docker-K8S简单命令行模式记录
1.创建harbor的secret,可以从harbor私有仓库直接拉取镜像
kubectl create secret docker-registry registry-harbor --docker-server=harbor.dinghc.com --docker-username=admin --docker-password=123456 -n kube-system
#对应yaml
spec:
containers:
- name: umspzm-service
image: harbor.dev.sheca.com:30890/umspzm/umsp:v5-for-zmyd-feature
imagePullPolicy: IfNotPresent
.............
imagePullSecrets: #spec层级下面
- name: registry-harbor
2.创建tls(traefik的https)
kubectl create secret tls traefik-cert --key /ssl/intra.sheca.com.key --cert /ssl/intra.sheca.com.cer -n uat
#对应yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: .....
namespace: uat
annotations:
kubernetes.io/ingress.class: "traefik"
nginx.ingress.kubernetes.io/ssl-redirect: 'false'
traefik.ingress.kubernetes.io/session-cookie-name: "....."
spec:
tls:
- secretName: traefik-cert
rules:
- host: .........
http:
paths:
- path: /
......
待扩展。。。
3.启动rancher
docker run -d --privileged --name rancher --restart=unless-stopped -p 8080:80 -p 8443:443 -v /opt/rancher/:/var/lib/rancher/ rancher/rancher:v2.5.2