kubernetes/k8s之pod资源管理和k8s-harbor
文章目录
-
- kubernetes/k8s之pod资源管理和k8s-harbor
-
- 一、pod特点
- 二、Pod容器分类
-
- 1:infrastructure container 基础容器
- 2:initcontainers 初始化容器
- 3:container 业务容器
- 三、镜像拉取策略(image PullPolicy)
- 四、部署kubernetes之harbor节点
-
- 【1】创建nginx-pod
- 【2】查看pod信息
- 【3】在node节点上面使用curl查看头部信息
- 【4】部署harbor环境
-
- (1)安装docker
- (2)安装docker-compose
- (3)安装harbor
- (4)在浏览器上面访问192.168.60.70
- 【5】在node节点配置连接私有仓库
- 【6】登录harbor私有仓库
- 【7】下载tomcat镜像进行推送
-
- (1)在浏览器harbor界面创建project目录
- (2)下载tomcat镜像
- (3)修改推送格式
- (4)推送tomcat镜像
- (5)查看是否推送成功
- 【8】查看pods,deploy,svc
- 【9】在之前登录harbor仓库节点的node节点查看登录凭据
- 【10】在master节点上面创建secret资源
- 【11】创建资源从harbor中下载镜像
- 【12】查看私有仓库中的镜像被下载了几次
一、pod特点
最小部署单元
一组容器的集合
一个Pod中的容器共享网络命名空间
Pod是短暂的
二、Pod容器分类
1:infrastructure container 基础容器
//维护整个Pod网络空间
//node节点操作
//查看容器的网络
[root@localhost ~]# cat /opt/kubernetes/cfg/kubelet
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
//每次创建Pod时候就会创建,与Pod对应的,对于用户是透明的
[root@localhost ~]# docker ps
registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 "/pause"
2:initcontainers 初始化容器
//先于业务容器开始执行,原先Pod中容器是并行开启,现在进行了改进
3:container 业务容器
//并行启动
官方网站
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
三、镜像拉取策略(image PullPolicy)
IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
Always:每次创建Pod都会重新拉取一次镜像
Never:Pod永远不会主动拉取这个镜像
https://kubernetes.io/docs/concepts/containers/images
四、部署kubernetes之harbor节点
【1】创建nginx-pod
[root@master ~]# mkdir demo
[root@master ~]# cd demo/
[root@master demo]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:name: mypod
spec:containers:- name: nginximage: nginx:1.14imagePullPolicy: Always
# command: [ "echo", "SUCCESS" ]
[root@master demo]# kubectl create -f pod1.yaml
【2】查看pod信息
[root@master demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 1 124m[root@master demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
mypod 1/1 Running 1 125m 172.17.58.6 192.168.60.60 <none>
【3】在node节点上面使用curl查看头部信息
[root@node1 ~]# curl -I 172.17.58.6
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Tue, 13 Oct 2020 01:18:46 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 29 Sep 2020 14:12:31 GMT
Connection: keep-alive
ETag: "5f7340cf-264"
Accept-Ranges: bytes
【4】部署harbor环境
(1)安装docker
[root@harbor ~]#yum install -y yum-utils device-mapper-persistent-data lvm2
[root@harbor ~]#yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@harbor ~]#yum install docker-ce docker-ce-cli containerd.io
[root@harbor ~]#systemctl start docker
[root@harbor ~]#mkdir -p /etc/docker
[root@harbor ~]#tee /etc/docker/daemon.json <<-'EOF'{"registry-mirrors": ["https://730ykxsw.mirror.aliyuncs.com"]}EOF
[root@harbor ~]#systemctl daemon-reload
[root@harbor ~]#systemctl restart docker
[root@harbor ~]#vim /etc/sysctl.conf
net.ipv4.ip_forward=1
[root@harbor ~]#sysctl -p
(2)安装docker-compose
[root@harbor ~]#cd /usr/local/bin
[root@harbor ~]#ls
docker-compose
[root@harbor ~]#chmod +x docker-compose
(3)安装harbor
