目錄
- k8s實戰
- 部署harbor作為k8s鏡像倉庫
- 1.實驗目標
- 2.在node1上安裝harbor
- 3.編輯harbor配置文件
- 4.執行安裝
- 5.瀏覽器訪問
- 6.建立鏡像倉庫
- 7. 所有節點都配置docker信任harbor倉庫並重啟docker 注意:所有節點
- 8.docker登陸harbor ( 所有節點 都執行 )
- 9.下載鏡像修改tag並push到harbor上 ( 注意:從節點執行 )
- 10.節點上刪除鏡像
- 11.刪除以前的demo項目 注意:主節點執行
- 12.修改demo項目的資源配置清單里的鏡像地址
- 13.應用資源配置清單
- 14.報錯
- 15.查看docker登陸的密碼文件
- 16.將docker密碼文件解碼成base64編碼 解碼:base64
- 17.創建並應用docker登陸的Secret資源
- 18.修改demo資源配置清單,添加拉取鏡像的參數
- 19.應用資源配置清單並查看
- 20.瀏覽器查看
- 報錯總結:
- 部署harbor作為k8s鏡像倉庫
k8s實戰
部署harbor作為k8s鏡像倉庫
1.實驗目標
部署k8s私有鏡像倉庫harbor
把demo小項目需要的鏡像上傳到harbor上
修改demo項目的資源配置清單,鏡像地址修改為harbord的地址
2.在node1上安裝harbor
[root@node1 ~]# cd /opt/
#上傳harbor軟件包
[root@node1 /opt]# rz -E
rz waiting to receive.
#解壓
[root@node1 /opt]# tar zxf harbor-offline-installer-v1.9.0-rc1.tgz
#進入解壓后的文件目錄
[root@node1 /opt]# cd harbor/
3.編輯harbor配置文件
#備份
[root@node1 /opt/harbor]# cp harbor.yml harbor.yml.bak
#編輯配置文件
[root@node1 /opt/harbor]# vim harbor.yml
#需要更改的地方
hostname: 10.0.0.11
port: 8888
harbor_admin_password: 123456
data_volume: /data/harbor
4.執行安裝
#在安裝harbor是許諾先安裝docker-compose,否則報錯
[root@node1 /opt/harbor]# yum install docker-compose -y
#安裝harbor(注意命令執行的所在目錄)
[root@node1 /opt/harbor]# ./install.sh
5.瀏覽器訪問
http://10.0.0.11:8888
用戶:admin
密碼:123456
6.建立鏡像倉庫
這里有2種訪問級別:
公開:任何人都可以直接訪問並下載鏡像
私有:登陸授權后才允許下載鏡像
#注意
如果創建私有倉庫,k8s是不能直接下載的,需要配置安全文件
7. 所有節點都配置docker信任harbor倉庫並重啟docker 注意:所有節點
#配置信任倉庫
cat >/etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries" : ["http://10.0.0.11:8888"]
}
EOF
#重啟docker
systemctl restart docker
###############注意###############
在node1上重啟docker后,如果harbor不正常了,重啟harbor即可
[root@node1 ~]# cd /opt/harbor
[root@node1 /opt/harbor]# docker-compose restart
Restarting harbor-jobservice ... done
Restarting nginx ... done
Restarting harbor-core ... done
Restarting registryctl ... done
Restarting registry ... done
Restarting harbor-portal ... done
Restarting harbor-db ... done
Restarting redis ... done
Restarting harbor-log ... done
8.docker登陸harbor ( 所有節點 都執行 )
[root@node1 /opt/harbor]# docker login 10.0.0.11:8888
Username: admin
Password: #密碼 123456
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
9.下載鏡像修改tag並push到harbor上 ( 注意:從節點執行 )
1.在主節點查詢鏡像存放的節點位置
[root@node1 ~]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mysql-8fcd9f64-vqkm9 1/1 Running 1 18m 10.2.1.4 node2 <none> <none>
