当前位置:首页 > 其他 > 正文内容

K8S 拉取私有库房镜像

邻居的猫1个月前 (12-09)其他748

K8S 拉取私有库房镜像

在运用Kubernetes(k8s)从私有库房拉取镜像时,会呈现无法拉去镜像的状况,私有库房需求认证才干拜访,假如Kubernetes无法经过认证,就会导致拉取失利,这时咱们就需求手动创立私有库房的登录信息。

省流版

# 创立 secret 
# 【harbor-docker】 自定义称号
# 【--namespace】 和运用在同一个命名空间下
# 【--docker-server】 库房的地址
# 【--docker-username】 库房的用户名
# 【--docker-password】 库房的暗码

[root@k8s-master01 ~]# kubectl create secret docker-registry harbor-docker --namespace=default --docker-server=z.oiox.cn:18082 --docker-username=admin --docker-password=123123
secret/harbor-docker created
[root@k8s-master01 ~]# 


# 添加 imagePullSecrets 装备项
----略
    spec:
      containers:
      - image: z.oiox.cn:18082/cby/cby:v1
        imagePullPolicy: IfNotPresent
      imagePullSecrets:
      - name: harbor-docker
----略

完好测验具体的进程

构建私有库房镜像

# 编写 Dockerfile
cat > Dockerfile <<EOF
FROM nginx
RUN echo '这是一个私有库房的镜像' > /usr/share/nginx/html/index.html
EOF

# 构建镜像
docker build -t z.oiox.cn:18082/cby/cby:v1 .

# 登录镜像库房
docker login  z.oiox.cn:18082

# 推送镜像到私有库房
docker push z.oiox.cn:18082/cby/cby:v1

运用docker测验

# 未登录进行拉去镜像
[root@ik-cby ~]# docker pull z.oiox.cn:18082/cby/cby:v1
Error response from daemon: unauthorized: unauthorized to access repository: cby/cby, action: pull: unauthorized to access repository: cby/cby, action: pull
[root@ik-cby ~]# 

# 登录镜像库房
[root@ik-cby ~]# docker login  z.oiox.cn:18082
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores

Login Succeeded
[root@ik-cby ~]# 

# 登录之后进行拉去测验
[root@ik-cby ~]# docker pull z.oiox.cn:18082/cby/cby:v1
v1: Pulling from cby/cby
2d429b9e73a6: Pull complete 
20c8b3871098: Pull complete 
06da587a7970: Pull complete 
f7895e95e2d4: Pull complete 
7b25f3e99685: Pull complete 
dffc1412b7c8: Pull complete 
d550bb6d1800: Pull complete 
dad691375a56: Pull complete 
Digest: sha256:0deca38aaf759b58687737a2aa65840958af31d3ec8b41b68225ac2e91852876
Status: Downloaded newer image for z.oiox.cn:18082/cby/cby:v1
z.oiox.cn:18082/cby/cby:v1
[root@ik-cby ~]# 

# 删去本地镜像
[root@ik-cby ~]# docker rmi z.oiox.cn:18082/cby/cby:v1
Untagged: z.oiox.cn:18082/cby/cby:v1
Untagged: z.oiox.cn:18082/cby/cby@sha256:0deca38aaf759b58687737a2aa65840958af31d3ec8b41b68225ac2e91852876
Deleted: sha256:8a398a3beb2e124c2e101af093691210c346d3d574e00195da5cefcb2ca3822b
Deleted: sha256:bd8801f29c0017595dae888d0bf92d8a9e828ae9a0fe7be8c4f46a383a65b982
Deleted: sha256:05f1422637e6596cdaff4a3ea77eea2d06652e9a36a6e85e4c88f4a6783db6cd
Deleted: sha256:aefc0beb891c07f82a5bec1301e3a1bfe8e08f27118313d167a606c2d768285b
Deleted: sha256:8006a840595ef554203de033c3b0291cfcc5ee9f194e8cc52b659f1b564d8efa
Deleted: sha256:15338037da38cef194cbdc29a4a6257ff2d41bd868891edee66714f828f48bd3
Deleted: sha256:13271298fdeb33a352a69704aa4b798b06501d6dd0e5ad4529075b4edbdb7e8f
Deleted: sha256:20e7b0616008dbafb4b049243f1c514a4df65536b02c19fbbb75a5c9f70784e4
Deleted: sha256:c3548211b8264f8bfa47a6727043a64f1791b82ac965a284a7ea187e971a95e2
[root@ik-cby ~]# 

