k8s--pod容器与镜像管理,k8s私有仓库harbor搭建
文章目录pod资源管理部署harbor创建私有项目pod资源管理pod的特点:最小部署单元一组容器的集合一个Pod中的容器共享网络命名空间Pod是短暂的pod容器分类:infrastructure container 基础容器initcontainers 初始化容器container 业务容器1:infrastructure container 基础容器维护整个pod网络空间:可以在node节点操
·
pod资源管理
pod的特点:
- 最小部署单元
- 一组容器的集合
- 一个Pod中的容器共享网络命名空间
- Pod是短暂的
pod容器分类:
- infrastructure container 基础容器
- initcontainers 初始化容器
- container 业务容器
1:infrastructure container 基础容器
- 维护整个pod网络空间:可以在node节点操作查看容器的网络
'查看容器的网络'
[root@node01 ~]# cat /opt/kubernetes/cfg/kubelet
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
'每次创建Pod时候就会创建,与Pod对应的,对于用户是透明的'
[root@node01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
902bca636912 registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 "/pause" 6 hours ago Up 6 hours k8s_POD_nginx-deployment-d55b94fd-7rp7w_default_55f27822-0c31-11eb-871f-000c2911956a_0
2:initcontainers 初始化容器
- 先于业务容器开始执行,原先pod中容器是并行开启,现在进行了改进
- 无论容器写在初始化容器前还是写在初始化容器后,最先执行的都是初始化容器。只有初始化容器执行成功后才可以启动容器
- 初始化容器的应用场景一般是多容器,例如:mysql和业务分开两个容器。将业务设为初始化容器,并检查mysql是否启动,若mysql启动,则业务容器启动;否则业务容器等待mysql启动
3:container 业务容器
- 业务容器就是我们创建的pod资源内的容器服务,业务容器也叫APP容器,并行启动
官方网站
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
镜像拉取策略(image PullPolicy)
- IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
- Always:每次创建Pod都会重新拉取一次镜像
- Never:Pod永远不会主动拉取这个镜像
https://kubernetes.io/docs/concepts/containers/images
在master操作
[root@master test]# kubectl edit deployment/nginx-deployment
spec:
containers:
- image: nginx:latest
imagePullPolicy: Always '更改镜像拉取策略'
name: nginx
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
尝试编辑一个pod并指定拉去策略
[root@master test]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: Always
command: [ "echo", "SUCCESS" ]
[root@master test]# kubectl create -f pod1.yaml
pod/mypod created
[root@master test]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 0/1 CrashLoopBackOff 3 4m17s
失败的状态的原因是因为命令启动冲突
删除 command: [ “echo”, “SUCCESS” ]
[root@master test]# kubectl delete -f pod1.yaml '删除原有的资源'
pod "mypod" deleted
[root@master test]# kubectl apply -f pod1.yaml '更新资源'
pod/mypod created
[root@master test]# kubectl get pods '资源创建成功'
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 27s
查看分配节点
[root@master test]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
mypod 1/1 Running 0 69s 172.17.71.5 192.168.179.123 <none>
'在任意node节点使用curl 查看头部信息'
[root@node02 ~]# curl -I 172.17.71.5
HTTP/1.1 200 OK
Server: nginx/1.19.3
Date: Mon, 12 Oct 2020 08:55:50 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 29 Sep 2020 14:12:31 GMT
Connection: keep-alive
ETag: "5f7340cf-264"
Accept-Ranges: bytes
部署harbor创建私有项目
harbor部署过程可以看我之前的博客
所有node节点修改daemon-json文件,指定harbor仓库地址,修改完文件后记得重启Docker
[root@node01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["......"],
"insecure-registries":["192.168.179.127"]
}
[root@node01 ~]# systemctl restart docker
所有node节点都登录harbor仓库(在使用harbor仓库下载镜像创建资源的时候,需要保证node节点处于登陆的状态)
[root@node01 ~]# docker login 192.168.179.127
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
下载一个httpd镜像,进行上传
[root@node01 ~]# docker pull httpd
[root@node01 ~]# docker tag httpd 192.168.179.127/project/httpd
[root@node01 ~]# docker push 192.168.179.127/project/httpd
进行镜像下载问题就会出现,需要登录才能下载
问题点:缺少仓库的凭据
[root@node01 ~]# docker pull 192.168.195.80/project/httpd
Using default tag: latest
Error response from daemon: Get https://192.168.195.80/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
node节点下载httpd镜像
