k8s,盘他!pod容器与镜像管理和k8s私有仓库harbor搭建

文章目录

  • 前言
      • 1.1:pod的容器分类与镜像拉取策略
      • 1.2:k8s的harbor私有仓库部署
      • 如有疑问可评论区交流!

前言

1.1:pod的容器分类与镜像拉取策略

  • pod在k8s中是:

    1、最小部署单页

    2、一组容器的集合

    3、一个pod中的容器共享网络命名空间

    4、pod是短暂的

  • pod的容器分类:

    1、infrastructure container:基础容器

    • 维护整个pod网络空间:可以在node节点操作查看容器的网络

      [root@node01 ~]# cat /opt/k8s/cfg/kubelet
      
      KUBELET_OPTS="--logtostderr=true \
      --v=4 \
      --hostname-override=192.168.233.132 \
      --kubeconfig=/opt/k8s/cfg/kubelet.kubeconfig \
      --bootstrap-kubeconfig=/opt/k8s/cfg/bootstrap.kubeconfig \
      --config=/opt/k8s/cfg/kubelet.config \
      --cert-dir=/opt/k8s/ssl \
      --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"	'//是基础容器'
      
      

    2、initcontainers:初始化容器

    • 先于业务容器开始执行,原先pod中容器是并行开启,现在进行了改进
    • 无论容器写在初始化容器前还是写在初始化容器后,最先执行的都是初始化容器。只有初始化容器执行成功后才可以启动容器。
    • 初始化容器的应用场景一般是多容器,例如:mysql和业务分开两个容器。将业务设为初始化容器,并检查mysql是否启动,若mysql启动,则业务容器启动;否则业务容器等待mysql启动。

    3、container:业务容器

    • 业务容器就是我们创建的pod资源内的容器服务,业务容器也叫APP容器,并行启动
  • 镜像拉取策略(image PullPolicy)

    1、ifnotpresent:默认值,镜像在宿主机上不存在时会拉取

    2、always:每次创建pod都会重新拉取一次镜像

    3、never:pod永远不会主动拉取这个镜像

  • 查看镜像拉取策略(master节点查看):

    [root@master ~]# kubectl get pod
    NAME                        READY   STATUS    RESTARTS   AGE
    nginx-dbddb74b8-5s6h7       1/1     Running   1          10d
    nginx-test-d55b94fd-9zmdj   1/1     Running   0          27h
    nginx-test-d55b94fd-b8lkl   1/1     Running   0          27h
    nginx-test-d55b94fd-w4c5k   1/1     Running   0          27h
    [root@master ~]# kubectl edit deploy/nginx
    
    

    k8s,盘他!pod容器与镜像管理和k8s私有仓库harbor搭建_第1张图片

  • 尝试编辑一个pod并指定拉去策略

    [root@master ~]# cd test/
    [root@master test]# ls
    nginx-service-test.yaml  nginx-test02.yaml
    nginx-test01.yaml        nginx-test.yaml
    [root@master test]# cat > pod1-test.yaml < apiVersion: v1
    > kind: Pod
    > metadata:
    >     name: mypod
    > spec:
    >     containers:
    >       - name: nginx
    >         image: nginx:1.14
    >         imagePullPolicy: Always
    > EOF
    [root@master test]# kubectl create -f pod1-test.yaml 	'//如果需要更新容器,需要删除原先的容器:kubectl delete -f pod1-test.yaml,修改yaml文件后使用apply命令重新部署:kubectl apply -f pod1-test.yaml '
    pod/mypod created
    [root@master test]# kubectl get pod 
    NAME                        READY   STATUS    RESTARTS   AGE
    mypod                       1/1     Running   0          6m
    nginx-dbddb74b8-5s6h7       1/1     Running   1          10d
    nginx-test-d55b94fd-9zmdj   1/1     Running   0          27h
    nginx-test-d55b94fd-b8lkl   1/1     Running   0          27h
    nginx-test-d55b94fd-w4c5k   1/1     Running   0          27h
    
  • 查看容器详细信息:kubectl describe pod 名称

    [root@master test]# kubectl describe pod mypod
    Name:               mypod
    Namespace:          default
    Priority:           0
    PriorityClassName:  
    Node:               192.168.233.132/192.168.233.132	'//资源被创建在这个ip的node节点上'
    Start Time:         Mon, 11 May 2020 19:27:58 +0800
    Labels:             
    Annotations:        
    Status:             Running
    IP:                 172.17.26.5	'//可以查看到ip'
    ...省略信息
    