# 退出镜像库房
[root@ik-cby ~]# docker logout  z.oiox.cn:18082
Removing login credentials for z.oiox.cn:18082
[root@ik-cby ~]# 

# 退出之后进行拉去测验
[root@ik-cby ~]# docker pull z.oiox.cn:18082/cby/cby:v1
Error response from daemon: unauthorized: unauthorized to access repository: cby/cby, action: pull: unauthorized to access repository: cby/cby, action: pull
[root@ik-cby ~]#

运用kubernetes进行拉去私有镜像

# 编写根底的测验样例
cat > cby.yaml <<EOF
apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  type: NodePort
  selector:
    app: nginx
  ports:
  - port: 80
    targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: z.oiox.cn:18082/cby/cby:v1
        ports:
        - containerPort: 80
          name: web
EOF

测验布置

# 履行布置运用
[root@k8s-master01 ~]# kubectl apply -f cby.yaml 
service/nginx created
deployment.apps/web created
[root@k8s-master01 ~]# 

# 检查pod现已报错拉去不到镜像
[root@k8s-master01 ~]# kubectl get pod 
NAME                            READY   STATUS         RESTARTS        AGE
busybox                         1/1     Running        311 (21m ago)   13d
hello-server-588d6f5cd6-24ttg   1/1     Running        3 (9d ago)      63d
hello-server-588d6f5cd6-kxv45   1/1     Running        4 (9d ago)      63d
nginx-demo-cccbdc67f-6nkgd      1/1     Running        3 (9d ago)      63d
nginx-demo-cccbdc67f-h9p8d      1/1     Running        3 (9d ago)      63d
web-0                           1/1     Running        1 (9d ago)      13d
web-1                           1/1     Running        1 (9d ago)      13d
web-586946798b-n6dpg            0/1     ErrImagePull   0               7s
[root@k8s-master01 ~]# 

# 检查svc信息
[root@k8s-master01 ~]# kubectl get svc
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
hello-server   ClusterIP   10.103.104.242   <none>        8000/TCP       63d
kubernetes     ClusterIP   10.96.0.1        <none>        443/TCP        68d
nginx          NodePort    10.111.106.93    <none>        80:30565/TCP   12s
nginx-demo     ClusterIP   10.107.132.57    <none>        8000/TCP       63d
[root@k8s-master01 ~]# 
[root@k8s-master01 ~]#

检查POD的具体信息

[root@k8s-master01 ~]# kubectl describe pod web-586946798b-n6dpg 
Name:             web-586946798b-n6dpg
Namespace:        default
Priority:         0
Service Account:  default
Node:             k8s-node01/192.168.1.34
Start Time:       Sat, 30 Nov 2024 12:26:52 +0800
Labels:           app=nginx
                  pod-template-hash=586946798b
Annotations:      <none>
Status:           Pending
IP:               10.0.3.104
IPs:
  IP:           10.0.3.104
Controlled By:  ReplicaSet/web-586946798b
Containers:
  nginx:
    Container ID:   
    Image:          z.oiox.cn:18082/cby/cby:v1
    Image ID:     
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Waiting
      Reason:       ErrImagePull
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-p7x5k (ro)
Conditions:
  Type                        Status
  PodReadyToStartContainers   True 
  Initialized                 True 
  Ready                       False 
  ContainersReady             False 
  PodScheduled                True 
Volumes:
  kube-api-access-p7x5k:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  51s                default-scheduler  Successfully assigned default/web-586946798b-n6dpg to k8s-node01
  Normal   Pulling    12s (x3 over 50s)  kubelet            Pulling image "z.oiox.cn:18082/cby/cby:v1"
  Warning  Failed     12s (x3 over 50s)  kubelet            Failed to pull image "z.oiox.cn:18082/cby/cby:v1": Error response from daemon: unauthorized: unauthorized to access repository: cby/cby, action: pull: unauthorized to access repository: cby/cby, action: pull
  Warning  Failed     12s (x3 over 50s)  kubelet            Error: ErrImagePull
  Normal   BackOff    1s (x3 over 50s)   kubelet            Back-off pulling image "z.oiox.cn:18082/cby/cby:v1"
  Warning  Failed     1s (x3 over 50s)   kubelet            Error: ImagePullBackOff
[root@k8s-master01 ~]#

