Pod资源管理——基于私有仓库(harbor)创建pod资源
harbor
Harbor 是一个开源的容器镜像仓库,用于存储和管理 Docker 镜像和其他容器镜像。 * 容器镜像仓库、存储和管理 Docker 镜像和其他容器镜像 * 有什么特点:支持多种镜像格式、易于使用、安全性和访问控制
项目地址:https://gitcode.com/gh_mirrors/ha/harbor
免费下载资源
·
Pod资源管理——基于私有仓库(harbor)创建pod资源
pod特点
- 最小部署单元
- 一组容器的集合
- 一个Pod中的容器共享网络命名空间
- Pod是短暂的
Pod容器分类
1:infrastructure container 基础容器
- 维护整个Pod网络空间
- node节点操作
- 查看容器的网络
[root@localhost ~]# cat /opt/kubernetes/cfg/kubelet
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
- 每次创建Pod时候就会创建,与Pod对应的,对于用户是透明的
[root@localhost ~]# docker ps
registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 "/pause"
2:initcontainers 初始化容器
- 先于业务容器开始执行,原先Pod中容器是并行开启,现在进行了改进
3:container 业务容器
- 并行启动
- 官方网站
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
示例:
镜像拉取策略(image PullPolicy)
- IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
- Always:每次创建Pod都会重新拉取一次镜像
- Never:Pod永远不会主动拉取这个镜像
官网文档介绍
https://kubernetes.io/docs/concepts/containers/images
示例:
需要事先部署k8s平台https://blog.csdn.net/weixin_42099301/article/details/108882065
- master01操作
[root@localhost demo]# kubectl edit deployment/nginx
spec:
containers:
- image: nginx:latest
imagePullPolicy: Always
name: nginx
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
[root@localhost ~]# cd demo/
[root@localhost demo]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: Always
command: [ "echo", "SUCCESS" ]
[root@localhost demo]# kubectl create -f pod1.yaml
pod/mypod created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 0/1 CrashLoopBackOff 2 49s
//失败的状态的原因是因为命令启动冲突
删除 command: [ "echo", "SUCCESS" ]
//同时更改一下版本
image: nginx:1.14
//删除原有的资源
[root@localhost demo]# kubectl delete -f pod1.yaml
pod "mypod" deleted
//更新资源
[root@localhost demo]# kubectl apply -f pod1.yaml
pod/mypod created
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 34s
//查看分配节点
[root@localhost demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
mypod 1/1 Running 0 118s 172.17.31.6 192.168.195.150 <none>
//在任意node节点使用curl 查看头部信息
//node节点操作
[root@localhost ~]# curl -I 172.17.31.6
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 12 Feb 2020 04:42:42 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 04 Dec 2018 14:44:49 GMT
Connection: keep-alive
ETag: "5c0692e1-264"
Accept-Ranges: bytes
- node节点配置连接私有仓库(注意后面的逗号要添加)
[root@localhost ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://05vz3np5.mirror.aliyuncs.com"],
"insecure-registries":["192.168.195.80"]
}
//登录harbor私有仓库
[root@localhost ~]# docker login 192.168.195.80
Username: admin
Password: //输入密码Harbor12345
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
- 下载Tomcat镜像进行推送
[root@localhost ~]# docker pull tomcat
[Using default tag: latest
latest: Pulling from library/tomcat
dc65f448a2e2: Pull complete
346ffb2b67d7: Pull complete
dea4ecac934f: Pull complete
8ac92ddf84b3: Pull complete
d8ef64070a18: Pull complete
6577248b0d6e: Pull complete
576c0a3a6af9: Pull complete
6e0159bd18db: Pull complete
8c831308dd9e: Pull complete
c603174def53: Pull complete
Digest: sha256:e895bcbfa20cf4f3f19ca11451dabc166fc8e827dfad9dd714ecaa8c065a3b18
Status: Downloaded newer image for tomcat:latest
docker.io/library/tomcat:latest
- 推送格式
docker tag SOURCE_IMAGE[:TAG] 192.168.195.80/project/IMAGE[:TAG]
- 打标签
[root@localhost ~]# docker tag tomcat 192.168.195.80/project/tomcat
- 推送成功
[root@localhost ~]# docker push 192.168.195.80/project/tomcat
The push refers to repository [192.168.195.80/project/tomcat]
462b69413f6f: Pushed
d378747b2549: Pushed
78f5460c83b5: Pushed
c601709dd5d2: Pushed
72ce39f2b7f6: Pushed
33783834b288: Pushed
5c813a85f7f0: Pushed
bdca38f94ff0: Pushed
faac394a1ad3: Pushed
ce8168f12337: Pushed
latest: digest: sha256:8ffa1b72bf611ac305523ed5bd6329afd051c7211fbe5f0b5c46ea5fb1adba46 size: 2421
- 进行进项下载问题就会出现,需要登录才能下载
问题点:缺少仓库的凭据
[root@localhost ~]# docker pull 192.168.195.80/project/tomcat
Using default tag: latest
Error response from daemon: pull access denied for 192.168.195.80/project/tomcat, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
- node节点下载tomcat镜像
docker pull tomcat:8.0.52 ##在节点上使用公有仓库下载Tomcat:8.0.52镜像
[root@localhost demo]# vim tomcat-deployment.yaml ##在master制作Tomcat的pod资源
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-tomcat8
spec:
replicas: 2
template:
metadata:
labels:
app: my-tomcat
spec:
containers:
