k8s中使用harbor
阿新 • • 發佈:2018-12-03
參考地址:https://www.cnblogs.com/wayneiscoming/p/7716238.html 1、在harbor的ui介面上註冊一個賬號 姓名:zihao 全名:zhuzihao 密碼:[email protected] 郵箱:15613691030@163.com 2、在需要下載映象的機器上,同樣需要修改docker程序引數(跟上傳映象到私有倉庫一樣操作進行修改) 在node節點配置: [[email protected] harbor]# vi /etc/docker/daemon.json { "registry-mirrors": ["https://wb2g6zxl.mirror.aliyuncs.com"],"insecure-registries": ["192.168.43.65:5000"]} [[email protected] harbor]# systemctl restart docker 3、在node節點驗證登入harbor主機 [[email protected] ~]# docker login 192.168.43.65:5000 Username (zihao): zihao Password: Login Succeeded [[email protected] ~]# docker logout Not logged in to https://index.docker.io/v1/ 4、配置私有倉庫harbor的secret 在harbor這臺上先登入,輸入docker login登陸成功後,會在 /root/.docker/ 目標下生成一個 config.json 檔案 [[email protected] harbor]# docker login 192.168.43.65:5000 Username (admin): admin Password: Login Succeeded [[email protected] harbor]# ls /root/.docker/ config.json [[email protected]harbor]# cat /root/.docker/config.json { "auths": { "192.168.43.65:5000": { "auth": "YWRtaW46SGFyYm9yMTIzNDU=" }, "wb2g6zxl.mirror.aliyuncs.com": { "auth": "YWRtaW46SGFyYm9yMTIzNDU=" } } } 建立secret 準備: kubectl create secret docker-registry registry-secret --namespace=default \ --docker-server=192.168.43.65:5000 --docker-username=zihao \ [email protected] --docker-email=15613691030@163.com 建立: [[email protected] nginx-harbor]# kubectl create secret docker-registry registry-secret --namespace=default \ > --docker-server=192.168.43.65:5000 --docker-username=zihao \ > [email protected] --docker-email=15613691030@163.com 檢視secret [[email protected] nginx-harbor]# kubectl get secret NAME TYPE DATA AGE default-token-czfbg kubernetes.io/service-account-token 3 21d registry-secret kubernetes.io/dockerconfigjson 1 1h 刪除secret [[email protected] nginx-harbor]# kubectl delete secret registry-secret secret "registry-secret" deleted 5、在k8s的node節點中使用yaml拉取映象 注意: image不要寫成 http:// 這樣無法拉取映象 下面兩句不寫也可以 imagePullSecrets: - name: registry-secret spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: http-test-con image: 192.168.43.65:5000/library/nginx/latest:latest imagePullPolicy: Always ports: - containerPort: 80 imagePullSecrets: - name: registry-secret 測試: [[email protected] nginx-harbor]# vi http-test.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: http-test-dm2 spec: replicas: 1 template: metadata: labels: name: http-test-dm2 spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: http-test-con image: 192.168.43.65:5000/library/nginx/latest:latest imagePullPolicy: Always ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: http-nginx-ser spec: type: NodePort ports: - port: 80 nodePort: 30000 targetPort: 80 selector: name: http-test-dm2 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: grafana spec: rules: - host: www.nginx2.com http: paths: - path: / backend: serviceName: http-nginx-ser servicePort: 80 [[email protected] nginx-harbor]# kubectl create -f http-test.yaml [[email protected] nginx-harbor]# kubectl get po NAME READY STATUS RESTARTS AGE http-test-dm2-7f9c4fd896-jkkrx 1/1 Running 0 8m