当前位置: 代码迷 >> 综合 >> kubernetes/k8s之pod资源管理和k8s-harbor
  详细解决方案

kubernetes/k8s之pod资源管理和k8s-harbor

热度:21   发布时间:2024-02-27 21:42:29.0

kubernetes/k8s之pod资源管理和k8s-harbor

文章目录

    • kubernetes/k8s之pod资源管理和k8s-harbor
      • 一、pod特点
      • 二、Pod容器分类
        • 1:infrastructure container 基础容器
        • 2:initcontainers 初始化容器
        • 3:container 业务容器
      • 三、镜像拉取策略(image PullPolicy)
      • 四、部署kubernetes之harbor节点
        • 【1】创建nginx-pod
        • 【2】查看pod信息
        • 【3】在node节点上面使用curl查看头部信息
        • 【4】部署harbor环境
          • (1)安装docker
          • (2)安装docker-compose
          • (3)安装harbor
          • (4)在浏览器上面访问192.168.60.70
        • 【5】在node节点配置连接私有仓库
        • 【6】登录harbor私有仓库
        • 【7】下载tomcat镜像进行推送
          • (1)在浏览器harbor界面创建project目录
          • (2)下载tomcat镜像
          • (3)修改推送格式
          • (4)推送tomcat镜像
          • (5)查看是否推送成功
        • 【8】查看pods,deploy,svc
        • 【9】在之前登录harbor仓库节点的node节点查看登录凭据
        • 【10】在master节点上面创建secret资源
        • 【11】创建资源从harbor中下载镜像
        • 【12】查看私有仓库中的镜像被下载了几次

一、pod特点

最小部署单元
一组容器的集合
一个Pod中的容器共享网络命名空间
Pod是短暂的

二、Pod容器分类

1:infrastructure container 基础容器

//维护整个Pod网络空间
//node节点操作
//查看容器的网络

[root@localhost ~]# cat /opt/kubernetes/cfg/kubelet
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
//每次创建Pod时候就会创建,与Pod对应的,对于用户是透明的
[root@localhost ~]# docker ps
registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0   "/pause"

2:initcontainers 初始化容器

//先于业务容器开始执行,原先Pod中容器是并行开启,现在进行了改进

3:container 业务容器

//并行启动
官方网站
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

三、镜像拉取策略(image PullPolicy)

IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
Always:每次创建Pod都会重新拉取一次镜像
Never:Pod永远不会主动拉取这个镜像
https://kubernetes.io/docs/concepts/containers/images

四、部署kubernetes之harbor节点

【1】创建nginx-pod

[root@master ~]# mkdir demo
[root@master ~]# cd demo/
[root@master demo]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:name: mypod
spec:containers:- name: nginximage: nginx:1.14imagePullPolicy: Always
#    command: [ "echo", "SUCCESS" ]
[root@master demo]# kubectl create -f pod1.yaml

【2】查看pod信息

[root@master demo]# kubectl get pods
NAME                        READY   STATUS    RESTARTS   AGE
mypod                       1/1     Running   1          124m[root@master demo]# kubectl get pods -o wide
NAME                        READY   STATUS    RESTARTS   AGE    IP            NODE             NOMINATED NODE
mypod                       1/1     Running   1          125m   172.17.58.6   192.168.60.60    <none>

【3】在node节点上面使用curl查看头部信息

[root@node1 ~]# curl -I 172.17.58.6
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Tue, 13 Oct 2020 01:18:46 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 29 Sep 2020 14:12:31 GMT
Connection: keep-alive
ETag: "5f7340cf-264"
Accept-Ranges: bytes

【4】部署harbor环境

(1)安装docker
[root@harbor ~]#yum install -y yum-utils device-mapper-persistent-data lvm2 
[root@harbor ~]#yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@harbor ~]#yum install docker-ce docker-ce-cli containerd.io
[root@harbor ~]#systemctl start docker
[root@harbor ~]#mkdir -p /etc/docker
[root@harbor ~]#tee /etc/docker/daemon.json <<-'EOF'{"registry-mirrors": ["https://730ykxsw.mirror.aliyuncs.com"]}EOF
[root@harbor ~]#systemctl daemon-reload
[root@harbor ~]#systemctl restart docker
[root@harbor ~]#vim /etc/sysctl.conf
net.ipv4.ip_forward=1 
[root@harbor ~]#sysctl -p
(2)安装docker-compose
[root@harbor ~]#cd /usr/local/bin
[root@harbor ~]#ls
docker-compose
[root@harbor ~]#chmod +x docker-compose
(3)安装harbor
[root@harbor ~]#cd /usr/local
[root@harbor local]#tar zxvf harbor-offline-installer-v1.2.2.tgz
[root@harbor local]#vim harbor/harbor.cfg
hostname = 192.168.60.70
[root@harbor local]#sh /usr/local/harbor/install.sh
[root@harbor ~]# netstat -natp | grep 80
tcp6       0      0 :::80                   :::*                    LISTEN      3293/docker-proxy 
(4)在浏览器上面访问192.168.60.70

