1、Kubernetes本地私有倉庫
Docker倉庫主要用於存放Docker鏡像,Docker倉庫分為公共倉庫和私有倉庫,基於registry可以搭建本地私有倉庫。使用私有倉庫有如下優點:
1)節省網絡帶寬,針對於每個鏡像不用去Docker官網倉庫下載;
2)下載Docker鏡像從本地私有倉庫中下載;
3)組件公司內部私有倉庫,方便各部門使用,服務器管理更加統一;
4) 可以基於GIT或者SVN、Jenkins更新本地Docker私有倉庫鏡像版本。
2、構建Docker 本地私有倉庫方法
1)下載Docker registry鏡像
docker pull registry
2)啟動私有倉庫容器,啟動命令如下:
mkdir -p /data/registry/ docker run -itd -p 5000:5000 -v /data/registry/:/tmp/registry docker.io/registry
Docker 本地倉庫啟動后容器啟動,
默認情況下,會將倉庫存放於容器內的/tmp/registry目錄下,這樣如果容器被刪除,則存放於容器中的鏡像也會丟失,所以我們一般情況下會指定本地一個目錄掛載到容器內的/tmp/registry下。
3、上傳鏡像至本地私有倉庫
客戶端上傳鏡像至本地私有倉庫,如下以docker.io/lemonbar/centos6-ssh 為例,上傳至私有倉庫服務器
docker pull docker.io/lemonbar/centos6-ssh docker tag efd998bd6817 centos6-ssh #改名字 docker rmi docker.io/lemonbar/centos6-ssh docker tag centos-ssh 192.168.0.112:5000/centos6-ssh docker push 192.168.0.112:5000/centos6-ssh
4、檢測本地私有倉庫:
curl -XGET http://192.168.0.112:5000/v2/_catalog curl -XGET http://192.168.0.112:5000/v2/centos6-ssh/tags/list
5、在docker配置文件中添加如下代碼並且重啟
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.0.112:5000' ADD_REGISTRY='--add-registry 192.168.0.112:5000'
6、Kubernetes Pods配置私有倉庫
創建kuber-namespace.yaml
{ "kind": "Namespace", "apiVersion": "v1", "metadata": { "name": "kube-system" } }
建kubernetes-dashboard.yaml,讀取本地私有倉庫,代碼如下:
# Copyright 2015 Google Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Configuration to deploy release version of the Dashboard UI. # # Example usage: kubectl create -f <this_file> kind: Deployment apiVersion: extensions/v1beta1 metadata: labels: app: kubernetes-dashboard version: latest name: kubernetes-dashboard namespace: kube-system spec: replicas: 2 selector: matchLabels: app: kubernetes-dashboard template: metadata: labels: app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: 192.168.0.112:5000/kubernetes-dashboard-amd64 imagePullPolicy: Always ports: - containerPort: 9090 protocol: TCP args: # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. - --apiserver-host=192.168.0.111:8080 livenessProbe: httpGet: path: / port: 9090 initialDelaySeconds: 30 timeoutSeconds: 30 --- kind: Service apiVersion: v1 metadata: labels: app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 80 targetPort: 9090 selector: app: kubernetes-dashboard
1)在docker主機添加本地倉庫地址 vim /etc/docker/daemon.json
{ "insecure-registries":["192.168.0.112:5000"] }
2)/etc/kubernetes/kubelet配置文件將KUBELET_POD_INFRA_CONTAINER選項注釋,同時添加一個新的KUBELET_POD_INFRA_CONTAINER參數,代碼如下,前提需要將pod-infrastructure鏡像上傳私有倉庫
在每台nodes上重啟kubelet服務:systemctl restart kubelet.service
#KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest" KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=192.168.0.112:5000/pod-infrastructure:latest"
3) nodes上Docker配置文件/etc/sysconfig/docker中,添加如下代碼,並重啟Docker服務:
ADD_REGISTRY='--add-registry 192.168.0.112:5000'