[root@node01 ~]# docker pull httpd:2.2
[root@master test]# vim httpd-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-httpd
spec:
replicas: 2
template:
metadata:
labels:
app: my-httpd
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: my-httpd
image: docker.io/project/httpd:2.2
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-httpd
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 32222
selector:
app: my-httpd
[root@master test]# kubectl create -f httpd-deployment.yaml
deployment.extensions/my-httpd created
service/my-httpd created
[root@master test]# kubectl get pods,deploy,svc
NAME READY STATUS RESTARTS AGE
pod/my-httpd-df6795568-g9dzc 1/1 Running 0 62s
pod/my-httpd-df6795568-jg4sc 1/1 Running 0 62s
pod/mypod 1/1 Unknown 0 38m
pod/nginx-deployment-57f495d87b-6t9dz 1/1 Running 0 17m
pod/nginx-deployment-57f495d87b-fxm64 1/1 Unknown 0 48m
pod/nginx-deployment-57f495d87b-gwmb5 1/1 Unknown 0 48m
pod/nginx-deployment-57f495d87b-kjgzw 1/1 Running 0 17m
pod/nginx-deployment-57f495d87b-q754z 1/1 Running 1 49m
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deployment.extensions/my-httpd 2 2 2 2 62s
deployment.extensions/nginx-deployment 3 3 3 3 7h10m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 13d
service/my-httpd NodePort 10.0.0.249 <none> 80:31111/TCP 47s
service/nginx-service NodePort 10.0.0.206 <none> 80:33333/TCP 6h55m
node01上操作(之前登陆过harbor仓库的节点)
[root@node01 ~]# docker login 192.168.179.127
[root@node01 ~]# docker tag httpd:2.2 192.168.179.127/project/httpd:2.2 '镜像打标签'
[root@node01 ~]# docker push 192.168.179.127/project/httpd:2.2 '上传镜像到harbor'
[root@node01 ~]# cat .docker/config.json |base64 -w 0 '查看登陆凭据'
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE3OS4xMjciOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuMTMgKGxpbnV4KSIKCX0KfQ==
master节点创建secret资源
[root@master test]# vim registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: registry-pull-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE3OS4xMjciOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuMTMgKGxpbnV4KSIKCX0KfQ==
type: kubernetes.io/dockerconfigjson
[root@master test]# kubectl create -f registry-pull-secret.yaml '创建secret资源'
secret/registry-pull-secret created
[root@master test]# kubectl get secret '查看secret资源'
NAME TYPE DATA AGE
default-token-99dmr kubernetes.io/service-account-token 3 13d
registry-pull-secret kubernetes.io/dockerconfigjson 1 46s
创建资源从harbor中下载镜像
[root@master test]# vim httpd-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-httpd
spec:
replicas: 2
template:
metadata:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-httpd
spec:
replicas: 2
template:
metadata:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-httpd
spec:
replicas: 2
template:
metadata:
labels:
app: my-httpd
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: my-httpd
image: 192.168.179.127/project/httpd:2.2
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-httpd
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 32222
selector:
app: my-httpd
[root@master test]# kubectl get pods '将之前的pod资源删了'
No resources found.
[root@master test]# kubectl create -f httpd-deployment.yaml
deployment.extensions/my-httpd created
service/my-httpd created
[root@master test]# kubectl get pods
NAME READY STATUS RESTARTS AGE
my-httpd-f98b7856d-f8bxf 1/1 Running 0 2s
my-httpd-f98b7856d-p57gt 1/1 Running 0 2s
此时查看镜像仓库发现镜像被下载了两次 ,这是正确的
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献9条内容
所有评论(0)