给集群装备暗码信息

# 创立 secret 
# 【harbor-docker】 自定义称号
# 【--namespace】 和运用在同一个命名空间下
# 【--docker-server】 库房的地址
# 【--docker-username】 库房的用户名
# 【--docker-password】 库房的暗码

[root@k8s-master01 ~]# kubectl create secret docker-registry harbor-docker --namespace=default --docker-server=z.oiox.cn:18082 --docker-username=admin --docker-password=123123
secret/harbor-docker created
[root@k8s-master01 ~]# 

# 检查 secret 具体信息
[root@k8s-master01 ~]# kubectl get secret
NAME            TYPE                             DATA   AGE
harbor-docker   kubernetes.io/dockerconfigjson   1      7s
[root@k8s-master01 ~]# 

# 运用yaml的格局显现
[root@k8s-master01 ~]# kubectl describe secret harbor-docker 
Name:         harbor-docker
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  kubernetes.io/dockerconfigjson

Data
====
.dockerconfigjson:  102 bytes
[root@k8s-master01 ~]#

[root@k8s-master01 ~]# kubectl get secret harbor-docker -o yaml
apiVersion: v1
data:
  .dockerconfigjson: eyJhdXRocyI6eyJ6Lm9pb3guY246MTgwODIiOnsidXNlcm5hbWUiOiJhZG1pbiIsInBhc3N3b3JkIjoiQ2J5MTIzLi4iLCJhdXRoIjoiWVdSdGFXNDZRMko1TVRJekxpND0ifX19
kind: Secret
metadata:
  creationTimestamp: "2024-11-30T04:33:22Z"
  name: harbor-docker
  namespace: default
  resourceVersion: "5235056"
  uid: 03adf25f-3c1d-4942-bd1f-bb3c24b84608
type: kubernetes.io/dockerconfigjson
[root@k8s-master01 ~]#

更新服务yaml文件,添加引证创立的秘钥

# 检查仍旧未成功拉去镜像
[root@k8s-master01 ~]# kubectl get pod 
NAME                            READY   STATUS             RESTARTS        AGE
busybox                         1/1     Running            311 (32m ago)   13d
hello-server-588d6f5cd6-24ttg   1/1     Running            3 (9d ago)      63d
hello-server-588d6f5cd6-kxv45   1/1     Running            4 (9d ago)      63d
nginx-demo-cccbdc67f-6nkgd      1/1     Running            3 (9d ago)      63d
nginx-demo-cccbdc67f-h9p8d      1/1     Running            3 (9d ago)      63d
web-0                           1/1     Running            1 (9d ago)      13d
web-1                           1/1     Running            1 (9d ago)      13d
web-586946798b-n6dpg            0/1     ImagePullBackOff   0               10m
[root@k8s-master01 ~]# 

# 添加 imagePullSecrets 装备项
----略
    spec:
      containers:
      - image: z.oiox.cn:18082/cby/cby:v1
        imagePullPolicy: IfNotPresent
      imagePullSecrets:
      - name: harbor-docker
----略

# 修正修改 deployments 
[root@k8s-master01 ~]# kubectl edit deployments.apps web 
deployment.apps/web edited
[root@k8s-master01 ~]# 

