二进制安装k8s-v1.25.0(安装步骤后续补充), kaniko简述配置,并使用containerd推送镜像
前置条件
设置清华yum源
https://mirrors.tuna.tsinghua.edu.cn/help/centos/
安装一些工具
yum -y install wget jq psmisc vim net-tools nfs-utils telnet yum-utils device-mapper-persistent-data lvm2 git network-scripts tar curl -y
部署containerd
设置containerd配置文件中的下述部分
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = ""
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["http://registry-1.docker.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.42.132"]
endpoint = ["http://192.168.42.132"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.42.132".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.42.132".auths]
username="admin"
password="Harbor12345"
重启
systemctl restart containerd
部署完k8s系统
部署完Harbor仓库或者docker registry仓库
这里仓库是http协议未使用https
工作目录:/root/kaniko
为k8s添加镜像仓库认证
kubectl create secret docker-registry myregistrykey --docker-server=192.168.42.132 --docker-username=admin --docker-password=Harbor12345
查看
kubectl get secret
写文件
vim Dockerfile
FROM alpine
RUN echo "created from standard input"
设置为pod资源类型的
写文件
vim kaniko.yaml
apiVersion: v1
kind: Pod
metadata:
name: kaniko
spec:
containers:
- name: kaniko
image: 192.168.42.132/wxg/kaniko-project-executor:latest
args: [ "--dockerfile=Dockerfile",
"--context=/root/kaniko",
"--destination=192.168.42.132/k8s/kaniko-project-executor:v12"]
volumeMounts:
- name: kaniko-secret
mountPath: /root/.docker
- name: project-volume
mountPath: /root/kaniko
restartPolicy: Never
volumes:
- name: kaniko-secret
secret:
secretName: myregistrykey
items:
- key: .dockerconfigjson
path: config.json
- name: project-volume
hostPath:
path: /root/kaniko
设置为Job资源类型,100s后销毁Pod
apiVersion: batch/v1
kind: Job
metadata:
name: kaniko
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- name: kaniko
image: 192.168.42.132/wxg/kaniko-project-executor:latest
args: [ "--dockerfile=Dockerfile",
"--context=/tmp",
"--destination=192.168.42.132/k8s/kaniko-project-executor:v14"]
volumeMounts:
- name: kaniko-secret
mountPath: /root/.docker/
- name: project-volume
mountPath: /tmp
restartPolicy: Never
volumes:
- name: kaniko-secret
secret:
secretName: myregistrykey
items:
- key: .dockerconfigjson
path: config.json
- name: project-volume
hostPath:
path: /tmp
先挂载nfs
mount -t nfs 192.168.42.130:/root/kaniko/share /storage/dev/soft
mkdir demo
cp dockerfile
cat >> dockerfile <<EOF
FROM docker.io/library/busybox:latest
LABEL MAINTAINER=master@xxx.top BUILDTOOLS=kaniko BUILDENV=containerd.io;
ENTRYPOINT ["/bin/sh", "-c", "echo hello,busybox"]
EOF
cp dockerfile /storage/dev/soft/demo
apiVersion: v1
kind: Pod
metadata:
name: kaniko
spec:
containers:
- name: kaniko
image: 192.168.42.132/wxg/kaniko-project-executor
env:
- name: DOCKERHUB
value: "192.168.42.132"
- name: AUTHOR
value: "wxg"
- name: IMAGE_NAME
value: "kaniko-executor"
- name: IMAGE_VERSION
value: "v1.9.0"
args: [ "--dockerfile=/workspace/dockerfile",
"--context=dir://workspace",
"--destination=192.168.42.132/k8s/kaniko-executor:v1.9.1",
"--cache",
"--cache-dir=/cache"]
volumeMounts:
- name: kaniko-secret
mountPath: /kaniko/.docker
- name: dockerfile-storage
mountPath: /workspace
- name: kaniko-cache
mountPath: /cache
restartPolicy: Never
#nodeSelector:
# kubernetes.io/hostname: "wxg-226"
volumes:
- name: kaniko-secret
secret:
secretName: dockerhub
items:
- key: .dockerconfigjson
path: config.json
- name: dockerfile-storage
hostPath:
path: /storage/dev/soft/kaniko/demo
type: DirectoryOrCreate
- name: kaniko-cache
hostPath:
path: /storage/dev/soft/kaniko/cache
type: DirectoryOrCreate
posted on 2022-10-10 14:54 virtualwxg 阅读(298) 评论(0) 收藏 举报
浙公网安备 33010602011771号