Pod资源管理——基于私有仓库(harbor)创建pod资源

pod特点

  • 最小部署单元
  • 一组容器的集合
  • 一个Pod中的容器共享网络命名空间
  • Pod是短暂的

Pod容器分类

1:infrastructure container 基础容器

  • 维护整个Pod网络空间
  • node节点操作
  • 查看容器的网络
[root@localhost ~]# cat /opt/kubernetes/cfg/kubelet
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
  • 每次创建Pod时候就会创建,与Pod对应的,对于用户是透明的
[root@localhost ~]# docker ps
registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0   "/pause"

2:initcontainers 初始化容器

  • 先于业务容器开始执行,原先Pod中容器是并行开启,现在进行了改进

3:container 业务容器

  • 并行启动
  • 官方网站
    https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

示例:

在这里插入图片描述

镜像拉取策略(image PullPolicy)

  • IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
  • Always:每次创建Pod都会重新拉取一次镜像
  • Never:Pod永远不会主动拉取这个镜像
    官网文档介绍
    https://kubernetes.io/docs/concepts/containers/images
    示例:

在这里插入图片描述
需要事先部署k8s平台https://blog.csdn.net/weixin_42099301/article/details/108882065

  • master01操作

[root@localhost demo]# kubectl edit deployment/nginx
spec:
      containers:
      - image: nginx:latest
        imagePullPolicy: Always
        name: nginx
        ports:
        - containerPort: 80
          protocol: TCP
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30

[root@localhost ~]# cd demo/
[root@localhost demo]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
    - name: nginx
      image: nginx
      imagePullPolicy: Always
      command: [ "echo", "SUCCESS" ]
[root@localhost demo]# kubectl create -f pod1.yaml 
pod/mypod created
[root@localhost demo]# kubectl get pods
NAME                              READY   STATUS             RESTARTS   AGE
mypod                             0/1     CrashLoopBackOff   2          49s
//失败的状态的原因是因为命令启动冲突
删除 command: [ "echo", "SUCCESS" ]
//同时更改一下版本
image: nginx:1.14
//删除原有的资源
[root@localhost demo]# kubectl delete -f pod1.yaml 
pod "mypod" deleted
//更新资源
[root@localhost demo]# kubectl apply -f pod1.yaml 
pod/mypod created
[root@localhost demo]# kubectl get pods
NAME                              READY   STATUS    RESTARTS   AGE
mypod                             1/1     Running   0          34s
//查看分配节点
[root@localhost demo]# kubectl get pods -o wide
NAME                              READY   STATUS    RESTARTS   AGE    IP            NODE              NOMINATED NODE
mypod                             1/1     Running   0          118s   172.17.31.6   192.168.195.150   <none>
//在任意node节点使用curl 查看头部信息
//node节点操作
[root@localhost ~]# curl -I 172.17.31.6
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 12 Feb 2020 04:42:42 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 04 Dec 2018 14:44:49 GMT
Connection: keep-alive
ETag: "5c0692e1-264"
Accept-Ranges: bytes

在这里插入图片描述

  • node节点配置连接私有仓库(注意后面的逗号要添加)

[root@localhost ~]# vim /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://05vz3np5.mirror.aliyuncs.com"],
  "insecure-registries":["192.168.195.80"]
}
//登录harbor私有仓库
[root@localhost ~]# docker login 192.168.195.80
Username: admin  
Password:     //输入密码Harbor12345
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

  • 下载Tomcat镜像进行推送

[root@localhost ~]# docker pull tomcat
[Using default tag: latest
latest: Pulling from library/tomcat
dc65f448a2e2: Pull complete 
346ffb2b67d7: Pull complete 
dea4ecac934f: Pull complete 
8ac92ddf84b3: Pull complete 
d8ef64070a18: Pull complete 
6577248b0d6e: Pull complete 
576c0a3a6af9: Pull complete 
6e0159bd18db: Pull complete 
8c831308dd9e: Pull complete 
c603174def53: Pull complete 
Digest: sha256:e895bcbfa20cf4f3f19ca11451dabc166fc8e827dfad9dd714ecaa8c065a3b18
Status: Downloaded newer image for tomcat:latest
docker.io/library/tomcat:latest

