實驗環境
master 10.6.191.181 node1 10.6.191.182 node2 10.6.191.183 本地私有倉庫 10.6.191.184
一、安裝本地私有倉庫
1、安裝docker
yum install -y docker
service docker restart
2、下載Docker registry鏡像,並啟動私有倉庫
docker pull registry mkdir -p /data/registry/ docker run -itd -p 5000:5000 -v /data/registry:/var/lib/registry docker.io/registry
默認情況下,會將倉庫存放於容器內的/tmp/registry目錄下,這樣如果容器被刪除,則存放於容器中的鏡像也會丟失,所以我們一般情況下會指定本地一個目錄掛載到容器內的/tmp/registry下。
二、Kubernetes 使用本地私有倉庫構建kubernetes-dashboard
1、docker私有倉庫配置
1)從網盤中下載並導入kubernetes-dashboard和pod-infrastructure(或者docker search這兩個鏡像,然后pull)
將兩個鏡像都改名為。
10.6.191.184:5000/kubernetes-dashboard-amd64:latest 10.6.191.184:5000/pod-infrastructure:latest
2)vim /etc/sysconfig/docker,添加紅色代碼:
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry gcr.io --insecure-registry 10.6.191.184: 5000'
重啟docker
service docker restart
3)上傳鏡像到倉庫
docker push 10.6.191.184:5000/kubernetes-dashboard-amd64:latest docker push 10.6.191.184:5000/pod-infrastructure:latest
4)檢測本地私有倉庫
curl -XGET http://10.6.191.184:5000/v2/_catalog
curl -XGET http://10.6.191.184:5000/v2/kubernetes-dashboard-amd64/tags/list
2、node節點配置
1)node節點docker配置文件添加如下代碼,同時重啟docker服務,獲取本地私有倉庫。vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false ADD_REGISTRY='--add-registry 10.6.191.184:5000'
#添加私有倉庫
2)需要在Docker主機添加本地倉庫地址,/etc/docker/daemon.json文件中代碼如下,並重啟docker:
cat > /etc/docker/daemon.json << EOF { "insecure-registries":["10.6.191.184:5000"] } EOF
service docker restart
3)修改/etc/kubernetes/kubele
配置文件將KUBELET_POD_INFRA_CONTAINER選項注釋,同時添加一個新的KUBELET_POD_INFRA_CONTAINER參數,代碼如下,前提需要將pod-infrastructure鏡像上傳私有倉庫。
#KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest" KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=10.6.191.184:5000/pod-infrastructure:latest"
4)在每台nodes上重啟kubelet服務
systemctl restart kubelet.service
ps:
1、當構造kubernetes-dashboard報錯。
查看pod描述
kubectl get pods --all-namespaces
kubectl describe pods/kubernetes-dashboard-3671102549-hptlr --namespace="kube-system"
原因:缺少gcr.io/google_containers/pause-amd64:3.0基礎鏡像
解決辦法:在所有節點都下載這個基礎鏡像,新版本的Kubernetes在安裝部署中,需要從k8s.grc.io倉庫中拉取所需鏡像文件,但由於國內網絡防火牆問題導致無法正常拉取,不能 直接下載這個鏡像,所有拉去其他源的鏡像,並改tag。
docker search pause-amd64 docker pull docker.io/huangyj/pause-amd64 docker tag docker.io/huangyj/pause-amd64:latest gcr.io/google_containers/pause-amd64:3.0 docker rmi docker.io/huangyj/pause-amd64
2、在/etc/sysconfig/docker和/etc/docker/daemon.json不能同時有insecure-registries,報錯了
解決辦法:只在/etc/docker/daemon.json添加,在/etc/sysconfig/docker不添加。
3、master端配置
1)創建kube-namespace.yaml
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: kubernetes-dashboard namespace: kube-system labels: k8s-app: kubernetes-dashboard kubernetes.io/cluster-service: "true" spec: selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard annotations: scheduler.alpha.kubernetes.io/critical-pod: '' scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' spec: containers: - name: kubernetes-dashboard image: 10.6.191.184:5000/kubernetes-dashboard-amd64:latest resources: # keep request = limit to keep this container in guaranteed class limits: cpu: 100m memory: 50Mi requests: cpu: 100m memory: 50Mi ports: - containerPort: 9090 args: - --apiserver-host=http://10.6.191.181:8080 livenessProbe: httpGet: path: / port: 9090 initialDelaySeconds: 30 timeoutSeconds: 30 --- apiVersion: v1 kind: Service metadata: name: kubernetes-dashboard namespace: kube-system labels: k8s-app: kubernetes-dashboard kubernetes.io/cluster-service: "true" spec: selector: k8s-app: kubernetes-dashboard ports: - port: 80 targetPort: 9090
2)創建dashboard
kubectl create -k kube-dashboard.yaml
3)查看狀態
kubectl get pods --all-namespaces