k8s 使用本地docker倉庫

k8s 使用本地docker倉庫

環境：
    樹莓派4B 4G+
    K8S version：1.16.2
    集羣：1 master  2 node
    倉庫ip：192.168.1.2：5000

前提：

    本地已搭建好docker本地倉庫：
    例如執行以下命令運行本地倉庫：
    docker run -d -p 5000:5000 --name=registry --restart=always --privileged=true  --log-driver=none -v /app/docker/registry:/tmp/registry registry

    本地倉庫以有鏡像，以nginx鏡像爲例


1、確保docker能夠http到本地倉庫，docker默認是https，禁用掉了http，需要在配置文件中聲明：

root@k8smaster:/app/k8s/conf/ym# cat /etc/docker/daemon.json 
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
   "iptables": false,
   "ip-masq": false,
   "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],
   "graph": "/app/docker/run",
   "insecure-registries":["192.168.1.2:5000"]
}

其中：   "insecure-registries":["192.168.1.2:5000"] 這個參數是聲明http訪問本地倉庫，注意，各個node節點的docker都需要加入該參數


2、創建一個docker賬戶，以上創建本地倉庫命令並沒有創建docker賬戶：

在倉庫所在主機創建一個倉庫登錄賬戶，由於我把本地倉庫直接放在了K8S master所在主機上，所以直接在mater主機創建倉庫登錄賬戶

docker login 192.168.1.2:5000
輸入用戶名：root
輸入密碼：123456

沒有創建賬戶的，第一次登錄會創建一個賬戶，該文件會創建在 ~/.docker/目錄下的conf文件中

這時候其他主機的docker login已經能夠登錄到該倉庫了


3、創建K8S secret：
    kubectl create secret docker-registry regs --docker-server=192.168.1.2:5000 --docker-username=root --docker-password=123456 --namespace=dep

    注意我是指定了namespace的，根據實際情況決定是否要加上指定空間等參數，也可以不加默認到default下

4、查看本次倉庫鏡像版本等詳情：
root@k8smaster:/app/k8s/conf/ym# curl -XGET 192.168.1.2:5000/v2/nginx/tags/list
{"name":"nginx","tags":["latest"]}

5、查看剛剛創建的secret：
root@k8smaster:/app/k8s/conf/ym# kubectl get secret -n dep
NAME                  TYPE                                  DATA   AGE
default-token-hfjnk   kubernetes.io/service-account-token   3      18h
regs                  kubernetes.io/dockerconfigjson        1      49m

6、開始寫nginx pod的yaml文件：
root@k8smaster:/app/k8s/conf/ym# cat nginx.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx-t
  namespace: dep

spec:
  containers:
  - name: nginx-t
    image: 192.168.1.2:5000/nginx:latest
  imagePullSecrets:
  - name: regs


7、等待pod的啓動，並獲取它的信息：
root@k8smaster:/app/k8s/conf/ym# kubectl get pods nginx-t -n dep --output=yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"name":"nginx-t","namespace":"dep"},"spec":{"containers":[{"image":"192.168.1.2:5000/nginx:latest","name":"nginx-t"}],"imagePullSecrets":[{"name":"regs"}]}}
  creationTimestamp: "2020-03-12T08:04:07Z"
  name: nginx-t
  namespace: dep
  resourceVersion: "710399"
  selfLink: /api/v1/namespaces/dep/pods/nginx-t
  uid: 5cf73180-4a8f-4b98-9f69-ab9ce6f76155
spec:
  containers:
  - image: 192.168.1.2:5000/nginx:latest
    imagePullPolicy: Always
    name: nginx-t
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-hfjnk
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  imagePullSecrets:
  - name: regs
  nodeName: k8snode1
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: default-token-hfjnk
    secret:
      defaultMode: 420
      secretName: default-token-hfjnk
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2020-03-12T08:04:07Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2020-03-12T08:05:42Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2020-03-12T08:05:42Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2020-03-12T08:04:07Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://0cca8cee026adad5b9be2bd2f540aa17e81f6e15c834945eba7976eac39b13eb
    image: 192.168.1.2:5000/nginx:latest
    imageID: docker-pullable://192.168.1.2:5000/nginx@sha256:1fe697934cec1c15ae04d198d7b29270bf2e187dcf6c093d23f182116d5e651d
    lastState: {}
    name: nginx-t
    ready: true
    restartCount: 0
    started: true
    state:
      running:
        startedAt: "2020-03-12T08:05:41Z"
  hostIP: 192.168.1.3
  phase: Running
  podIP: 10.244.2.4
  podIPs:
  - ip: 10.244.2.4
  qosClass: BestEffort
  startTime: "2020-03-12T08:04:07Z"



由啓動後pod打出的yaml得知，該鏡像從本地拉取並運行


同樣，查看pod的啓動事件：
root@k8smaster:/app/k8s/conf/ym# kubectl get events -n dep
LAST SEEN   TYPE     REASON      OBJECT        MESSAGE
<unknown>   Normal   Scheduled   pod/nginx-t   Successfully assigned dep/nginx-t to k8snode1
59m         Normal   Pulling     pod/nginx-t   Pulling image "192.168.1.2:5000/nginx:latest"
58m         Normal   Pulled      pod/nginx-t   Successfully pulled image "192.168.1.2:5000/nginx:latest"
57m         Normal   Created     pod/nginx-t   Created container nginx-t
57m         Normal   Started     pod/nginx-t   Started container nginx-t


能看出K8S從本地拉取的鏡像