Kubernates之从Harbor上拉去镜像建立服务

时间 2019-11-13

标签 kubernates harbor 拉去镜像建立服务繁體版

原文原文链接

Kubernates版本为1.11.4，Harbor的版本是1.7。html

搭建好Kubernates后(一个master节点和俩个node节点)，若是要建立服务，就须要镜像，若是不配置Kubernates从镜像仓库拉取，那么就须要将镜像传到每一个节点上(master和全部node)，很麻烦，效率很低，因此咱们的目标是配置Kubernates，让其从Harbor上拉取镜像。node

注：个人Harbor服务所在的IP是192.168.33.5，如何安装Harbor，请看个人这篇博客。nginx

１、将Harbor加入k8s宿主机Docker的insecure-registries中

修改k8s的master和俩个node的/etc/docker/daemon.json，将192.168.33.5将入到insecure-registries中，以下所示：docker

List-1.1json

[root@localhost data]# more /etc/docker/daemon.json 
{"bip": "172.172.172.1/24","insecure-registries": ["10.221.128.52","192.168.33.5"]}

重启Docker服务，以下List-1.2api

List-1.2bash

[root@localhost data]# systemctl daemon-reload
[root@localhost data]# systemctl restart Docker

在每一个节点上试试可否login到192.168.33.5，以下List-1.3session

List-1.3app

[root@localhost data]# docker login 192.168.33.5
Username (mjduan): 
Password: 
Login Succeeded

２、用yaml在k8s上建立服务

在master节点执行以下List-2.1，建立secret，其中registry-harbor2是名称，namespace的值使用default，docker-server的值是Harbor的IP，docker-username和docker-password的值是在Harbor上建立的用户。spa

List-2.1

kubectl create secret docker-registry registry-harbor2 --namespace=default \
 --docker-server=http://192.168.33.5 --docker-username=mjduan \
 --docker-password=***** --docker-email=dmj1161859184@126.com

List-2.2 查看建立了的secret

[root@localhost data]# kubectl get secret
NAME                  TYPE                                  DATA      AGE
default-token-dqvqc   kubernetes.io/service-account-token   3         12h
registry-harbor2      kubernetes.io/dockerconfigjson        1         5h

建立以下List-2.3所示的nginx.yaml，注意imagePullSecrets的值是registry-harbor2

List-2.3

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: 192.168.33.5/project/nginx:1.0
        imagePullPolicy: Always
        ports:
        - containerPort: 80
      imagePullSecrets:
      - name: registry-harbor2
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  type: NodePort
  sessionAffinity: ClientIP
  selector:
    app: nginx
  ports:
    - port: 80
      nodePort: 30180

以后用kubectl建立服务，以下List-2.4

List-2.4

[root@localhost data]# create -f deploy-nginx.yaml

查看结果，以下List-2.5

List-2.5

[root@localhost data]# kubectl get services
NAME            TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes      ClusterIP   10.96.0.1        <none>        443/TCP        12h
nginx-service   NodePort    10.103.100.169   <none>        80:30180/TCP   5h
[root@localhost data]# kubectl get pods
NAME                                READY     STATUS    RESTARTS   AGE
nginx-deployment-789794d957-m7wjv   1/1       Running   0          5h
[root@localhost data]#

Reference

https://www.cnblogs.com/wayneiscoming/p/7716238.html
https://www.jianshu.com/p/010e4a7afe5e