  • 可以在相应node节点访问容器

    [root@node01 ~]# curl -I 172.17.26.5	'//可以查看到相应的信息'
    HTTP/1.1 200 OK
    Server: nginx/1.14.2
    Date: Mon, 11 May 2020 11:35:54 GMT
    Content-Type: text/html
    Content-Length: 612
    Last-Modified: Tue, 04 Dec 2018 14:44:49 GMT
    Connection: keep-alive
    ETag: "5c0692e1-264"
    Accept-Ranges: bytes
    
    

1.2:k8s的harbor私有仓库部署

  • 开局优化,修改主机名(harbor),关闭防火墙,上传docker-compose和harbor的软件包(操作简单,不在赘述),私有仓库的IP地址为:192.168.233.134

  • docker和docker-compose安装

    [root@harbor harbor]# yum -y install yum-utils device-mapper-persistent-data lvm2	'//安装碧瑶软件'
    [root@harbor harbor]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo	'//设置阿里云镜像'
    [root@harbor harbor]# yum -y install docker-ce	'//直接安装社区版'
    [root@harbor harbor]# service docker start	'//启动服务'
    Redirecting to /bin/systemctl start docker.service
    [root@harbor harbor]# docker version
    [root@harbor harbor]# mkdir -p /etc/docker
    [root@harbor harbor]# tee /etc/docker/daemon.json <<-'EOF'
    > {
    >   "registry-mirrors": ["https://yu1vx79j.mirror.aliyuncs.com"]
    > }
    > EOF	'//镜像加速'
    {
      "registry-mirrors": ["https://yu1vx79j.mirror.aliyuncs.com"]
    }
    [root@harbor harbor]# systemctl daemon-reload	'//重载进程'
    [root@harbor harbor]# systemctl restart docker
    [root@harbor ~]# rz -E
    rz waiting to receive.
    [root@harbor ~]# ls
    anaconda-ks.cfg  docker-compose  harbor-offline-installer-v1.2.2.tgz
    [root@harbor ~]# mv docker-compose  /usr/local/bin/
    [root@harbor ~]# chmod +x /usr/local/bin/docker-compose 
    [root@harbor ~]# docker-compose -v
    docker-compose version 1.21.1, build 5a3f1a3
    
    
  • 安装harbor

    [root@harbor ~]# tar zxf harbor-offline-installer-v1.2.2.tgz -C /usr/local/	'//解压到指定目录'
    [root@harbor ~]# cd /usr/local/harbor/
    [root@harbor harbor]# ls
    common                     harbor_1_1_0_template  LICENSE
    docker-compose.clair.yml   harbor.cfg             NOTICE
    docker-compose.notary.yml  harbor.v1.2.2.tar.gz   prepare
    docker-compose.yml         install.sh             upgrade
    [root@harbor harbor]# vim harbor.cfg 	'//修改配置文件'
    hostname = 192.168.233.134	'//修改为监听本地地址,不可以使用localhost或者127。0.0.1'
    [root@harbor harbor]# sh install.sh 
    
    
  • web网站登录测试

    k8s,盘他!pod容器与镜像管理和k8s私有仓库harbor搭建_第2张图片

    k8s,盘他!pod容器与镜像管理和k8s私有仓库harbor搭建_第3张图片

  • 所有node节点修改daemon-json文件,指定harbor仓库地址,修改完文件后记得重启Docker

    [root@node01 ~]# vim /etc/docker/daemon.json 
    {
      "registry-mirrors": ["https://yu1vx79j.mirror.aliyuncs.com"],'//注意这里有个逗号'
      "insecure-registries":["192.168.233.134"]
    }
    [root@node01 ~]# systemctl daemon-reload
    [root@node01 ~]# systemctl restart docker
    
  • 所有node节点都登录harbor仓库(在使用harbor仓库下载镜像创建资源的时候,需要保证node节点处于登陆的状态)

    [root@node01 ~]# docker login 192.168.233.134
    Username: admin
    Password: 
    WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credentials-store
    
