Docker 与 K8S学习笔记（番外篇）—— 搭建本地私有Docker镜像仓库

我们在学习K8S时会有个问题，那就是我自己做的应用镜像如何在K8S中部署呢？如果我们每做一个镜像都要推送到公共镜像仓库那未免太麻烦了，这就需要我们搭一个私有镜像仓库，通过私有仓库，K8S集群便可以从中拉取镜像了。

一、拉取并部署docker register

私有镜像仓库部署也很简单，Docker 官方提供了私有仓库的镜像 registry ，只需把镜像下载下来，运行容器并暴露5000端口，就OK了。

$ sudo docker pull docker.io/registry
Using default tag: latest
latest: Pulling from library/registry
79e9f2f55bf5: Pull complete
0d96da54f60b: Pull complete
5b27040df4a2: Pull complete
e2ead8259a04: Pull complete
3790aef225b9: Pull complete
Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
$ sudo docker run -d -p 5000:5000 --name=registry --restart=always --privileged=true --log-driver=none -v /data/images:/tmp/registry registry
5fe99c39a729c844566cd329fee6e0c304924bfe6a829ea609b6850a0322a145

我这里将本地的/data/images作为镜像数据存放目录。接着我们通过浏览器看下仓库内容：这里repositories:[]表示当前无任何仓库。

 

二、将镜像推送至私有仓库

我们将制作好的镜像webapp，推送到私有仓库中：

首先，我们给要上传镜像打tag：

sudo docker tag webapp:latest 172.16.194.135:5000/webapp:latest

接着上传镜像：

$ sudo docker push 172.16.194.135:5000/webapp:latest
The push refers to repository [172.16.194.135:5000/webapp]
Get "https://172.16.194.135:5000/v2/": http: server gave HTTP response to HTTPS client

这里出问题了，我们可以看到默认情况下docker使用https协议访问镜像仓库，如果想让docker使用http协议，则需要配置信任源：

我们编辑/etc/docker/daemon.json文件（如果没有此文件则新建）：

{ 
    "insecure-registries" : [ "你所搭建的registry服务的ip:5000" ] 
}

保存后重启docker服务即可：sudo systemctl docker restart，然后重新推送镜像：

$ sudo docker push 172.16.194.135:5000/webapp:latest
The push refers to repository [172.16.194.135:5000/webapp]
db1a54a89227: Pushed
60348cf35183: Pushed
35c20f26d188: Pushed
c3fe59dd9556: Pushed
6ed1a81ba5b6: Pushed
a3483ce177ce: Pushed
ce6c8756685b: Pushed
30339f20ced0: Pushed
0eb22bfb707d: Pushed
a2ae92ffcd29: Pushed
latest: digest: sha256:a06f9a9efe77d3b029fac660cccf2d563e742f7a1b64f6c92960d5ebd7a4d8d9 size: 2419

这样我们通过浏览器也能看到上传的镜像了：

 

 

三、K8S通过私有仓库拉取镜像

我们将webapp部署到K8S集群上，我们首先编写deployment，这里要注意image处需要带上我们仓库地址。

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: webapp
  name: webapp
spec:
  replicas: 2
  selector:
    matchLabels:
      app: webapp
  template:
    metadata:
      labels:
        app: webapp
    spec:
      containers:
      - name: webapp
        image: 172.16.194.135:5000/webapp:latest
        ports:
        - containerPort: 4567

接着我们apply此Deployment，并查看pod启动情况：

$ sudo kubectl apply -f webapp.yaml
deployment.apps/webapp created
$ sudo kubectl get pods
NAME                      READY   STATUS    RESTARTS   AGE
webapp-5fb8547b77-8xtwk   1/1     Running   0          8s
webapp-5fb8547b77-bht5j   1/1     Running   0          8s
$ sudo kubectl describe pod webapp-5fb8547b77-8xtwk
Name:         webapp-5fb8547b77-8xtwk
Namespace:    default
Priority:     0
Node:         ayato/172.16.194.135
Start Time:   Mon, 03 Jan 2022 08:46:47 +0000
Labels:       app=webapp
              pod-template-hash=5fb8547b77
Annotations:  <none>
Status:       Running
IP:           172.17.0.7
IPs:
  IP:           172.17.0.7
Controlled By:  ReplicaSet/webapp-5fb8547b77
Containers:
  webapp:
    Container ID:   docker://03e4f676c8cf337038f4535dfa6598a717e10853662f894aaba85c27bb19fc92
    Image:          172.16.194.135:5000/webapp:latest
    Image ID:       docker-pullable://172.16.194.135:5000/webapp@sha256:a06f9a9efe77d3b029fac660cccf2d563e742f7a1b64f6c92960d5ebd7a4d8d9
    Port:           4567/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Mon, 03 Jan 2022 08:46:48 +0000
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-pcr2h (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  default-token-pcr2h:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-pcr2h
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  23s   default-scheduler  Successfully assigned default/webapp-5fb8547b77-8xtwk to ayato
  Normal  Pulling    22s   kubelet            Pulling image "172.16.194.135:5000/webapp:latest"
  Normal  Pulled     22s   kubelet            Successfully pulled image "172.16.194.135:5000/webapp:latest" in 99.689211ms
  Normal  Created    22s   kubelet            Created container webapp
  Normal  Started    21s   kubelet            Started container webapp

我们可以从Events中看到，我们K8S集群成功从我们私有仓库中拉取到镜像。