  • 推送格式

 docker tag SOURCE_IMAGE[:TAG] 192.168.195.80/project/IMAGE[:TAG]
 

在这里插入图片描述

  • 打标签
[root@localhost ~]# docker tag tomcat 192.168.195.80/project/tomcat
  • 推送成功

[root@localhost ~]# docker push 192.168.195.80/project/tomcat
The push refers to repository [192.168.195.80/project/tomcat]
462b69413f6f: Pushed 
d378747b2549: Pushed 
78f5460c83b5: Pushed 
c601709dd5d2: Pushed 
72ce39f2b7f6: Pushed 
33783834b288: Pushed 
5c813a85f7f0: Pushed 
bdca38f94ff0: Pushed 
faac394a1ad3: Pushed 
ce8168f12337: Pushed 
latest: digest: sha256:8ffa1b72bf611ac305523ed5bd6329afd051c7211fbe5f0b5c46ea5fb1adba46 size: 2421

在这里插入图片描述

  • 进行进项下载问题就会出现,需要登录才能下载

问题点:缺少仓库的凭据


[root@localhost ~]# docker pull 192.168.195.80/project/tomcat
Using default tag: latest
Error response from daemon: pull access denied for 192.168.195.80/project/tomcat, repository does not exist or may require 'docker login': denied: requested access to the resource is denied

  • node节点下载tomcat镜像
docker pull tomcat:8.0.52  ##在节点上使用公有仓库下载Tomcat:8.0.52镜像
[root@localhost demo]# vim tomcat-deployment.yaml   ##在master制作Tomcat的pod资源
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: my-tomcat8
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: my-tomcat
    spec:
      containers:
      - name: my-tomcat
        image: docker.io/tomcat:8.0.52
        ports:
        - containerPort: 80
---  
apiVersion: v1
kind: Service
metadata:
  name: my-tomcat
spec:
  type: NodePort
  ports:
  - port: 8080
    targetPort: 8080
    nodePort: 31111
  selector:
    app: my-tomcat

  • 基于yaml创建pod
[root@localhost demo]# kubectl create -f tomcat-deployment.yaml 
deployment.extensions/tomcat created
service/tomcat-service created

[root@localhost demo]# kubectl get pods,deploy,svc
NAME                                  READY   STATUS    RESTARTS   AGE
pod/my-tomcat-57667b9d9-nklvj         1/1     Running   0          10m
pod/my-tomcat-57667b9d9-wllnp         1/1     Running   0          10m
pod/mypod                             1/1     Running   1          12h
pod/nginx-7697996758-75shs            1/1     Running   1          2d10h
pod/nginx-7697996758-b7tjw            1/1     Running   1          2d10h
pod/nginx-7697996758-jddc5            1/1     Running   1          2d10h
pod/nginx-deployment-d55b94fd-4px2w   1/1     Running   1          36h
pod/nginx-deployment-d55b94fd-899hz   1/1     Running   1          36h
pod/nginx-deployment-d55b94fd-d7fqn   1/1     Running   1          36h

NAME                                     DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deployment.extensions/my-tomcat          2         2         2            2           10m
deployment.extensions/nginx              3         3         3            3           2d10h
deployment.extensions/nginx-deployment   3         3         3            3           36h

NAME                    TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)          AGE
service/kubernetes      ClusterIP   10.0.0.1     <none>        443/TCP          15d
service/my-tomcat       NodePort    10.0.0.167   <none>        8080:31111/TCP   10m
service/nginx-service   NodePort    10.0.0.225   <none>        80:47722/TCP     36h

