我們在學習K8S時會有個問題,那就是我自己做的應用鏡像如何在K8S中部署呢?如果我們每做一個鏡像都要推送到公共鏡像倉庫那未免太麻煩了,這就需要我們搭一個私有鏡像倉庫,通過私有倉庫,K8S集群便可以從中拉取鏡像了。
一、拉取並部署docker register
私有鏡像倉庫部署也很簡單,Docker 官方提供了私有倉庫的鏡像 registry ,只需把鏡像下載下來,運行容器並暴露5000端口,就OK了。
$ sudo docker pull docker.io/registry Using default tag: latest latest: Pulling from library/registry 79e9f2f55bf5: Pull complete 0d96da54f60b: Pull complete 5b27040df4a2: Pull complete e2ead8259a04: Pull complete 3790aef225b9: Pull complete Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375 Status: Downloaded newer image for registry:latest docker.io/library/registry:latest $ sudo docker run -d -p 5000:5000 --name=registry --restart=always --privileged=true --log-driver=none -v /data/images:/tmp/registry registry 5fe99c39a729c844566cd329fee6e0c304924bfe6a829ea609b6850a0322a145
我這里將本地的/data/images作為鏡像數據存放目錄。接着我們通過瀏覽器看下倉庫內容:這里repositories:[]表示當前無任何倉庫。
二、將鏡像推送至私有倉庫
我們將制作好的鏡像webapp,推送到私有倉庫中:
首先,我們給要上傳鏡像打tag:
sudo docker tag webapp:latest 172.16.194.135:5000/webapp:latest
接着上傳鏡像:
$ sudo docker push 172.16.194.135:5000/webapp:latest The push refers to repository [172.16.194.135:5000/webapp] Get "https://172.16.194.135:5000/v2/": http: server gave HTTP response to HTTPS client
這里出問題了,我們可以看到默認情況下docker使用https協議訪問鏡像倉庫,如果想讓docker使用http協議,則需要配置信任源:
我們編輯/etc/docker/daemon.json文件(如果沒有此文件則新建):
{ "insecure-registries" : [ "你所搭建的registry服務的ip:5000" ] }
保存后重啟docker服務即可:sudo systemctl docker restart,然后重新推送鏡像:
$ sudo docker push 172.16.194.135:5000/webapp:latest The push refers to repository [172.16.194.135:5000/webapp] db1a54a89227: Pushed 60348cf35183: Pushed 35c20f26d188: Pushed c3fe59dd9556: Pushed 6ed1a81ba5b6: Pushed a3483ce177ce: Pushed ce6c8756685b: Pushed 30339f20ced0: Pushed 0eb22bfb707d: Pushed a2ae92ffcd29: Pushed latest: digest: sha256:a06f9a9efe77d3b029fac660cccf2d563e742f7a1b64f6c92960d5ebd7a4d8d9 size: 2419
這樣我們通過瀏覽器也能看到上傳的鏡像了:
三、K8S通過私有倉庫拉取鏡像
我們將webapp部署到K8S集群上,我們首先編寫deployment,這里要注意image處需要帶上我們倉庫地址。
apiVersion: apps/v1 kind: Deployment metadata: labels: app: webapp name: webapp spec: replicas: 2 selector: matchLabels: app: webapp template: metadata: labels: app: webapp spec: containers: - name: webapp image: 172.16.194.135:5000/webapp:latest ports: - containerPort: 4567
接着我們apply此Deployment,並查看pod啟動情況:
$ sudo kubectl apply -f webapp.yaml deployment.apps/webapp created $ sudo kubectl get pods NAME READY STATUS RESTARTS AGE webapp-5fb8547b77-8xtwk 1/1 Running 0 8s webapp-5fb8547b77-bht5j 1/1 Running 0 8s $ sudo kubectl describe pod webapp-5fb8547b77-8xtwk Name: webapp-5fb8547b77-8xtwk Namespace: default Priority: 0 Node: ayato/172.16.194.135 Start Time: Mon, 03 Jan 2022 08:46:47 +0000 Labels: app=webapp pod-template-hash=5fb8547b77 Annotations: <none> Status: Running IP: 172.17.0.7 IPs: IP: 172.17.0.7 Controlled By: ReplicaSet/webapp-5fb8547b77 Containers: webapp: Container ID: docker://03e4f676c8cf337038f4535dfa6598a717e10853662f894aaba85c27bb19fc92 Image: 172.16.194.135:5000/webapp:latest Image ID: docker-pullable://172.16.194.135:5000/webapp@sha256:a06f9a9efe77d3b029fac660cccf2d563e742f7a1b64f6c92960d5ebd7a4d8d9 Port: 4567/TCP Host Port: 0/TCP State: Running Started: Mon, 03 Jan 2022 08:46:48 +0000 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-pcr2h (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-pcr2h: Type: Secret (a volume populated by a Secret) SecretName: default-token-pcr2h Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 23s default-scheduler Successfully assigned default/webapp-5fb8547b77-8xtwk to ayato Normal Pulling 22s kubelet Pulling image "172.16.194.135:5000/webapp:latest" Normal Pulled 22s kubelet Successfully pulled image "172.16.194.135:5000/webapp:latest" in 99.689211ms Normal Created 22s kubelet Created container webapp Normal Started 21s kubelet Started container webapp
我們可以從Events中看到,我們K8S集群成功從我們私有倉庫中拉取到鏡像。