Kubernetes实录-第一篇-集群部署配置(10) Kubernets集成基于harbor构建的私有镜像仓库配置
容器平台Kubernets当前已经1.13.2版本了,将原来的1.11.3文档进行更新,在国内很多公司都在使用这个平台构建容器平台。希望把 K8S初体验 写成一个系列(希望能坚持下来),希望完成3个目标:记录下自己学习K8S的过程为之后的学习使用差缺补漏如果能为新接触K8S的朋友提供些帮助那就更好了K8S初体验记录列表[根据进度补充],以供快速查阅第一篇:配置企业级镜像参考H...
·
Kubernetes实录系列记录文档完整目录参考: Kubernetes实录-目录
相关记录链接地址 :
一、Harbor镜像仓库环境
| 主机名称 | ip地址 | 操作系统 | 角色 | 软件版本 | 备注 |
|---|---|---|---|---|---|
| k8sproxy-hzbatst-1 | 10.120.67.25 | CentOS 7.5 | proxy, registry | haproxy docker-ce 18.06.1 docker-compose 1.22.0 harbor 1.6.1 |
Harbor服务的搭建文档参考Kubernetes初体验(1) 配置企业级镜像仓库Harbor
二、harbor与kubernetes集成
1. 自签发证书在kubernetes节点上的配置[所有节点]
# harbor节点上
cp /opt/app/harbor/certs/harbor.example.com.crt /etc/pki/ca-trust/source/anchors/ca.crt
# 在kubernetes节点,也就是harbor的client端执行
mkdir -p /etc/docker/certs.d/harbor.ejuops.com
# 将自签发根证书信息拷贝到kubernetes节点,也就是harbor的client端
scp /opt/app/harbor/certs/harbor.ejuops.com.crt 10.120.67.26:/etc/pki/ca-trust/source/anchors/ca.crt
scp /opt/app/harbor/certs/harbor.ejuops.com.crt 10.120.67.27:/etc/pki/ca-trust/source/anchors/ca.crt
scp /opt/app/harbor/certs/harbor.ejuops.com.crt 10.120.67.28:/etc/pki/ca-trust/source/anchors/ca.crt
scp /opt/app/harbor/certs/harbor.ejuops.com.crt 10.120.67.29:/etc/pki/ca-trust/source/anchors/ca.crt
scp /opt/app/harbor/certs/harbor.ejuops.com.crt 10.120.67.30:/etc/pki/ca-trust/source/anchors/ca.crt
scp /opt/app/harbor/certs/harbor.ejuops.com.crt 10.120.67.31:/etc/pki/ca-trust/source/anchors/ca.crt
scp /opt/app/harbor/certs/harbor.ejuops.com.crt 10.120.67.26:/etc/docker/certs.d/harbor.ejuops.com/ca.crt
scp /opt/app/harbor/certs/harbor.ejuops.com.crt 10.120.67.27:/etc/docker/certs.d/harbor.ejuops.com/ca.crt
scp /opt/app/harbor/certs/harbor.ejuops.com.crt 10.120.67.28:/etc/docker/certs.d/harbor.ejuops.com/ca.crt
scp /opt/app/harbor/certs/harbor.ejuops.com.crt 10.120.67.29:/etc/docker/certs.d/harbor.ejuops.com/ca.crt
scp /opt/app/harbor/certs/harbor.ejuops.com.crt 10.120.67.30:/etc/docker/certs.d/harbor.ejuops.com/ca.crt
scp /opt/app/harbor/certs/harbor.ejuops.com.crt 10.120.67.31:/etc/docker/certs.d/harbor.ejuops.com/ca.crt
2. 配置secret保存harbor(registry)认证信息
保证相关namespace已经创建
# cat ns_eju-test.yaml
apiVersion: v1
kind: Namespace
metadata:
name: eju-test
kubectl apply -f ns_eju-test.yaml
kubectl get ns
创建secret保存harbor登录认证信息
kubectl create secret docker-registry harbor-test --namespace=eju-test \
--docker-server=harbor.example.com --docker-username='eju_test_visitor' \
--docker-password='EJU@test1234' \
--docker-email='eju_test_visitor@example.com'
kubectl get secret -n eju-test
harbor-test kubernetes.io/dockerconfigjson 1 73m
3. 测试镜像拉取(yaml)
# 确保harbor里面已经有相关镜像
docker push nginx:1.14
docker tag nginx:1.14 harbor.example.com/eju-test/nginx:1.14
docker pull harbor.example.com/eju-test/nginx:1.14
# cat app_nginx.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
run: nginx-app
name: nginx-app
namespace: eju-test
spec:
replicas: 1
selector:
matchLabels:
run: nginx-app
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
run: nginx-app
spec:
containers:
- name: nginx-app
image: harbor.ejuops.com/eju-test/nginx:1.14
ports:
- containerPort: 80
protocol: TCP
dnsPolicy: ClusterFirst
restartPolicy: Always
imagePullSecrets:
- name: harbor-test
kubectl apply -f app_nginx.yaml
kubectl get pod -n eju-test -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-app-888548bb4-zhxwk 1/1 Running 0 18m 192.168.3.15 k8snode-hzbatst-1 <none>
curl 192.168.3.15
... ..
<h1>Welcome to nginx!</h1>
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献10条内容
所有评论(0)