Linux----Kubernetes中的Pod资源管理与私有仓库(harbor)界面安装
Pod特点:
最小部署单元
一组容器的集合
一个Pod中的容器共享网络命令空间
Pod是短暂的
Pod容器分类:
1:infrastructure container 基础容器,维护整个Pod的网络空间
查看容器的网络
[root@localhost ~]# cat /opt/kubernetes/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=192.168.179.151 \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--config=/opt/kubernetes/cfg/kubelet.config \
--cert-dir=/opt/kubernetes/ssl \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
#默认网络组件镜像pause-amd64:3.0
2.initcontainers 初始化容器
先于业务容器开始执行,原先Pod中容器是并行开启
3.container 业务容器
并行启动
官方网站详解https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
镜像拉取策略(image PullPolicy)
IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
Always:每次创建Pod都会重新拉取一次镜像
Never:Pod永远不会主动拉取这个镜像
[root@localhost server]# kubectl edit deployment/nginx-deployment
进入类似于vim编辑器模式,可以使用q!退出
使用always策略创建pod资源
vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx:1.14
imagePullPolicy: Always
创建资源
[root@localhost demo]# kubectl create -f pod1.yaml
pod/mypod created
查看分配节点
[root@localhost demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
mypod 1/1 Running 0 67s 172.17.95.3 192.168.179.151
查看版本信息
[root@localhost cfg]# curl -I 172.17.95.3
HTTP/1.1 200 OK
Server: nginx/1.14.2 #版本为1.14.2
Date: Wed, 13 May 2020 03:50:34 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 04 Dec 2018 14:44:49 GMT
Connection: keep-alive
ETag: "5c0692e1-264"
Accept-Ranges: bytes
配置私有仓库harbor
服务端主机需要安装 Python(默认已经安装)可以查看是否有python命令、Docker 和 Docker Compose
安装docker-ce
安装依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2
加载docker源
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装docker
yum install -y docker-ce
开启docker服务
systemctl start docker
systemctl enable docker
镜像加速
cd /etc/docker 服务开启之后生成
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://o0lhkgnw.mirror.aliyuncs.com"]
}
EOF
重新加载
systemctl daemon-reload
重启服务
systemctl restart docker
将命令文件docker-compose放入/usr/local/bin中,便于系统识别
[root@harbor mnt]# cp docker-compose /usr/local/bin/
安装harbor
下载 Harbor 安装程序
wget http:// harbor.orientsoft.cn/harbor-1.2.2/harbor-offline-installer-v1.2.2.tgz
解压缩包
tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
配置 Harbor 参数文件
vim /usr/local/harbor/harbor.cfg
hostname = 192.168.179.156 #更改本地IP地址
启动 Harbor
sh /usr/local/harbor/install.sh
查看镜像
docker images
访问web界面192.168.179.156:80
默认账户:admin
默认密码为:Harbor12345
创建一个项目
node节点配置连接私有仓库(两个节点都要操作)
{
"registry-mirrors": ["https://o0lhkgnw.mirror.aliyuncs.com"],
"insecure-registries":["192.168.179.156"]
}
重启docker服务
systemctl restart docker
node1节点登录仓库
docker login 192.168.179.156
[root@localhost cfg]# docker login 192.168.179.156
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
登录成功下载测试镜像
[root@localhost cfg]# docker pull tomcat
[root@localhost cfg]# docker images | grep tomcat
tomcat latest d03312117bb0 3 hours ago 647MB
推送镜像格式
推送格式
docker tag SOURCE_IMAGE[:TAG] 192.168.179.156/project/IMAGE[:TAG]
更改标签
[root@localhost cfg]# docker tag tomcat 192.168.179.156/project/tomcat
上传镜像,注意要登录到harbor中上传
[root@localhost cfg]# docker push 192.168.179.156/project/tomcat
The push refers to repository [192.168.179.156/project/tomcat]
03b65a80d26e: Pushed
61da9b42e3b8: Pushed
bba0cb8267b6: Pushed
8d1ade777878: Pushed
f3c2d6153075: Pushed
11533cb8178f: Pushed
8967306e673e: Pushed
9794a3b3ed45: Pushed
5f77a51ade6a: Pushed
e40d297cf5f8: Pushed
latest: digest: sha256:7fa3968d7ebc52264c54da06c992d1fce1975734ea3b516046d73814f1199ebe size: 2421
web界面查看是否上传成功
node2节点更改配置文件,指向私有仓库地址
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://o0lhkgnw.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.179.156"]
}
node2节点登录私有仓库下载镜像
[root@localhost cfg]# docker login 192.168.179.156
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@localhost cfg]# docker pull 192.168.179.156/project/tomcat
查看镜像
[root@localhost cfg]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.179.156/project/tomcat latest d
当使用下载的镜像tomcat:latest最新版本创建pod资源时,可能无法打开tomcat服务,我们可以先在node节点下载tomcat:8.0.52版本
[root@localhost cfg]# docker pull tomcat:8.0.52
8.0.52: Pulling from library/tomcat
1c7fe136a31e: Pull complete
ece825d3308b: Pull complete
