k8s使用harbor创建POD
harbor
Harbor 是一个开源的容器镜像仓库,用于存储和管理 Docker 镜像和其他容器镜像。 * 容器镜像仓库、存储和管理 Docker 镜像和其他容器镜像 * 有什么特点:支持多种镜像格式、易于使用、安全性和访问控制
项目地址:https://gitcode.com/gh_mirrors/ha/harbor
免费下载资源
·
k8s使用harbor创建POD
1、环境准备
1.1安装harborv2.1.0
1.2安装k8sv1.2
1.3部署flannel-v0.10.0网络空间
1.4下载pod-infrastructure:latest镜像到镜像仓库(必须)
2、yaml文件说明
例如:创建一个node-export.yaml
vi node-export.yaml
apiVersion: apps/v1 #指定api版本,此值必须在kubectl apiversion中
kind: DaemonSet #指定创建资源的角色/类型
metadata: #资源的元数据/属性
name: node-exporter #资源的名字,在同一个namespace中必须唯一
namespace: prom-grafana #比如创建的有该名称的namespace
labels: #设定资源的标签
name: node-exporter
spec: #指定该资源的内容
selector:
matchLabels:
name: node-exporter
template:
metadata:
labels:
name: node-exporter
spec:
hostPID: true
hostIPC: true
hostNetwork: true
containers: #容器设置
- name: node-exporter
image: prom/node-exporter:v0.16.0 #镜像名称(可以改变成内网,但比如加认证内容)
imagePullPolicy: Never #拉取策略,从本地拉取
ports:
- containerPort: 9100
resources:
requests:
cpu: 0.15
securityContext:
privileged: true
args:
- --path.procfs
- /host/proc
- --path.sysfs
- /host/sys
- --collector.filesystem.ignored-mount-points
- '"^/(sys|proc|dev|host|etc)($|/)"'
volumeMounts:
- name: dev
mountPath: /host/dev
- name: proc
mountPath: /host/proc
- name: sys
mountPath: /host/sys
- name: rootfs
mountPath: /rootfs
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
volumes:
- name: proc
hostPath:
path: /proc
- name: dev
hostPath:
path: /dev
- name: sys
hostPath:
path: /sys
- name: rootfs
hostPath:
path: /
3、创建步骤
3.1修改node机器kubernetes的kubelet配置文件
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=10.25.247.145 \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--config=/opt/kubernetes/cfg/kubelet.config \
--cert-dir=/opt/kubernetes/ssl \
#下列内容为每个POD创建是都会拉取的POD镜像,此环境无外网
--pod-infra-container-image=10.25.193.138/teamco/pod-infrastructure:latest"
3.2生效配置文件
#执行命令
systemctl daemon-reload
systemctl restart kubelet
3.3本地镜像创建
#沿用上面node-export.yaml
#注意:
image: prom/node-exporter:v0.16.0 #该镜像本地必须下载的有
imagePullPolicy: Never #该策略为只从本地下载
3.4镜像仓库拉取创建
3.4.1创建namespace资源对象prom-grafana
vi prom-grafana-namespaces.yaml
apiVersion: v1
kind: Namespace
metadata:
name: prom-grafana
labels:
name: prom-grafana
#命令执行
kubectl create -f prom-grafana-namespaces.yaml
namespace/prom-grafana created
3.4.2创建sa账户
#命令
kubectl create serviceaccount drifter -n prom-grafana
serviceaccount/drifter created
把sa 账号drifter通过clusterrolebing绑定到clusterrole上
kubectl create clusterrolebinding drifter-clusterrolebinding -n prom-grafana --clusterrole=cluster-admin --serviceaccount=prom-grafana:drifter
clusterrolebinding.rbac.authorization.k8s.io/drifter-clusterrolebinding created
3.4.3创建数据目录
#每个node节点都需要执行
mkdir /data
chmod 777 /data/
3.4.4创建imagePullSecrets对象
3.4.4.1登陆内网harbor
docker login 10.25.193.138
3.4.4.2查看登陆harbor的凭据
cat ~/.docker/config.json |base64 -w 0
3.4.4.3修改已经创建的namespace资源对象prom-grafana
apiVersion: v1
kind: Namespace
metadata:
name: prom-grafana
labels:
name: prom-grafana
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4yNS4xOTMuMTM4IjogewoJCQkiYXV0aCI6ICJaR2hzYVhWck9rRmtiV2x1TVRJeiIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
type: kubernetes.io/dockerconfigjson
#执行命令
kubectl delete -f prom-grafana-namespaces.yaml
kubectl create -f prom-grafana-namespaces.yaml
3.4.6安装node-exporter
vi node-export.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-exporter
namespace: prom-grafana
labels:
name: node-exporter
spec:
selector:
matchLabels:
name: node-exporter
template:
metadata:
labels:
name: node-exporter
spec:
hostPID: true
hostIPC: true
hostNetwork: true
imagePullSecrets:
- name:prom-grafana
containers:
- name: node-exporter
image: 10.25.193.138/teamco/node-exporter:v0.16.0
ports:
- containerPort: 9100
resources:
requests:
cpu: 0.15
securityContext:
privileged: true
args:
- --path.procfs
- /host/proc
- --path.sysfs
- /host/sys
- --collector.filesystem.ignored-mount-points
- '"^/(sys|proc|dev|host|etc)($|/)"'
volumeMounts:
- name: dev
mountPath: /host/dev
- name: proc
mountPath: /host/proc
- name: sys
mountPath: /host/sys
- name: rootfs
mountPath: /rootfs
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
volumes:
- name: proc
hostPath:
path: /proc
- name: dev
hostPath:
path: /dev
- name: sys
hostPath:
path: /sys
- name: rootfs
hostPath:
path: /
#创建
kubectl create -f node-export.yaml
path: /proc
- name: dev
hostPath:
path: /dev
- name: sys
hostPath:
path: /sys
- name: rootfs
hostPath:
path: /
#创建
kubectl create -f node-export.yaml
GitHub 加速计划 / ha / harbor
23.24 K
4.68 K
下载
Harbor 是一个开源的容器镜像仓库,用于存储和管理 Docker 镜像和其他容器镜像。 * 容器镜像仓库、存储和管理 Docker 镜像和其他容器镜像 * 有什么特点:支持多种镜像格式、易于使用、安全性和访问控制
最近提交(Master分支:1 个月前 )
ad8c5df5
Signed-off-by: chlins <chlins.zhang@gmail.com>
Co-authored-by: Wang Yan <wangyan@vmware.com> 6 天前
ab400c9d
* Implemented proxy-cache bandwidth limit UI change
Signed-off-by: kunal-511 <yoyokvunal@gmail.com>
* Removed ducplicate space between words
Signed-off-by: kunal-511 <yoyokvunal@gmail.com>
* Fix UT issue
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
---------
Signed-off-by: kunal-511 <yoyokvunal@gmail.com>
Signed-off-by: stonezdj <stone.zhang@broadcom.com>
Co-authored-by: stonezdj <stone.zhang@broadcom.com> 6 天前
更多推荐
已为社区贡献1条内容
所有评论(0)