在这里插入图片描述

【5】在node节点配置连接私有仓库

[root@node1 ~]# vim /etc/docker/daemon.json
{"registry-mirrors": ["https://730ykxsw.mirror.aliyuncs.com"],"insecure-registries":["192.168.60.70"]
}

【6】登录harbor私有仓库

[root@node1 ~]# docker login 192.168.60.70
username:admin
password:Harbor12345
Login Succeeded

【7】下载tomcat镜像进行推送

(1)在浏览器harbor界面创建project目录

在这里插入图片描述

(2)下载tomcat镜像
[root@node1 ~]# docker pull tomcat
(3)修改推送格式
[root@node1 ~]# docker tag tomcat 192.168.60.70/project/tomcat
(4)推送tomcat镜像
[root@node1 ~]# docker push 192.168.60.70/project/tomcat
(5)查看是否推送成功

访问192.168.60.70
在这里插入图片描述

【8】查看pods,deploy,svc

[root@master demo]# kubectl get pods,deploy,svc 
NAME                            READY   STATUS    RESTARTS   AGE
pod/my-tomcat-694f75d6-5ws5v    1/1     Running   0          15h
pod/my-tomcat-694f75d6-nrgk2    1/1     Running   0          91m
pod/nginx-dbddb74b8-4tcdf       1/1     Running   0          91m
pod/nginx-dep-dbb4bfd5f-hmq6h   1/1     Running   0          91m
pod/nginx-dep-dbb4bfd5f-mzrvf   1/1     Running   0          91m
pod/nginx-dep-dbb4bfd5f-pjgnj   1/1     Running   0          91mNAME                              DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deployment.extensions/my-tomcat   2         2         2            2           15h
deployment.extensions/nginx       1         1         1            1           5d20h
deployment.extensions/nginx-dep   3         3         3            3           4d16hNAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)          AGE
service/kubernetes   ClusterIP   10.0.0.1     <none>        443/TCP          13d
service/my-tomcat    NodePort    10.0.0.199   <none>        8080:33445/TCP   15h

【9】在之前登录harbor仓库节点的node节点查看登录凭据

[root@node1 ~]# cat .docker/config.json | base64 -w 0
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjYwLjcwIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXItQ2xpZW50LzE5LjAzLjEzIChsaW51eCkiCgl9Cn0=

【10】在master节点上面创建secret资源

[root@master demo]# vim registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:name: registry-pull-secret
data:.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjYwLjcwIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXItQ2xpZW50LzE5LjAzLjEzIChsaW51eCkiCgl9Cn0=
type: kubernetes.io/dockerconfigjson
[root@master demo]# kubectl create -f registry-pull-secret.yaml
[root@master demo]# kubectl get secret
NAME                   TYPE                                  DATA   AGE
default-token-dzblk    kubernetes.io/service-account-token   3      13d
registry-pull-secret   kubernetes.io/dockerconfigjson        1      15h

【11】创建资源从harbor中下载镜像

[root@master demo]# vim tomcat-deployment.yaml 
apiVersion: extensions/v1beta1
kind: Deployment
metadata:name: my-tomcat
spec:replicas: 2template:metadata:labels:app: my-tomcatspec:imagePullSecrets:- name: registry-pull-secretcontainers:- name: my-tomcatimage: 192.168.60.70/project/tomcatports:- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:name: my-tomcat
spec:type: NodePortports:- port: 8080targetPort: 8080nodePort: 33445selector:app: my-tomcat
[root@master demo]# kubectl create -f tomcat-deployment.yaml

【12】查看私有仓库中的镜像被下载了几次

访问192.168.60.70
在这里插入图片描述

  相关解决方案