Kubernetes-连接Harbor仓库拉取镜像

补充一个内容 

--pod-infra-container-image=10.192.27.111/library/nginx:1.15"  #由于公司没有互联网,暂时用这个nginx:1.15作为基础镜像
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"  #阿里云提供谷歌的基础镜像

kubelet参数pod-infra-container-image什么意思?
如题,在node端的kubelet配置文件中发现这个参数,默认值是这样的
KUBELET_POD_INFRA_CONTAINER=--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest
查看观官网,他那解释我也没看懂,这个参数是干什么呢?为什么我在node上每启动一个容器,就会启动一个registry.access.redhat.com/rhel7/pod-infrastructure:latest这个镜像?

解释:这个是一个基础容器,每一个Pod启动的时候都会启动一个这样的容器。如果你的本地没有这个镜像,kubelet会连接外网把这个镜像下载下来。(最开始的时候是在Google的registry上,因此国内因为GFW都下载不了导致Pod运行不起来。)

现在每个版本的Kubernetes都把这个镜像打包,你可以提前传到自己的registry上,然后再用这个参数指定。

 

一、Kubernetes-连接Harbor仓库(公共库:不需要密码的)拉取镜像

准备工作
Harbor 镜像仓库服务器,我的服务器IP是10.192.27.111;
Kubernetes集群搭建(看以前的博客)


node01(10.192.27.115)和node02(10.192.27.116) 两个节点的kubelet配置文件都要修改并重启kubelet


#默认安装时的配置文件:--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"

[root@node01 cfg]# cat kubelet.bak
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=10.192.27.115 \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--config=/opt/kubernetes/cfg/kubelet.config \
--cert-dir=/opt/kubernetes/ssl \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
[root@node01 cfg]#

 

#修改后:--pod-infra-container-image=10.192.27.111/library/nginx:1.15"

[root@node01 ~]# cd /opt/kubernetes/cfg/
[root@node01 cfg]# cat kubelet
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=10.192.27.115 \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--config=/opt/kubernetes/cfg/kubelet.config \
--cert-dir=/opt/kubernetes/ssl \
--pod-infra-container-image=10.192.27.111/library/nginx:1.15"
[root@node01 cfg]#

 

 重启服务

[root@node01 cfg]# systemctl restart kubelet
[root@node01 cfg]# ps -ef | grep kube
root 16473 1 0 11月12 ? 00:11:08 /opt/kubernetes/bin/kube-proxy --logtostderr=true --v=4 --hostname-override=10.192.27.115 --cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig
root 28574 1 0 11月08 ? 00:07:31 /opt/kubernetes/bin/flanneld --ip-masq --etcd-endpoints=https://10.192.27.100:2379,https://10.192.27.115:2379,https://10.192.27.116:2379 -etcd-cafile=/opt/etcd/ssl/ca.pem -etcd-certfile=/opt/etcd/ssl/server.pem -etcd-keyfile=/opt/etcd/ssl/server-key.pem
root 124917 1 14 16:13 ? 00:00:00 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --hostname-override=10.192.27.115 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=10.192.27.111/library/nginx:1.15
root 125031 18416 0 16:14 pts/0 00:00:00 grep --color=auto kube

 


任意master节点操作 运行测试

[root@master01 yaml_doc]# pwd
/root/yaml_doc
[root@master01 yaml_doc]# cat nginx-deploy.yaml
apiVersion: apps/v1beta2
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: default
  labels:
    app: nginx

spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx

    spec:
      containers:
      - name: nginx
        image: 10.192.27.111/library/nginx:1.14  #要拉取镜像的路径
        imagePullPolicy: IfNotPresent
        command: [ "/bin/bash", "-ce", "tail -f /dev/null" ]  # 防止Back-off restarting failed container报错
        ports:
        - containerPort: 80