myweb-6f974fdbdc-gsncp 1/1 Running 1 18m 10.2.1.5 node2 <none> <none>
myweb-6f974fdbdc-ngngv 1/1 Running 1 18m 10.2.2.3 node3 <none> <none>
2.根據主節點獲取的信息在從節點執行打標簽
[root@node2 ~]# docker tag kubeguide/tomcat-app:v1 10.0.0.11:8888/k8s/tomcat-app:v1
[root@node2 ~]# docker tag mysql:5.7 10.0.0.11:8888/k8s/mysql:5.7
3.將打好的標簽的鏡像上傳到harbor倉庫
[root@node2 ~]# docker push 10.0.0.11:8888/k8s/tomcat-app:v1
[root@node2 ~]# docker push 10.0.0.11:8888/k8s/mysql:5.7
10.節點上刪除鏡像
#注意需要先刪除標簽鏡像在刪除源鏡像
docker rmi 10.0.0.11:8888/k8s/mysql:5.7
docker rmi 10.0.0.11:8888/k8s/tomcat-app:v1
docker rmi mysql:5.7
docker rmi kubeguide/tomcat-app:v1
11.刪除以前的demo項目 注意:主節點執行
[root@node1 ~]# kubectl delete -f tomcat-demo.yaml
deployment.apps "mysql" deleted
service "mysql" deleted
deployment.apps "myweb" deleted
service "myweb" deleted
12.修改demo項目的資源配置清單里的鏡像地址
[root@node1 ~]# vim tomcat-demo.yaml #注意更改的位置
原來image: mysql:5.7 變更為: image: 10.0.0.11:8888/k8s/mysql:5.7
原來image: k8s/tomcat-app:v1 變更為: image: 10.0.0.11:8888/k8s/tomcat-app:v1
13.應用資源配置清單
[root@node1 ~]# kubectl create -f tomcat-demo.yaml
deployment.apps/mysql created
service/mysql created
deployment.apps/myweb created
service/myweb created
14.報錯
#此時查看pod狀態會發現鏡像拉取失敗了
[root@node1 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
mysql-7d746b5577-wtxtm 0/1 ErrImagePull 0 15s
myweb-764df5ffdd-jvvmf 0/1 ImagePullBackOff 0 15s
myweb-764df5ffdd-rc9pc 0/1 ImagePullBackOff 0 15s
#查看pod創建的詳細信息
[root@node1 ~]# kubectl describe pod mysql-7d746b5577-可以tab自己的數據
#關鍵報錯信息:
Failed to pull image "10.0.0.11:8888/k8s/mysql:5.7": rpc error: code = Unknown desc = Error response from daemon: pull access denied for 10.0.0.11:8888/k8s/mysql, repository does not exist or may require 'docker login'
翻譯:項目不出在或者需要登錄
15.查看docker登陸的密碼文件
[root@node1 ~]# docker login 10.0.0.11:8888
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#查看加密密碼文件
[root@node1 ~]# cat /root/.docker/config.json
{
"auths": {
"10.0.0.11:8888": {
"auth": "YWRtaW46MTIzNDU2"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.9 (linux)"
}
16.將docker密碼文件解碼成base64編碼 解碼:base64
[root@node1 ~]# cat /root/.docker/config.json|base64
ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTE6ODg4OCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZNVEl6TkRVMiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9
#每一個人的都不一樣
17.創建並應用docker登陸的Secret資源
#注意!!!