[root@harbor ~]#cd /usr/local
[root@harbor local]#tar zxvf harbor-offline-installer-v1.2.2.tgz
[root@harbor local]#vim harbor/harbor.cfg
hostname = 192.168.60.70
[root@harbor local]#sh /usr/local/harbor/install.sh
[root@harbor ~]# netstat -natp | grep 80
tcp6 0 0 :::80 :::* LISTEN 3293/docker-proxy
(4)在浏览器上面访问192.168.60.70
【5】在node节点配置连接私有仓库
[root@node1 ~]# vim /etc/docker/daemon.json
{"registry-mirrors": ["https://730ykxsw.mirror.aliyuncs.com"],"insecure-registries":["192.168.60.70"]
}
【6】登录harbor私有仓库
[root@node1 ~]# docker login 192.168.60.70
username:admin
password:Harbor12345
Login Succeeded
【7】下载tomcat镜像进行推送
(1)在浏览器harbor界面创建project目录
(2)下载tomcat镜像
[root@node1 ~]# docker pull tomcat
(3)修改推送格式
[root@node1 ~]# docker tag tomcat 192.168.60.70/project/tomcat
(4)推送tomcat镜像
[root@node1 ~]# docker push 192.168.60.70/project/tomcat
(5)查看是否推送成功
访问192.168.60.70
【8】查看pods,deploy,svc
[root@master demo]# kubectl get pods,deploy,svc
NAME READY STATUS RESTARTS AGE
pod/my-tomcat-694f75d6-5ws5v 1/1 Running 0 15h
pod/my-tomcat-694f75d6-nrgk2 1/1 Running 0 91m
pod/nginx-dbddb74b8-4tcdf 1/1 Running 0 91m
pod/nginx-dep-dbb4bfd5f-hmq6h 1/1 Running 0 91m
pod/nginx-dep-dbb4bfd5f-mzrvf 1/1 Running 0 91m
pod/nginx-dep-dbb4bfd5f-pjgnj 1/1 Running 0 91mNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deployment.extensions/my-tomcat 2 2 2 2 15h
deployment.extensions/nginx 1 1 1 1 5d20h
deployment.extensions/nginx-dep 3 3 3 3 4d16hNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 13d
service/my-tomcat NodePort 10.0.0.199 <none> 8080:33445/TCP 15h
【9】在之前登录harbor仓库节点的node节点查看登录凭据
[root@node1 ~]# cat .docker/config.json | base64 -w 0
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjYwLjcwIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXItQ2xpZW50LzE5LjAzLjEzIChsaW51eCkiCgl9Cn0=
【10】在master节点上面创建secret资源
[root@master demo]# vim registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:name: registry-pull-secret
data:.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjYwLjcwIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXItQ2xpZW50LzE5LjAzLjEzIChsaW51eCkiCgl9Cn0=
type: kubernetes.io/dockerconfigjson
[root@master demo]# kubectl create -f registry-pull-secret.yaml
[root@master demo]# kubectl get secret
NAME TYPE DATA AGE
default-token-dzblk kubernetes.io/service-account-token 3 13d
registry-pull-secret kubernetes.io/dockerconfigjson 1 15h
【11】创建资源从harbor中下载镜像
[root@master demo]# vim tomcat-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:name: my-tomcat
spec:replicas: 2template:metadata:labels:app: my-tomcatspec:imagePullSecrets:- name: registry-pull-secretcontainers:- name: my-tomcatimage: 192.168.60.70/project/tomcatports:- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:name: my-tomcat
spec:type: NodePortports:- port: 8080targetPort: 8080nodePort: 33445selector:app: my-tomcat
[root@master demo]# kubectl create -f tomcat-deployment.yaml
【12】查看私有仓库中的镜像被下载了几次
访问192.168.60.70