设为首页收藏本站
开启辅助访问
K8S+harbor镜像拉取实战 您所在的位置:网站首页 私有镜像仓库这么授权用户拉取 K8S+harbor镜像拉取实战

K8S+harbor镜像拉取实战

2024-06-26 06:52| 来源: 网络整理| 查看: 265

一,先部署镜像仓库harbor服务 (1)harbor服务是通过docker-compose安装的 下载:

[root@k8s-node1 bin]# wget "https://github.com/docker/compose/releases/download/v2.3.2/docker-compose-$(uname -s)-$(uname -m)" -O /usr/local/bin/docker-compose --2023-12-11 15:45:55-- https://github.com/docker/compose/releases/download/v2.3.2/docker-compose-Linux-x86_64 Resolving github.com (github.com)... 20.205.243.166 Connecting to github.com (github.com)|20.205.243.166|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/15045751/cf3a8959-5abe-4d83-9f1d-1fd2e770f30b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231211T074556Z&X-Amz-Expires=300&X-Amz-Signature=107dde0364d4a520eb1c94e5523a790a8c50dc41f9eaac6e00d05450b6788b7b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=15045751&response-content-disposition=attachment%3B%20filename%3Ddocker-compose-linux-x86_64&response-content-type=application%2Foctet-stream [following] --2023-12-11 15:45:56-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/15045751/cf3a8959-5abe-4d83-9f1d-1fd2e770f30b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231211%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231211T074556Z&X-Amz-Expires=300&X-Amz-Signature=107dde0364d4a520eb1c94e5523a790a8c50dc41f9eaac6e00d05450b6788b7b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=15045751&response-content-disposition=attachment%3B%20filename%3Ddocker-compose-linux-x86_64&response-content-type=application%2Foctet-stream Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.110.133, ... Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 26001408 (25M) [application/octet-stream] Saving to: ‘/usr/local/bin/docker-compose’ 100%[===============================================================================================================>] 26,001,408 128KB/s in 2m 57s 2023-12-11 15:48:55 (143 KB/s) - ‘/usr/local/bin/docker-compose’ saved [26001408/26001408] [root@k8s-node1 bin]# chmod +x /usr/local/bin/docker-compose 赋权: ```bash [root@k8s-node1 ~]# chmod +x /usr/local/bin/docker-compose

验证:

[root@k8s-node1 bin]# docker-compose --version Docker Compose version v2.3.2

安装harbor镜像服务

配置harbor.yml的配置文件 hostname: 192.168.21.121 #配置成本机IP http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 5000 #服务访问的端口 harbor_admin_password: admin #配置登录harbor服务的admin用户的密码 data_volume: /data/software/harbor/data #配置数据的存放目录 #执行安装脚本 [root@k8s-master2 harbor]# ./install.sh

登录验证 在这里插入图片描述 harbor镜像上传和下载

镜像上传:docker tag SOURCE_IMAGE[:TAG] 192.168.21.121:5000/app/REPOSITORY[:TAG] [root@k8s-master3 ~]# docker tag busybox:latest 192.168.21.121:5000/app/busybox:latest [root@k8s-master3 ~]# docker push 192.168.21.121:5000/app/busybox:latest The push refers to repository [192.168.21.121:5000/app/busybox] Get "https://192.168.21.121:5000/v2/": http: server gave HTTP response to HTTPS client 镜像上传报http: server gave HTTP response to HTTPS client需要配置一下docker服务,在/etc/docker/daemon.json服务配上"insecure-registries": ["192.168.21.121:5000"] 参数配置完重启docker [root@k8s-master3 ~]# systemctl daemon-reload [root@k8s-master3 ~]# systemctl restart docker [root@k8s-master3 ~]# docker push 192.168.21.121:5000/app/busybox:latest The push refers to repository [192.168.21.121:5000/app/busybox] 01fd6df81c8e: Preparing unauthorized: unauthorized to access repository: app/busybox, action: push: unauthorized to access repository: app/busybox, action: push 这个报错是咱们配置的私有仓库,在上传镜像时需要先登录 [root@k8s-master3 ~]# docker login 192.168.21.121:5000 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@k8s-master3 ~]# docker push 192.168.21.121:5000/app/busybox:latest The push refers to repository [192.168.21.121:5000/app/busybox] 01fd6df81c8e: Pushed latest: digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee size: 527 [root@k8s-master3 ~]#

在这里插入图片描述 镜像下载

[root@k8s-master3 ~]# docker pull 192.168.21.121:5000/app/busybox:latest latest: Pulling from app/busybox Digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee Status: Image is up to date for 192.168.21.121:5000/app/busybox:latest 192.168.21.121:5000/app/busybox:latest

咱们在通过K8S部署的pod在harbor镜像仓库下载镜像时,要提前配置好登录的用户验证:

陆到harbor,有一个属于自己的认证秘钥,在家目录下的.docker/config.json里面

[root@k8s-master3 ~]# cat .docker/config.json { "auths": { "192.168.21.121:5000": { "auth": "YWRtaW46YWRtaW4=" } }

因为我们要在k8s集群的master上面新建由私库拉取下来的镜像生成的pod,而登陆私库需要认证,所以需要获得秘钥认证才可以,这时可以直接用2个节点的秘钥,并生成可用的二进制秘钥,-w 0 表示生成秘钥不转行,默认转行不是正确的格式会出错

[root@k8s-master3 ~]# cat .docker/config.json |base64 -w 0 ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIxLjEyMTo1MDAwIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NllXUnRhVzQ9IgoJCX0KCX0KfQ==

创建secret文件,制作secret资源的yaml

[root@k8s-master1 yaml]# cat registry-pull-secret.yaml apiVersion: v1 kind: Secret metadata: name: registry-pull-secret namespace: app data: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIxLjEyMTo1MDAwIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NllXUnRhVzQ9IgoJCX0KCX0KfQ== type: kubernetes.io/dockerconfigjson #创建secret [root@k8s-master1 yaml]# kubectl apply -f registry-pull-secret.yaml 查看创建的secret [root@k8s-master1 ~]# kubectl get Secret -n app NAME TYPE DATA AGE default-token-w6q98 kubernetes.io/service-account-token 3 11d registry-pull-secret kubernetes.io/dockerconfigjson 1 80m

通过私有仓库下的镜像创建一个pod验证一下

[root@k8s-master1 yaml]# kubectl create deployment busybox --image=192.168.21.121:5000/app/busybox@sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee -n app deployment.apps/busybox created #容器拉取镜像失败,失败原因是未授权访问 [root@k8s-master1 yaml]# kubectl get pods -n app NAME READY STATUS RESTARTS AGE busybox-7c897889b-c2qkz 0/1 ImagePullBackOff 0 5s 在pod的deployment中进行配置 imagePullSecrets: - name: registry-pull-secret #这个是你创建的Secret 的名字

没成功下载一次,下载数累加1 在这里插入图片描述



【本文地址】

公司简介

联系我们

今日新闻

    推荐新闻

    专题文章
      CopyRight 2018-2019 实验室设备网 版权所有