CentOS7 部署K8S私有镜像仓库

简单说明：

• 虽然已经有了《基于阿里云容器镜像服务加速K8S镜像下载》，但是K8S集群的安装依然并不方便

• 如果使用一些集群部署工具进行安装，如Minikube或者KubeSpray，还是需要预先知晓所有的K8S镜像并下载到实验机修改标签

• 现在尝试搭建一个私有的Docker Registry，并且配置使k8s.gcr.io、gcr.io和quay.io等统统指向它来加快K8S搭建速度

• 依据《CentOS7实验机模板搭建部署》部署一台实验机：registry 192.168.77.10

• 依据《CentOS7部署安装Docker和Docker Compose工具简录》部署安装Docker环境

• 相关实验介绍可在《CentOS7部署安装私有Docker Registry》找到

docker pull registry:2.7
docker run -d -p 80:5000 --restart always --name registry \
  -v /opt/data/registry:/var/lib/registry registry:2.7

• 依据《基于阿里云容器镜像服务加速K8S镜像下载》下载k8s-v1.16.4所需镜像并修改tag

cat >/etc/yum.repos.d/kubernetes.repo<<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
EOF
yum clean all
yum makecache faster
yum -y install kubectl-1.16.4 kubeadm-1.16.4 kubelet-1.16.4
kubeadm config images list --kubernetes-version=v1.16.4>/tmp/images.txt
echo 'quay.io/coreos/flannel:v0.11.0-amd64'>>/tmp/images.txt
echo 'gcr.io/k8s-minikube/storage-provisioner:v1.8.1'>>/tmp/images.txt
Url='registry.cn-hangzhou.aliyuncs.com/vinc-k8s'
cat /tmp/images.txt|while read line
do
  Path=$(echo ${line}|awk -F':' '{print $1}')
  Vers=$(echo ${line}|awk -F':' '{print $2}')
  Name=$(basename ${Path})
  docker pull ${Url}/${Name}:${Vers}
  docker tag ${Url}/${Name}:${Vers} ${line}
  docker rmi ${Url}/${Name}:${Vers}
done

• 将安装的这些镜像推送到registry之上

echo "$(hostname -i) k8s.gcr.io">>/etc/hosts
echo "$(hostname -i) quay.io">>/etc/hosts
echo "$(hostname -i) gcr.io">>/etc/hosts
sed -i "s/^.*registry-mirrors.*$/&\n  ,\"insecure-registries\": [\"k8s.gcr.io\", \"quay.io\", \"gcr.io\"]/g" /etc/docker/daemon.json
sed -i 's|^\[Service\]$|&\nEnvironmentFile=-/etc/docker/daemon.json|g' /lib/systemd/system/docker.service
systemctl daemon-reload && systemctl restart docker
for image in $(docker image ls|grep -E 'k8s.gcr.io|quay.io|gcr.io'|awk '{print $1":"$2}')
do
  docker push ${image}
done
# 浏览查看
yum -y install jq
Repos=$(curl -s localhost/v2/_catalog |jq '.repositories[]'|sed 's/"//g')
for Repo in ${Repos}
do
  Tags=$(curl -s localhost/v2/${Repo}/tags/list|jq '.tags[]'|sed 's/"//g')
  for Tag in ${Tags}
  do
    echo "k8s.gcr.io/${Repo}:${Tag}"
  done
done

• 依据《CentOS7使用Minikube搭建单节点K8S实验环境》重新搭建测试
• 不再需要将相应K8S集群版本所需要的镜像下载到本地，而是配置信任搭建的私有仓库

echo "192.168.77.10 k8s.gcr.io">>/etc/hosts
echo "192.168.77.10 quay.io">>/etc/hosts
echo "192.168.77.10 gcr.io">>/etc/hosts
sed -i "s/^.*registry-mirrors.*$/&\n  ,\"insecure-registries\": [\"k8s.gcr.io\", \"quay.io\", \"gcr.io\"]/g" /etc/docker/daemon.json
sed -i 's|^\[Service\]$|&\nEnvironmentFile=-/etc/docker/daemon.json|g' /lib/systemd/system/docker.service
systemctl daemon-reload && systemctl restart docker

• 命令minikube start如丝般顺滑，几秒钟搞定

[TOC]