k8s/mysql:5.7": rpc error: code = Unknown desc = Error response from daemon: pull access denied for 10.0.0.11:8888/k8s/mysql, repository does not exist or may require 'docker login'翻译:项目不出在或者需要登录15.查看docker登陆的密码文件
[root@node1 ~]# docker login 10.0.0.11:8888Authenticating with existing credentials...WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded#查看加密密码文件[root@node1 ~]# cat /root/.docker/config.json{"auths": {"10.0.0.11:8888": {"auth": "YWRtaW46MTIzNDU2"}},"HttpHeaders": {"User-Agent": "Docker-Client/18.09.9 (linux)"}16.将docker密码文件解码成base64编码 解码:base64
[root@node1 ~]# cat /root/.docker/config.json|base64ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTE6ODg4OCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZNVEl6TkRVMiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9#每一个人的都不一样17.创建并应用docker登陆的Secret资源
#注意!!!1.dockerconfigjson: xxx直接写base64的编码,不需要换行2.base64编码是一整行,不是好几行3.最后的type字段不能少[root@node1 ~]# cat >harbor-secret.yaml<18.修改demo资源配置清单,添加拉取镜像的参数
查看命令帮助kubectl explain deployment.spec.template.spec.imagePullSecrets修改资源配置清单修改文件---------------------------- imagePullSecrets: - name: harbor-secret---------------------------- #注意:mysql和tomcat都需要增加[root@node1 ~/demo]# cat tomcat-demo.yaml apiVersion: apps/v1kind: Deployment metadata: name: mysqlspec: replicas: 1 selector: matchLabels: app: mysql template: metadata: labels: app: mysql spec: containers: - name: mysql image: 10.0.0.11:8888/k8s/mysql:5.7 ports: - containerPort: 3306 env: - name: MYSQL_ROOT_PASSWORD value: "123456" imagePullSecrets: - name: harbor-secret---apiVersion: v1kind: Servicemetadata: name: mysqlspec: ports: - port: 3306 selector: app: mysql---apiVersion: apps/v1kind: Deployment metadata: name: mywebspec: replicas: 2 selector: matchLabels: app: myweb template: metadata: labels: app: myweb spec: containers: - name: myweb image: 10.0.0.11:8888/k8s/tomcat-app:v1 ports: - containerPort: 8080 env: - name: MYSQL_SERVICE_HOST value: 'mysql' - name: MYSQL_SERVICE_PORT value: '3306' imagePullSecrets: - name: harbor-secret---apiVersion: v1kind: Servicemetadata: name: mywebspec: type: NodePort ports: - port: 8080 nodePort: 30001 selector: app: myweb19.应用资源配置清单并查看
1.删除资源配置清单[root@node1 ~]# kubectl delete -f tomcat-demo.yaml2.创建新的资源[root@node1 ~]# kubectl create -f tomcat-demo.yaml deployment.apps/mysql createdservice/mysql createddeployment.apps/myweb createdservice/myweb created3.查询下载的资源kubectl get pod -o wide20.浏览器查看
http://10.0.0.11:30001/demo
报错总结:
#报错总结:1.如果要删除的镜像正在被容器使用,那么你是删不了的2.harbor卸载不干净,/data/harbor/目录下的数据也要删除3.secret配置只写了一个dp,实际上有几个deployment就需要写几个重做k8s使用harbor作为私有仓库1.停止harbor正在运行的容器2.删除harbor的容器docker ps -a|grep "goharbor"|awk '{print "docker rm "$1}'3.删除harbor的镜像dockerimages|grep "goharbor"|awk '{print "docker rmi "$1":"$2}'4.解压并修改harbor配置文件hostname: 10.0.0.11port: 8888harbor_admin_password: 123456data_volume: /data/harbor5.执行安装并访问./install.shhttp://10.0.0.11:88886.创建一个私有仓库k8s7.配置docker信任仓库并重启--三台服务器都操作!!! { "registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"], "insecure-registries" : ["http://10.0.0.11:8888"] }systemctl restart docker注意!!!node1重启后harbor会失效,需要重启harborcd /opt/harbordocker-compose stopdocker-compose start8.docker登陆harbordocker login 10.0.0.11:88889.将docker登陆凭证转化为k8s能识别的base64编码[root@node1 ~]# cat /root/.docker/config.json|base64ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTE6ODg4OCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZNVEl6TkRVMiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp910.编写Secert资源配置清单[root@node1 ~/demo]# cat harbor-secret.yaml apiVersion: v1kind: Secretmetadata: name: harbor-secretdata: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTE6ODg4OCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZNVEl6TkRVMiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9type: kubernetes.io/dockerconfigjson11.应用Secret资源kubectl delete -f harbor-secret.yaml kubectl create -f harbor-secret.yamlkubectl get secrets12.修改镜像tag并上传到harbordocker tag kubeguide/tomcat-app:v1 10.0.0.11:8888/k8s/tomcat-app:v1docker tag mysql:5.7 10.0.0.11:8888/k8s/mysql:5.7docker push 10.0.0.11:8888/k8s/tomcat-app:v1docker push 10.0.0.11:8888/k8s/mysql:5.7 13.修改demo资源配置清单####mysqlimagePullSecrets: - name: harbor-secret###tomcatimagePullSecrets: - name: harbor-secret14.应用资源清单并查看kubectl apply -f .kubectl get pod
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)