[root@master01 yaml_doc]# kubectl apply -f nginx-deploy.yaml
deployment.apps/nginx-deployment created
[root@master01 yaml_doc]# kubectl get pods
NAME                              READY   STATUS    RESTARTS   AGE
nginx-deployment-f9bbbf4b-5ccfh   1/1     Running   0          2s
nginx-deployment-f9bbbf4b-brpfl   1/1     Running   0          2s
nginx-deployment-f9bbbf4b-lgvjl   1/1     Running   0          2s
[root@master01 yaml_doc]# kubectl get pods -o wide
NAME                              READY   STATUS    RESTARTS   AGE   IP            NODE            NOMINATED NODE   READINESS GATES
nginx-deployment-f9bbbf4b-5ccfh   1/1     Running   0          6s    172.17.46.3   10.192.27.116   <none>           <none>
nginx-deployment-f9bbbf4b-brpfl   1/1     Running   0          6s    172.17.46.2   10.192.27.116   <none>           <none>
nginx-deployment-f9bbbf4b-lgvjl   1/1     Running   0          6s    172.17.43.2   10.192.27.115   <none>           <none>



[root@master01 yaml_doc]# cat nginx-service.yaml 
apiVersion: v1
kind: Service
metadata:
  name: nginx-service-chao
  labels:
    app: nginx
spec:
  type: NodePort
  ports:
  - port: 80
    nodePort: 30080
  selector:
    app: nginx
[root@master01 yaml_doc]# kubectl apply -f nginx-service.yaml 
service/nginx-service-chao created
[root@master01 yaml_doc]# kubectl get svc
NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
kubernetes           ClusterIP   10.0.0.1     <none>        443/TCP        3d5h
nginx-service-chao   NodePort    10.0.0.69    <none>        80:30080/TCP   15s
[root@master01 yaml_doc]#

 

 

最后可以通过浏览器来验证一下,yaml文件中定义对外暴露的端口是30080,现在在浏览器中可以输入Kubernetes集群任意node节点的IP加上30080端口,我这里输入node01节点的IP,http://10.192.27.115:30080/,可以正常看到nginx界面
 


 

 

 

 

 

 

 

 

 

 

 

pod报错"Back-off restarting failed container"解决办法

 https://blog.csdn.net/sqhren626232/article/details/101013390

 

 

 

 

 

 

 

 

 

二、Kubernetes-连接Harbor仓库拉取镜像(参考https://www.jianshu.com/p/010e4a7afe5e

 

准备工作

  1. Harbor 镜像仓库服务器,我的服务器IP是10.192.27.111;
  2. Kubernetes集群节点能通过【docker login】命令登录Harbor仓库,详细设置步骤参考这篇博文

开始配置

  1. 创建secret
kubectl create secret docker-registry registry-harbor --namespace=default \
--docker-server=10.192.27.111 --docker-username=admin \
--docker-password=Harbor12345 --docker-email=mxxl@zte.com.cn

 

secret-name: secret的名称
namespace: 命名空间
docker-server: Harbor仓库地址 默认80端口
docker-username: Harbor仓库登录账号
docker-password: Harbor仓库登录密码
docker-email: 邮件地址

 

 
 
  1. 创建yaml文件,我这里以nginx为例创建了一个
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: 192.168.242.132/library/nginx:1.15.1
        imagePullPolicy: Always
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  type: NodePort
  sessionAffinity: ClientIP
  selector:
    app: nginx
  ports:
    - port: 80
      nodePort: 30080

 

执行命令创建

kubectl create -f deploy-nginx.yaml

创建完成后查看Pods

kubectl create -f deploy-nginx.yaml
 
 

最后可以通过浏览器来验证一下,yaml文件中定义对外暴露的端口是30080,现在在浏览器中可以输入Kubernetes集群任意节点的IP加上30080端口,我这里输入master节点的IP,http://192.168.242.136:30080/,可以正常看到nginx界面

 
 

那么这个镜像到底部署在哪个节点上呢,可以通过如下命令查看

kubectl get pods -n default -o wide
 
 
 

 
 
posted @ 2019-11-14 16:22  冥想心灵  阅读(315)  评论(0编辑  收藏  举报