    Login Succeeded
    [root@node01 ~]# 
    
    
  • 下载一个Tomcat镜像

  • 查看名称空间

    [root@master test]# kubectl get namespace
    NAME          STATUS   AGE
    default       Active   12d
    kube-public   Active   12d
    kube-system   Active   12d
    
    
  • 指定node节点从私有仓库下载

    1、查看node节点登录harbor的凭据(所有node节点的凭据是一样的)

    [root@node01 ~]# cat .docker/config.json |base64 -w 0
    ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIzMy4xMzQiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9[root@node01 ~]# 
    
    

    2、master节点创建secret资源

    [root@master test]# cat > registry-pull-secret.yaml < apiVersion: v1
    > kind: Secret
    > metadata:    
    >   name: registry-pull-secret
    > data:
    >   .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIzMy4xMzQiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
    > type: kubernetes.io/dockerconfigjson
    > EOF
    [root@master test]# kubectl create -f registry-pull-secret.yaml 	'//创建secret资源'
    secret/registry-pull-secret created
    [root@master test]# kubectl get secret	'//查看secret资源'
    NAME                   TYPE                                  DATA   AGE
    default-token-x8jtv    kubernetes.io/service-account-token   3      12d
    registry-pull-secret   kubernetes.io/dockerconfigjson        1      3s
    
    

    3、node节点下载一个nginx镜像并上传到harbor仓库

    [root@node01 ~]# docker pull nginx
    [root@node01 ~]# docker tag nginx 192.168.233.134/project-test/nginx
    [root@node01 ~]# docker push 192.168.233.134/project-test/nginx
    

    4、master节点创建一个yaml文件并将镜像下载地址修改为harbor

    [root@master test]# cat > nginx-deploy.yaml < apiVersion: extensions/v1beta1
    > kind: Deployment
    > metadata:
    >   name: my-nginx
    > spec:
    >   replicas: 2
    >   template:
    >     metadata:
    >       labels:
    >         app: my-nginx
    >     spec:
    >       imagePullSecrets: 	'//镜像安全'
    >       - name: registry-pull-secret 
    >       containers:
    >       - name: my-nginx
    >         image: 192.168.233.134/project-test/nginx   	'//'指定私有仓库镜像
    >         ports:
    >         - containerPort: 80
    > ---
    > apiVersion: v1
    > kind: Service
    > metadata:
    >   name: my-nginx
    > spec:
    >   type: NodePort
    >   ports:
    >   - port: 80
    >     targetPort: 80
    >     nodePort: 30001
    >   selector:
    >     app: my-nginx
    > EOF
    [root@master test]# kubectl create -f nginx-deploy.yaml 
    deployment.extensions/my-nginx created
    service/my-nginx created
    [root@master test]# kubectl get pod
    NAME                        READY   STATUS    RESTARTS   AGE
    my-nginx-69b8899fd6-g6lhs   1/1     Running   0          5s
    my-nginx-69b8899fd6-glh6w   1/1     Running   0          5s
    mypod                       1/1     Running   1          154m
    nginx-dbddb74b8-5s6h7       1/1     Running   2          10d
    nginx-test-d55b94fd-9zmdj   1/1     Running   1          30h
    nginx-test-d55b94fd-b8lkl   1/1     Running   1          30h
    nginx-test-d55b94fd-w4c5k   1/1     Running   1          30h
    
    
  • 此时查看镜像仓库发现镜像被下载了两次 ,这是正确的

    k8s,盘他!pod容器与镜像管理和k8s私有仓库harbor搭建_第4张图片

  • 如果遇到处于Terminating状态的无法删除的容器可以强制删除

    [root@master test]# kubectl get pods
    NAME                              READY   STATUS        RESTARTS   AGE
    
    my-nginx-57667b9d9-nklvj         1/1     Terminating   0          10h
    
    my-nginx-57667b9d9-wllnp         1/1     Terminating   0          10h
    
    '//这种情况下可以使用强制删除命令'
    [root@master test]# kubectl delete pod my-nginx-57667b9d9-nklvj  --force --grace-period=0 -n default
    
    '//使用kubectl get ns,查看命名空间'
    [root@master test]# kubectl get ns
    NAME          STATUS   AGE
    default       Active   12d
    kube-public   Active   12d
    kube-system   Active   12d
    
    

如有疑问可评论区交流!

你可能感兴趣的:(Kubernetes/K8S)