问题处理

  • 如果遇到处于Terminating状态的无法删除的资源如何处理
[root@localhost demo]# kubectl get pods
NAME                              READY   STATUS        RESTARTS   AGE
my-tomcat-57667b9d9-nklvj         1/1     Terminating   0          10h
my-tomcat-57667b9d9-wllnp         1/1     Terminating   0          10h
//这种情况下可以使用强制删除命令:
kubectl delete pod [pod name] --force --grace-period=0 -n [namespace]

[root@localhost demo]# kubectl delete pod my-tomcat-57667b9d9-nklvj --force --grace-period=0 -n default
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "my-tomcat-57667b9d9-nklvj" force deleted

[root@localhost demo]# kubectl delete pod my-tomcat-57667b9d9-wllnp --force --grace-period=0 -n default
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "my-tomcat-57667b9d9-wllnp" force deleted

[root@localhost demo]# kubectl get pods
NAME                              READY   STATUS    RESTARTS   AGE
mypod                             1/1     Running   1          23h
nginx-7697996758-75shs            1/1     Running   1          2d21h
nginx-7697996758-b7tjw            1/1     Running   1          2d21h
nginx-7697996758-jddc5            1/1     Running   1          2d21h
nginx-deployment-d55b94fd-4px2w   1/1     Running   1          47h
nginx-deployment-d55b94fd-899hz   1/1     Running   1          47h
nginx-deployment-d55b94fd-d7fqn   1/1     Running   1          47h

  • node01上操作(之前登陆过harbor仓库的节点)
  • 镜像打标签

[root@localhost ~]# docker tag tomcat:8.0.52 192.168.195.80/project/tomcat

  • 上传镜像到harbor

[root@localhost ~]# docker push 192.168.195.80/project/tomcat

  • 查看登陆凭据

[root@localhost ~]# cat .docker/config.json |base64 -w 0
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE5NS44MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0=
在master做一个secret凭证pod资源
[root@localhost demo]# vim registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: registry-pull-secret
data:
  .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE5NS44MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0=
type: kubernetes.io/dockerconfigjson

  • 在master01上操作
  • 创建secret资源

[root@localhost demo]# kubectl create -f registry-pull-secret.yaml 
secret/registry-pull-secret created

  • 查看secret资源

[root@localhost demo]# kubectl get secret
NAME                   TYPE                                  DATA   AGE
default-token-zztl5    kubernetes.io/service-account-token   3      9d
registry-pull-secret   kubernetes.io/dockerconfigjson        1      26s

  • 创建资源从harbor中下载镜像
[root@localhost demo]# vim tomcat-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: my-tomcat
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: my-tomcat
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - name: my-tomcat
        image: 192.168.195.80/project/tomcat
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: my-tomcat
spec:
  type: NodePort
  ports:
  - port: 8080
    targetPort: 8080
    nodePort: 31111
  selector:
    app: my-tomcat
[root@localhost demo]# kubectl create -f tomcat-deployment.yaml 

  • 私有仓库中的镜像被下载了2次

在这里插入图片描述

GitHub 加速计划 / ha / harbor
8
3
下载
Harbor 是一个开源的容器镜像仓库,用于存储和管理 Docker 镜像和其他容器镜像。 * 容器镜像仓库、存储和管理 Docker 镜像和其他容器镜像 * 有什么特点:支持多种镜像格式、易于使用、安全性和访问控制
最近提交(Master分支:4 个月前 )
a548ab70 Add the field extra_attrs to the p2p preheat policy for the provider to define their specified parameters when preheating. Signed-off-by: chlins <chlins.zhang@gmail.com> 6 天前
e4178753 The export CVE permission should be included in the project scope, as the API relies on project-level judgment. Signed-off-by: wang yan <wangyan@vmware.com> 7 天前
Logo

旨在为数千万中国开发者提供一个无缝且高效的云端环境,以支持学习、使用和贡献开源项目。

更多推荐