文章目录
-
- HARBOR新版本安装
- 提交测试镜像
-
- 配置docker信任(使用http时)
- 创建镜像
- k8s使用私人仓库镜像发布服务
- K8S中Service的type类型
HARBOR新版本安装
https://segmentfault.com/a/1190000022812745
tar -xvf harbor-offline-installer-v2.5.0.tgz cd harbor cp harbor.yml.tmpl harbor.yml #修改配置信息,这里不使用https vim harbor.yml: hostname: 172.16.12.200 #如果要用https在这里直接使用添加证书IP http: port: 80 #curl测试用 #https: # port: 443 #自动监控443端口,不通过Nginx # certificate: /opt/certs/client.pem # private_key: /opt/certs/client-key.pem database: password: root123 #默认 harbor_admin_password: Harbor12345 #默认 log: location: /data/harbor/logs data_volume: /data/harbor/ # ./prepare ./install.sh http://172.16.12.默认用户名和密码如下: user:admin password:Harbor12345
新建project名称为demo 一般工作环境project分为dev,test,prod,uat镜像用于隔离各种环境
提交测试镜像
配置docker信任(使用http时)
如果采用http需要修改登录docker配置,k8s所有节点的docke都需要配置,否则不能拉镜像
vim /etc/docker/daemon.json {
"registry-mirrors": ["https://ehbu9xsm.mirror.aliyuncs.com"], "insecure-registries":["172.16.12.200"] } systemctl daemon-reload systemctl restart docker 创建镜像
springboot-demo项目的Dockerfile.yaml
FROM openjdk:8-jdk-alpine MAINTAINER bamoo ADD springboot-demo.jar springboot-demo.jar RUN echo "Asia/Shanghai" >/etc/timezone RUN sh -c 'touch /springboot-demo.jar' ENV JAVA_OPTS="" CMD exec java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar /springboot-demo.jar EXPOSE 8000 构建镜像
docker build . -t springboot-demo:v1 -f Dockerfile ## 可在操作镜像容器docer环境测试下,这一步非必要可以跳过 docker run -d -p 8000:8000 --name demo-test springboot-demo:v1 curl localhost:8000 修改镜像tag前
docker images REPOSITORY TAG IMAGE ID CREATED SIZE springboot-demo v1 3ed4b8bc215f 26 minutes ago 140MB 修改镜像tag:镜像名应该加上域名(这是ip)/project名称/镜像名称:版本号
docker tag springboot-demo:v1 172.16.12.200/demo/springboot-demo:v1 #修改镜像tag后 docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.16.12.200/demo/springboot-demo v1 3ed4b8bc215f 28 minutes ago 140MB
发布镜像到harbor仓库中
docker push 172.16.12.200/demo/springboot-demo:v1
The push refers to repository [172.16.12.200/demo/springboot-demo]
bee8556929fc: Pushed
83d6eb80e314: Pushed
1ad5d9220ec2: Pushed
32229f31d413: Pushed
ceaf9e1ebef5: Pushed
9b9b7f3d56a0: Pushed
f1b5933fe4b5: Pushed
v1: digest: sha256:567b056ce9d54521c50ff888adcabaa8180ce50ccad01c5db0214bfa5ecbb30f size: 1786
如果不使用默认项目名library,则需要使用admin用户提前登录Harbor的Web界面,手动创建新项目后再进行Push操作 给镜像打上相应的标签, 注意标签格式: ip/{project-name}/{image-name}[:tag] 项目library只有admin有写的权限 docker tag centos:latest 192.168.1.130/library/centos:1.0
将本地镜像Push到Harbor docker push 192.168.1.130/library/centos:1.0
Docker搭建私有仓库管理系统Harbor https://blog.51cto.com/wutengfei/2480749 https://blog.csdn.net/m0_37063785/article/details/101303898
dockerfile样版
FROM java:8u211
ENV JAVA_OPTS "\ -Xmx4096m \ -XX:MetaspaceSize=256m \ -XX:MaxMetaspaceSize=256m"
ENV JAVA_HOME /usr/local/java
ENV PATH ${
PATH}:${JAVA_HOME}/bin
COPY target/myweb.jar myweb.jar
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
RUN echo 'Asia/Shanghai' >/etc/timezone
EXPOSE 8080
CMD java ${JAVA_OPTS} -jar myweb.jar
k8s使用私有仓库镜像发布服务
参考https://blog.csdn.net/wangsofa/article/details/108114593
1.要有自己的私有仓库 2.要有账号密码 登录Harbor
docker login -u admin -p Harbor12345 192.168.81.84
3.查看登录的秘钥数据: 登录成功后会在当前用户下生成 .docker/config.json 文件
cat ~/.docker/config.json
4.再对上面的 config.json 进行base64加密
cat ~/.docker/config.json |base64 -w 0
5.在K8S中创建 secret.yaml 文件:
apiVersion: v1
kind: Secret
metadata:
name: login
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxNzIuMTYuMTIuMjAwIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXItQ2xpZW50LzE4LjA2LjMtY2UgKGxpbnV4KSIKCX0KfQ==
6.创建secret对象
kubectl create -f harbo-secret.yaml
7.springboot-demo的k8s服务配置信息,这里拉取私有镜像需要密码,因此需要配置imagePullSecrets这里选择第5步创建的sercet名称为login的密码
apiVersion: v1
kind: Service
metadata:
name: springboot-demo
namespace: dev
spec:
#clusterIP: 10.109.179.231 #固定svc的内网ip,不配置则随机每次创建都不同IP
ports:
- port: 8000
protocol: TCP
targetPort: 8000
selector:
run: springboot-demo
#type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: springboot-demo
namespace: dev
spec:
replicas: 2
selector:
matchLabels:
run: springboot-demo
template:
metadata:
labels:
run: springboot-demo
spec:
containers:
- image: 172.16.12.200/demo/springboot-demo:v1.1
name: springboot-demo
ports:
- containerPort: 8000
protocol: TCP
imagePullSecrets:
- name: login
8.执行创建服务
kubectl create -f springboot-demo-k8s.yaml
K8S中Service的type类型
上面创建的Service的type类型为ClusterIP,这个ip地址只用集群内部可访问
kubectl get svc -n dev
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
springboot-demo ClusterIP 10.1.13.185 <none> 8000/TCP 10d
curl http://10.1.13.185:8000
如果需要创建外部也可以访问的Service,需要修改type为NodePort
kubectl get svc -n dev
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
springboot-demo NodePort 10.1.13.185 <none> 8000:32502/TCP 10d
curl http://k8s-master:8000
但是我们在正式服务中基本使用type为ClusterIP,因为所有的服务都禁止直接外网访问的,只有通过专有域名服务器才能访问内部服务