Kubernates之从Harbor上拉去镜像创建服务

2019独角兽企业重金招聘Python工程师标准>>>

    Kubernates版本为1.11.4，Harbor的版本是1.7。

    搭建好Kubernates后(一个master节点和俩个node节点)，如果要创建服务，就需要镜像，如果不配置Kubernates从镜像仓库拉取，那么就需要将镜像传到每个节点上(master和所有node)，很麻烦，效率很低，所以我们的目标是配置Kubernates，让其从Harbor上拉取镜像。

    注：我的Harbor服务所在的IP是192.168.33.5，如何安装Harbor，请看我的这篇博客。

１、将Harbor加入k8s宿主机Docker的insecure-registries中

    修改k8s的master和俩个node的/etc/docker/daemon.json，将192.168.33.5将入到insecure-registries中，如下所示：

    List-1.1

[root@localhost data]# more /etc/docker/daemon.json 
{"bip": "172.172.172.1/24","insecure-registries": ["10.221.128.52","192.168.33.5"]}

    重启Docker服务，如下List-1.2

    List-1.2

[root@localhost data]# systemctl daemon-reload
[root@localhost data]# systemctl restart Docker

    在每个节点上试试能否login到192.168.33.5，如下List-1.3

    List-1.3

[root@localhost data]# docker login 192.168.33.5
Username (mjduan): 
Password: 
Login Succeeded

２、用yaml在k8s上创建服务

    在master节点执行如下List-2.1，创建secret，其中registry-harbor2是名称，namespace的值使用default，docker-server的值是Harbor的IP，docker-username和docker-password的值是在Harbor上创建的用户。

    List-2.1

 kubectl create secret docker-registry registry-harbor2 --namespace=default \
 --docker-server=http://192.168.33.5 --docker-username=mjduan \
 --docker-password=***** [email protected]

    List-2.2 查看创建了的secret

[root@localhost data]# kubectl get secret
NAME                  TYPE                                  DATA      AGE
default-token-dqvqc   kubernetes.io/service-account-token   3         12h
registry-harbor2      kubernetes.io/dockerconfigjson        1         5h

    创建如下List-2.3所示的nginx.yaml，注意imagePullSecrets的值是registry-harbor2

    List-2.3

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: 192.168.33.5/project/nginx:1.0
        imagePullPolicy: Always
        ports:
        - containerPort: 80
      imagePullSecrets:
      - name: registry-harbor2
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  type: NodePort
  sessionAffinity: ClientIP
  selector:
    app: nginx
  ports:
    - port: 80
      nodePort: 30180

    之后用kubectl创建服务，如下List-2.4

    List-2.4

[root@localhost data]# create -f deploy-nginx.yaml 

    查看结果，如下List-2.5

    List-2.5

[root@localhost data]# kubectl get services
NAME            TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes      ClusterIP   10.96.0.1                443/TCP        12h
nginx-service   NodePort    10.103.100.169           80:30180/TCP   5h
[root@localhost data]# kubectl get pods
NAME                                READY     STATUS    RESTARTS   AGE
nginx-deployment-789794d957-m7wjv   1/1       Running   0          5h
[root@localhost data]# 

Reference

1. https://www.cnblogs.com/wayneiscoming/p/7716238.html
2. https://www.jianshu.com/p/010e4a7afe5e

转载于:https://my.oschina.net/u/2518341/blog/3013773