- name: my-tomcat
image: docker.io/tomcat:8.0.52
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-tomcat
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 31111
selector:
app: my-tomcat
- 基于yaml创建pod
[root@localhost demo]# kubectl create -f tomcat-deployment.yaml
deployment.extensions/tomcat created
service/tomcat-service created
[root@localhost demo]# kubectl get pods,deploy,svc
NAME READY STATUS RESTARTS AGE
pod/my-tomcat-57667b9d9-nklvj 1/1 Running 0 10m
pod/my-tomcat-57667b9d9-wllnp 1/1 Running 0 10m
pod/mypod 1/1 Running 1 12h
pod/nginx-7697996758-75shs 1/1 Running 1 2d10h
pod/nginx-7697996758-b7tjw 1/1 Running 1 2d10h
pod/nginx-7697996758-jddc5 1/1 Running 1 2d10h
pod/nginx-deployment-d55b94fd-4px2w 1/1 Running 1 36h
pod/nginx-deployment-d55b94fd-899hz 1/1 Running 1 36h
pod/nginx-deployment-d55b94fd-d7fqn 1/1 Running 1 36h
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deployment.extensions/my-tomcat 2 2 2 2 10m
deployment.extensions/nginx 3 3 3 3 2d10h
deployment.extensions/nginx-deployment 3 3 3 3 36h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 15d
service/my-tomcat NodePort 10.0.0.167 <none> 8080:31111/TCP 10m
service/nginx-service NodePort 10.0.0.225 <none> 80:47722/TCP 36h
问题处理
- 如果遇到处于Terminating状态的无法删除的资源如何处理
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
my-tomcat-57667b9d9-nklvj 1/1 Terminating 0 10h
my-tomcat-57667b9d9-wllnp 1/1 Terminating 0 10h
//这种情况下可以使用强制删除命令:
kubectl delete pod [pod name] --force --grace-period=0 -n [namespace]
[root@localhost demo]# kubectl delete pod my-tomcat-57667b9d9-nklvj --force --grace-period=0 -n default
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "my-tomcat-57667b9d9-nklvj" force deleted
[root@localhost demo]# kubectl delete pod my-tomcat-57667b9d9-wllnp --force --grace-period=0 -n default
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "my-tomcat-57667b9d9-wllnp" force deleted
[root@localhost demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 1 23h
nginx-7697996758-75shs 1/1 Running 1 2d21h
nginx-7697996758-b7tjw 1/1 Running 1 2d21h
nginx-7697996758-jddc5 1/1 Running 1 2d21h
nginx-deployment-d55b94fd-4px2w 1/1 Running 1 47h
nginx-deployment-d55b94fd-899hz 1/1 Running 1 47h
nginx-deployment-d55b94fd-d7fqn 1/1 Running 1 47h
- node01上操作(之前登陆过harbor仓库的节点)
- 镜像打标签
[root@localhost ~]# docker tag tomcat:8.0.52 192.168.195.80/project/tomcat
- 上传镜像到harbor
[root@localhost ~]# docker push 192.168.195.80/project/tomcat
- 查看登陆凭据
[root@localhost ~]# cat .docker/config.json |base64 -w 0
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE5NS44MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0=
在master做一个secret凭证pod资源
[root@localhost demo]# vim registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: registry-pull-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE5NS44MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0=
type: kubernetes.io/dockerconfigjson
- 在master01上操作
- 创建secret资源
[root@localhost demo]# kubectl create -f registry-pull-secret.yaml
secret/registry-pull-secret created
- 查看secret资源
[root@localhost demo]# kubectl get secret
NAME TYPE DATA AGE
default-token-zztl5 kubernetes.io/service-account-token 3 9d
registry-pull-secret kubernetes.io/dockerconfigjson 1 26s
- 创建资源从harbor中下载镜像
[root@localhost demo]# vim tomcat-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-tomcat
spec:
replicas: 2
template:
metadata:
labels:
app: my-tomcat
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: my-tomcat
image: 192.168.195.80/project/tomcat
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-tomcat
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 31111
selector:
app: my-tomcat
[root@localhost demo]# kubectl create -f tomcat-deployment.yaml
- 私有仓库中的镜像被下载了2次
GitHub 加速计划 / ha / harbor
8
3
下载
Harbor 是一个开源的容器镜像仓库,用于存储和管理 Docker 镜像和其他容器镜像。 * 容器镜像仓库、存储和管理 Docker 镜像和其他容器镜像 * 有什么特点:支持多种镜像格式、易于使用、安全性和访问控制
最近提交(Master分支:4 个月前 )
a548ab70
Add the field extra_attrs to the p2p preheat policy for the provider to
define their specified parameters when preheating.
Signed-off-by: chlins <chlins.zhang@gmail.com> 6 天前
e4178753
The export CVE permission should be included in the project scope, as the API relies on project-level judgment.
Signed-off-by: wang yan <wangyan@vmware.com> 7 天前
更多推荐
已为社区贡献2条内容
所有评论(0)