Docker 與 K8S學習筆記(番外篇)—— 搭建本地私有Docker鏡像倉庫


我們在學習K8S時會有個問題,那就是我自己做的應用鏡像如何在K8S中部署呢?如果我們每做一個鏡像都要推送到公共鏡像倉庫那未免太麻煩了,這就需要我們搭一個私有鏡像倉庫,通過私有倉庫,K8S集群便可以從中拉取鏡像了。

一、拉取並部署docker register

私有鏡像倉庫部署也很簡單,Docker 官方提供了私有倉庫的鏡像 registry ,只需把鏡像下載下來,運行容器並暴露5000端口,就OK了。

$ sudo docker pull docker.io/registry
Using default tag: latest
latest: Pulling from library/registry
79e9f2f55bf5: Pull complete
0d96da54f60b: Pull complete
5b27040df4a2: Pull complete
e2ead8259a04: Pull complete
3790aef225b9: Pull complete
Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
$ sudo docker run -d -p 5000:5000 --name=registry --restart=always --privileged=true --log-driver=none -v /data/images:/tmp/registry registry
5fe99c39a729c844566cd329fee6e0c304924bfe6a829ea609b6850a0322a145

我這里將本地的/data/images作為鏡像數據存放目錄。接着我們通過瀏覽器看下倉庫內容:這里repositories:[]表示當前無任何倉庫。

 

二、將鏡像推送至私有倉庫

我們將制作好的鏡像webapp,推送到私有倉庫中:

首先,我們給要上傳鏡像打tag:

sudo docker tag webapp:latest 172.16.194.135:5000/webapp:latest

接着上傳鏡像:

$ sudo docker push 172.16.194.135:5000/webapp:latest
The push refers to repository [172.16.194.135:5000/webapp]
Get "https://172.16.194.135:5000/v2/": http: server gave HTTP response to HTTPS client

這里出問題了,我們可以看到默認情況下docker使用https協議訪問鏡像倉庫,如果想讓docker使用http協議,則需要配置信任源:

我們編輯/etc/docker/daemon.json文件(如果沒有此文件則新建):

{ 
    "insecure-registries" : [ "你所搭建的registry服務的ip:5000" ] 
}

保存后重啟docker服務即可:sudo systemctl docker restart,然后重新推送鏡像:

$ sudo docker push 172.16.194.135:5000/webapp:latest
The push refers to repository [172.16.194.135:5000/webapp]
db1a54a89227: Pushed
60348cf35183: Pushed
35c20f26d188: Pushed
c3fe59dd9556: Pushed
6ed1a81ba5b6: Pushed
a3483ce177ce: Pushed
ce6c8756685b: Pushed
30339f20ced0: Pushed
0eb22bfb707d: Pushed
a2ae92ffcd29: Pushed
latest: digest: sha256:a06f9a9efe77d3b029fac660cccf2d563e742f7a1b64f6c92960d5ebd7a4d8d9 size: 2419

這樣我們通過瀏覽器也能看到上傳的鏡像了:

 

 

三、K8S通過私有倉庫拉取鏡像

我們將webapp部署到K8S集群上,我們首先編寫deployment,這里要注意image處需要帶上我們倉庫地址。

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: webapp
  name: webapp
spec:
  replicas: 2
  selector:
    matchLabels:
      app: webapp
  template:
    metadata:
      labels:
        app: webapp
    spec:
      containers:
      - name: webapp
        image: 172.16.194.135:5000/webapp:latest
        ports:
        - containerPort: 4567

接着我們apply此Deployment,並查看pod啟動情況:

$ sudo kubectl apply -f webapp.yaml
deployment.apps/webapp created
$ sudo kubectl get pods
NAME                      READY   STATUS    RESTARTS   AGE
webapp-5fb8547b77-8xtwk   1/1     Running   0          8s
webapp-5fb8547b77-bht5j   1/1     Running   0          8s
$ sudo kubectl describe pod webapp-5fb8547b77-8xtwk
Name:         webapp-5fb8547b77-8xtwk
Namespace:    default
Priority:     0
Node:         ayato/172.16.194.135
Start Time:   Mon, 03 Jan 2022 08:46:47 +0000
Labels:       app=webapp
              pod-template-hash=5fb8547b77
Annotations:  <none>
Status:       Running
IP:           172.17.0.7
IPs:
  IP:           172.17.0.7
Controlled By:  ReplicaSet/webapp-5fb8547b77
Containers:
  webapp:
    Container ID:   docker://03e4f676c8cf337038f4535dfa6598a717e10853662f894aaba85c27bb19fc92
    Image:          172.16.194.135:5000/webapp:latest
    Image ID:       docker-pullable://172.16.194.135:5000/webapp@sha256:a06f9a9efe77d3b029fac660cccf2d563e742f7a1b64f6c92960d5ebd7a4d8d9
    Port:           4567/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Mon, 03 Jan 2022 08:46:48 +0000
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-pcr2h (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  default-token-pcr2h:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-pcr2h
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  23s   default-scheduler  Successfully assigned default/webapp-5fb8547b77-8xtwk to ayato
  Normal  Pulling    22s   kubelet            Pulling image "172.16.194.135:5000/webapp:latest"
  Normal  Pulled     22s   kubelet            Successfully pulled image "172.16.194.135:5000/webapp:latest" in 99.689211ms
  Normal  Created    22s   kubelet            Created container webapp
  Normal  Started    21s   kubelet            Started container webapp

我們可以從Events中看到,我們K8S集群成功從我們私有倉庫中拉取到鏡像。

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM