一、pod的容器分類
1.1、Pod 特點
- 最小部署單元
- 一組容器的集合
- 一個Pod中的容器共享網絡命名空間
- Pod是短暫的,有自己的生命週期。
1.2、Pod的容器分類
1、infrastructure container:基礎容器
維護整個pod網絡空間:可以在node節點操作查看容器的網絡
[root@localhost ~]# cat /opt/kubernetes/cfg/kubelet
2、initcontainers:初始化容器
- 先於業務容器開始執行,原先pod中容器是並行開啓,現在進行了改進
3、container:業務容器
- 業務容器就是我們創建的pod資源內的容器服務,業務容器也叫APP容器,並行啓動
二、鏡像拉取策略 (image PullPolicy)
-
IfNotPresent:默認值,鏡像在宿主機上不存在時才拉取。
-
Always:每次創建Pod都會重新拉取一次鏡像,可以保證都是最新版本鏡像。
-
Never:Pod 永遠不會主動拉取這個鏡像
查看鏡像拉取策略(master節點查看):
[root@master1 demo]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-deployment-d55b94fd-hbnkr 0/1 Pending 0 2m52s
nginx-deployment-d55b94fd-qdj27 0/1 Pending 0 2m51s
nginx-deployment-d55b94fd-x5zd7 0/1 Pending 0 2m52s
[root@master1 demo]# kubectl edit deploy/nginx-deployment #編輯Pod資源查看策略
2.1、嘗試編輯一個pod並指定拉取策略
[root@localhost ~]# cd demo/
[root@localhost demo]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image: nginx:1.14
imagePullPolicy: Always
[root@master1 demo]# kubectl create -f pod1.yaml
pod/mypod created
[root@master1 demo]# kubectl get pod
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 52s
查看容器詳細信息:kubectl describe pod 名稱
//查看分配節點
[root@localhost demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
mypod 1/1 Running 0 118s 172.17.31.6 192.168.195.150 <none>
//在任意node節點使用 curl 查看頭部信息
[root@node2 ~]# curl -I 172.17.57.3
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 13 May 2020 02:12:07 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 04 Dec 2018 14:44:49 GMT
Connection: keep-alive
ETag: "5c0692e1-264"
Accept-Ranges: bytes
三、搭建 k8s 的私有倉庫
1、開局優化,修改主機名(harbor),關閉防火牆,上傳docker-compose和harbor的軟件包(操作不在贅述),私有倉庫的IP地址爲:192.168.100.134
2、docker 和 docker-compose 安裝,可以看我之前的博客。
博客鏈接:Docker之入門初瞭解、部署與鏡像加速、網絡優化
3、 安裝harbor
[root@harbor ~]# tar zxf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
[root@harbor ~]# cd /usr/local/harbor/
[root@harbor harbor]# ls
修改harbor的參數文件harbor.cfg
[root@harbor harbor]# vi harbor.cfg
hostname = 192.168.100.134 ##修改爲監聽本地地址,不可以使用localhost或者127.0.0.1
[root@harbor harbor]# sh install.sh
到這裏,harbor安裝已經完成
4、登錄harbor界面,在瀏覽器輸入192.168.100.134,新建私有項目project
5、所有node節點都要修改daemon-json文件,指定harbor倉庫地址,修改完文件後記得重啓Docker
[root@node1 ~]# vim /etc/docker/daemon.json
[root@node1 ~]# systemctl daemon-reload
[root@node1 ~]# systemctl restart docker
注意:在使用harbor下載鏡像創建資源時候,要保證node處於harbor登錄狀態
//其中一個node節點登錄harbor私有倉庫
[root@node1 ~]# docker login 192.168.100.134
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
//下載Tomcat鏡像進行推送
[root@node1 ~]# docker pull tomcat:8.0.52
//打標籤
[root@node1 ~]# docker tag tomcat:8.0.52 192.168.100.134/project/tomcat
此處IP地址是harbor地址
//上傳鏡像到倉庫
[root@node1 ~]# docker push 192.168.100.134/project/tomcat
6、指定node節點從私有倉庫下載
- 查看node節點登錄harbor的憑據(所有node節點的憑據是一樣的)
[root@node1 ~]# cat .docker/config.json |base64 -w 0
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjEwMC4xMzQiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
- 在master節點創建secret資源
[root@master1 demo]# vim registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: registry-pull-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjEwMC4xMzQiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTkuMDMuOCAobGludXgpIgoJfQp9
type: kubernetes.io/dockerconfigjson
//創建secret資源
[root@master test]# kubectl create -f registry-pull-secret.yaml
secret/registry-pull-secret created
//查看secret資源
[root@master1 demo]# kubectl get secret
NAME TYPE DATA AGE
default-token-9qgnr kubernetes.io/service-account-token 3 13d
registry-pull-secret kubernetes.io/dockerconfigjson 1 50s
在master節點上創建資源從harbor中下載鏡像
[root@localhost demo]# vim tomcat-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-tomcat
spec:
replicas: 2
template:
metadata:
labels:
app: my-tomcat
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: my-tomcat
image: 192.168.195.80/project/tomcat
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: my-tomcat
spec:
type: NodePort
ports:
- port: 8080
targetPort: 8080
nodePort: 31111
selector:
app: my-tomcat
創建資源並查看
[root@master1 demo]# kubectl create -f tomcat-deployment.yaml
[root@master1 demo]# kubectl get pod
NAME READY STATUS RESTARTS AGE
my-tomcat-7d697d459b-5g6zw 1/1 Running 0 33s
my-tomcat-7d697d459b-9wgd2 1/1 Running 0 33s
mypod 1/1 Running 1 92m
此時查看harbor鏡像倉庫,發現鏡像被下載了兩次。