122a54f77455: Pull complete
b0f58081abfa: Pull complete
d87948ea8b09: Pull complete
25934b035c41: Pull complete
c19ad0b452cb: Pull complete
97b2cf7bf1a2: Pull complete
5a118107a2f9: Pull complete
bf2397e2ae9f: Pull complete
4378950c2263: Pull complete
Digest: sha256:32d451f50c0f9e46011091adb3a726e24512002df66aaeecc3c3fd4ba6981bd4
Status: Downloaded newer image for tomcat:8.0.52
docker.io/library/tomcat:8.0.52
编辑yaml文件,创建pod资源
编辑yaml文件
[root@localhost demo]# vim tomcat-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-tomcat
spec:
replicas: 2
template:
metadata:
labels:
app: my-tomcat
spec:
containers:
- name: my-tomcat
image: docker.io/tomcat:8.0.52
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-tomcat
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 31111
selector:
app: my-tomcat
创建pod资源
[root@localhost demo]# kubectl create -f tomcat-deployment.yaml
deployment.extensions/my-tomcat created
service/my-tomcat creat[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
my-tomcat-57667b9d9-sz8jc 1/1 Running 0 25s
my-tomcat-57667b9d9-tbssj 1/1 Running 0 25s
ed
查看service资源
[root@localhost demo]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 443/TCP 14d
my-tomcat NodePort 10.0.0.159 8080:31111/TCP 68s
nginx-service NodePort 10.0.0.16 80:37736/TCP 5d3h
访问tomcat服务网站
将tomcat:8.0.52镜像上传到私有仓库harbor中
node1节点登录私有仓库
[root@localhost cfg]# docker login 192.168.179.156
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
删除原有镜像标签
[root@localhost cfg]# docker rmi 192.168.179.156/project/tomcat:latest
Untagged: 192.168.179.156/project/tomcat:latest
Untagged: 192.168.179.156/project/tomcat@sha256:7fa3968d7ebc52264c54da06c992d1fce1975734ea3b516046d73814f1199ebe
镜像打标签
[root@localhost cfg]# docker tag tomcat:8.0.52 192.168.179.156/project/tomcat
上传镜像
[root@localhost cfg]# docker push 192.168.179.156/project/tomcat
The push refers to repository [192.168.179.156/project/tomcat]
fe9cde45f959: Pushed
2ef8c178f6e1: Pushed
ec7635afeee4: Pushed
5525ae859b17: Pushed
5e4834f80277: Pushed
6e85077a6fde: Pushed
88ceb290c2a1: Pushed
f469346f8162: Pushed
29783d2ef871: Pushed
d7ed640784f1: Pushed
1618a71a1198: Pushed
latest: digest: sha256:f3cfaf433cb95dafca20143ba99943249ab830d0aca484c89ffa36cf2a9fb4c9 size: 2625
查看harbor中project项目里的镜像是否上传成功
master操作创建资源,看是否从私有仓库下载镜像,如果下载那么harbor中的镜像下载数应该为1
node1节点查看登陆凭据
[root@localhost cfg]# cd ~
[root@localhost ~]# cat .docker/config.json
{
"auths": {
"192.168.179.156": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.8 (linux)"
}
生成凭据
[root@localhost ~]#cat .docker/config.json |base64 -w 0
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE3OS4xNTYiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
编辑Secret组件的yaml文件
[root@localhost demo]# vim registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: registry-pull-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE3OS4xNTYiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
type: kubernetes.io/dockerconfigjson
创建secret资源
[root@localhost demo]# kubectl create -f registry-pull-secret.yaml
secret/registry-pull-secret created
查看是否存在
[root@localhost demo]# kubectl get secret
NAME TYPE DATA AGE
default-token-fc88p kubernetes.io/service-account-token 3 14d
registry-pull-secret kubernetes.io/dockerconfigjson 1 12s
先删除原有pod资源
[root@localhost demo]# kubectl delete -f tomcat-deployment.yaml
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 2 32h
更改原有创建tomcat服务的yaml文件
[root@localhost demo]# vim tomcat-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-tomcat
spec:
replicas: 2
template:
metadata:
labels:
app: my-tomcat
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: my-tomcat
image: 192.168.179.156/project/tomcat
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-tomcat
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 31111
selector:
app: my-tomcat
创建资源
[root@localhost demo]# kubectl create -f tomcat-deployment.yaml
deployment.extensions/my-tomcat created
service/my-tomcat created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
my-tomcat-57667b9d9-bf9s9 1/1 Running 0 8s
my-tomcat-57667b9d9-gbbcq 1/1 Running 0 8s
mypod 1/1 Running 2 32h
查看harbor镜像是否被下载