1.dockerconfigjson: xxx直接寫base64的編碼,不需要換行
2.base64編碼是一整行,不是好幾行
3.最后的type字段不能少
[root@node1 ~]# cat >harbor-secret.yaml<<EOF
apiVersion: v1
kind: Secret
metadata:
name: harbor-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTE6ODg4OCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZNVEl6TkRVMiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9
type: kubernetes.io/dockerconfigjson
EOF
#注意密碼是一行
[root@node1 ~]# kubectl create -f harbor-secret.yaml
secret/harbor-secret created
[root@node1 ~]# kubectl get secrets
NAME TYPE DATA AGE
default-token-tslz6 kubernetes.io/service-account-token 3 23h
harbor-secret kubernetes.io/dockerconfigjson 1 46s
18.修改demo資源配置清單,添加拉取鏡像的參數
查看命令幫助
kubectl explain deployment.spec.template.spec.imagePullSecrets
修改資源配置清單
修改文件
----------------------------
imagePullSecrets:
- name: harbor-secret
----------------------------
#注意:mysql和tomcat都需要增加
[root@node1 ~/demo]# cat tomcat-demo.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: 10.0.0.11:8888/k8s/mysql:5.7
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "123456"
imagePullSecrets:
- name: harbor-secret
---
apiVersion: v1
kind: Service
metadata:
name: mysql
spec:
ports:
- port: 3306
selector:
app: mysql
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myweb
spec:
replicas: 2
selector:
matchLabels:
app: myweb
template:
metadata:
labels:
app: myweb
spec:
containers:
- name: myweb
image: 10.0.0.11:8888/k8s/tomcat-app:v1
ports:
- containerPort: 8080
env:
- name: MYSQL_SERVICE_HOST
value: 'mysql'
- name: MYSQL_SERVICE_PORT
value: '3306'
imagePullSecrets:
- name: harbor-secret
---
apiVersion: v1
kind: Service
metadata:
name: myweb
spec:
type: NodePort
ports:
- port: 8080
nodePort: 30001
selector:
app: myweb
19.應用資源配置清單並查看
1.刪除資源配置清單
[root@node1 ~]# kubectl delete -f tomcat-demo.yaml
2.創建新的資源
[root@node1 ~]# kubectl create -f tomcat-demo.yaml
deployment.apps/mysql created
service/mysql created
deployment.apps/myweb created
service/myweb created
3.查詢下載的資源
kubectl get pod -o wide
20.瀏覽器查看
報錯總結:
#報錯總結:
1.如果要刪除的鏡像正在被容器使用,那么你是刪不了的
2.harbor卸載不干凈,/data/harbor/目錄下的數據也要刪除
3.secret配置只寫了一個dp,實際上有幾個deployment就需要寫幾個
重做k8s使用harbor作為私有倉庫
1.停止harbor正在運行的容器
2.刪除harbor的容器
docker ps -a|grep "goharbor"|awk '{print "docker rm "$1}'
3.刪除harbor的鏡像
dockerimages|grep "goharbor"|awk '{print "docker rmi "$1":"$2}'
4.解壓並修改harbor配置文件
hostname: 10.0.0.11
port: 8888
harbor_admin_password: 123456
data_volume: /data/harbor
5.執行安裝並訪問
./install.sh
http://10.0.0.11:8888
6.創建一個私有倉庫k8s
7.配置docker信任倉庫並重啟--三台服務器都操作!!!
{
"registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries" : ["http://10.0.0.11:8888"]
}
systemctl restart docker
注意!!!node1重啟后harbor會失效,需要重啟harbor
cd /opt/harbor
docker-compose stop
docker-compose start
8.docker登陸harbor
docker login 10.0.0.11:8888
9.將docker登陸憑證轉化為k8s能識別的base64編碼
[root@node1 ~]# cat /root/.docker/config.json|base64
ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTE6ODg4OCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZN
VEl6TkRVMiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tl
ci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9
10.編寫Secert資源配置清單
[root@node1 ~/demo]# cat harbor-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: harbor-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTE6ODg4OCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZNVEl6TkRVMiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuOSAobGludXgpIgoJfQp9
type: kubernetes.io/dockerconfigjson
11.應用Secret資源
kubectl delete -f harbor-secret.yaml
kubectl create -f harbor-secret.yaml
kubectl get secrets
12.修改鏡像tag並上傳到harbor
docker tag kubeguide/tomcat-app:v1 10.0.0.11:8888/k8s/tomcat-app:v1
docker tag mysql:5.7 10.0.0.11:8888/k8s/mysql:5.7
docker push 10.0.0.11:8888/k8s/tomcat-app:v1
docker push 10.0.0.11:8888/k8s/mysql:5.7
13.修改demo資源配置清單
####mysql
imagePullSecrets:
- name: harbor-secret
###tomcat
imagePullSecrets:
- name: harbor-secret
14.應用資源清單並查看
kubectl apply -f .
kubectl get pod