k8s 使用本地docker倉庫
環境:
樹莓派4B 4G+
K8S version:1.16.2
集羣:1 master 2 node
倉庫ip:192.168.1.2:5000
前提:
本地已搭建好docker本地倉庫:
例如執行以下命令運行本地倉庫:
docker run -d -p 5000:5000 --name=registry --restart=always --privileged=true --log-driver=none -v /app/docker/registry:/tmp/registry registry
本地倉庫以有鏡像,以nginx鏡像爲例
1、確保docker能夠http到本地倉庫,docker默認是https,禁用掉了http,需要在配置文件中聲明:
root@k8smaster:/app/k8s/conf/ym# cat /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"iptables": false,
"ip-masq": false,
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],
"graph": "/app/docker/run",
"insecure-registries":["192.168.1.2:5000"]
}
其中: "insecure-registries":["192.168.1.2:5000"] 這個參數是聲明http訪問本地倉庫,注意,各個node節點的docker都需要加入該參數
2、創建一個docker賬戶,以上創建本地倉庫命令並沒有創建docker賬戶:
在倉庫所在主機創建一個倉庫登錄賬戶,由於我把本地倉庫直接放在了K8S master所在主機上,所以直接在mater主機創建倉庫登錄賬戶
docker login 192.168.1.2:5000
輸入用戶名:root
輸入密碼:123456
沒有創建賬戶的,第一次登錄會創建一個賬戶,該文件會創建在 ~/.docker/目錄下的conf文件中
這時候其他主機的docker login已經能夠登錄到該倉庫了
3、創建K8S secret:
kubectl create secret docker-registry regs --docker-server=192.168.1.2:5000 --docker-username=root --docker-password=123456 --namespace=dep
注意我是指定了namespace的,根據實際情況決定是否要加上指定空間等參數,也可以不加默認到default下
4、查看本次倉庫鏡像版本等詳情:
root@k8smaster:/app/k8s/conf/ym# curl -XGET 192.168.1.2:5000/v2/nginx/tags/list
{"name":"nginx","tags":["latest"]}
5、查看剛剛創建的secret:
root@k8smaster:/app/k8s/conf/ym# kubectl get secret -n dep
NAME TYPE DATA AGE
default-token-hfjnk kubernetes.io/service-account-token 3 18h
regs kubernetes.io/dockerconfigjson 1 49m
6、開始寫nginx pod的yaml文件:
root@k8smaster:/app/k8s/conf/ym# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-t
namespace: dep
spec:
containers:
- name: nginx-t
image: 192.168.1.2:5000/nginx:latest
imagePullSecrets:
- name: regs
7、等待pod的啓動,並獲取它的信息:
root@k8smaster:/app/k8s/conf/ym# kubectl get pods nginx-t -n dep --output=yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"name":"nginx-t","namespace":"dep"},"spec":{"containers":[{"image":"192.168.1.2:5000/nginx:latest","name":"nginx-t"}],"imagePullSecrets":[{"name":"regs"}]}}
creationTimestamp: "2020-03-12T08:04:07Z"
name: nginx-t
namespace: dep
resourceVersion: "710399"
selfLink: /api/v1/namespaces/dep/pods/nginx-t
uid: 5cf73180-4a8f-4b98-9f69-ab9ce6f76155
spec:
containers:
- image: 192.168.1.2:5000/nginx:latest
imagePullPolicy: Always
name: nginx-t
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-hfjnk
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
imagePullSecrets:
- name: regs
nodeName: k8snode1
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: default-token-hfjnk
secret:
defaultMode: 420
secretName: default-token-hfjnk
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2020-03-12T08:04:07Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2020-03-12T08:05:42Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2020-03-12T08:05:42Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2020-03-12T08:04:07Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://0cca8cee026adad5b9be2bd2f540aa17e81f6e15c834945eba7976eac39b13eb
image: 192.168.1.2:5000/nginx:latest
imageID: docker-pullable://192.168.1.2:5000/nginx@sha256:1fe697934cec1c15ae04d198d7b29270bf2e187dcf6c093d23f182116d5e651d
lastState: {}
name: nginx-t
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2020-03-12T08:05:41Z"
hostIP: 192.168.1.3
phase: Running
podIP: 10.244.2.4
podIPs:
- ip: 10.244.2.4
qosClass: BestEffort
startTime: "2020-03-12T08:04:07Z"
由啓動後pod打出的yaml得知,該鏡像從本地拉取並運行
同樣,查看pod的啓動事件:
root@k8smaster:/app/k8s/conf/ym# kubectl get events -n dep
LAST SEEN TYPE REASON OBJECT MESSAGE
<unknown> Normal Scheduled pod/nginx-t Successfully assigned dep/nginx-t to k8snode1
59m Normal Pulling pod/nginx-t Pulling image "192.168.1.2:5000/nginx:latest"
58m Normal Pulled pod/nginx-t Successfully pulled image "192.168.1.2:5000/nginx:latest"
57m Normal Created pod/nginx-t Created container nginx-t
57m Normal Started pod/nginx-t Started container nginx-t
能看出K8S從本地拉取的鏡像