# 检查完好的装备
[root@k8s-master01 ~]# kubectl get deployments.apps web -o yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "2"
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"web","namespace":"default"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"nginx"}},"template":{"metadata":{"labels":{"app":"nginx"}},"spec":{"containers":[{"image":"z.oiox.cn:18082/cby/cby:v1","name":"nginx","ports":[{"containerPort":80,"name":"web"}]}]}}}}
  creationTimestamp: "2024-11-30T04:26:52Z"
  generation: 2
  name: web
  namespace: default
  resourceVersion: "5236110"
  uid: c6225e80-5526-4dd9-8642-358bf186a79e
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: nginx
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: nginx
    spec:
      containers:
      - image: z.oiox.cn:18082/cby/cby:v1
        imagePullPolicy: IfNotPresent
        name: nginx
        ports:
        - containerPort: 80
          name: web
          protocol: TCP
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      imagePullSecrets:
      - name: harbor-docker
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2024-11-30T04:38:40Z"
    lastUpdateTime: "2024-11-30T04:38:40Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2024-11-30T04:38:36Z"
    lastUpdateTime: "2024-11-30T04:38:40Z"
    message: ReplicaSet "web-5bcf459779" has successfully progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  observedGeneration: 2
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1
[root@k8s-master01 ~]#

检查是否已成功发动容器

[root@k8s-master01 ~]# kubectl get pod 
NAME                            READY   STATUS    RESTARTS        AGE
busybox                         1/1     Running   311 (33m ago)   13d
hello-server-588d6f5cd6-24ttg   1/1     Running   3 (9d ago)      63d
hello-server-588d6f5cd6-kxv45   1/1     Running   4 (9d ago)      63d
nginx-demo-cccbdc67f-6nkgd      1/1     Running   3 (9d ago)      63d
nginx-demo-cccbdc67f-h9p8d      1/1     Running   3 (9d ago)      63d
web-0                           1/1     Running   1 (9d ago)      13d
web-1                           1/1     Running   1 (9d ago)      13d
web-5bcf459779-pdbgm            1/1     Running   0               16s
[root@k8s-master01 ~]#

检查具体信息

[root@k8s-master01 ~]# kubectl describe po web-5bcf459779-pdbgm 
Name:             web-5bcf459779-pdbgm
Namespace:        default
Priority:         0
Service Account:  default
Node:             k8s-node02/192.168.1.35
Start Time:       Sat, 30 Nov 2024 12:38:36 +0800
Labels:           app=nginx
                  pod-template-hash=5bcf459779
Annotations:      <none>
Status:           Running
IP:               10.0.0.14
IPs:
  IP:           10.0.0.14
Controlled By:  ReplicaSet/web-5bcf459779
Containers:
  nginx:
    Container ID:   docker://fc107b489899b85f388db93eb4003e887df0107f13937471364f442fcf8a35d9
    Image:          z.oiox.cn:18082/cby/cby:v1
    Image ID:       docker-pullable://z.oiox.cn:18082/cby/cby@sha256:0deca38aaf759b58687737a2aa65840958af31d3ec8b41b68225ac2e91852876
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Sat, 30 Nov 2024 12:38:39 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-46c5x (ro)
Conditions:
  Type                        Status
  PodReadyToStartContainers   True 
  Initialized                 True 
  Ready                       True 
  ContainersReady             True 
  PodScheduled                True 
Volumes:
  kube-api-access-46c5x:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  33s   default-scheduler  Successfully assigned default/web-5bcf459779-pdbgm to k8s-node02
  Normal  Pulling    32s   kubelet            Pulling image "z.oiox.cn:18082/cby/cby:v1"
  Normal  Pulled     31s   kubelet            Successfully pulled image "z.oiox.cn:18082/cby/cby:v1" in 1.538s (1.538s including waiting). Image size: 191717134 bytes.
  Normal  Created    30s   kubelet            Created container nginx
  Normal  Started    30s   kubelet            Started container nginx
[root@k8s-master01 ~]#

测验拜访

[root@k8s-master01 ~]# kubectl get svc
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
hello-server   ClusterIP   10.103.104.242   <none>        8000/TCP       63d
kubernetes     ClusterIP   10.96.0.1        <none>        443/TCP        68d
nginx          NodePort    10.111.106.93    <none>        80:30565/TCP   17m
nginx-demo     ClusterIP   10.107.132.57    <none>        8000/TCP       63d
[root@k8s-master01 ~]# 

# 看到拜访正常,现已能够拜访方才构建好的镜像
[root@k8s-master01 ~]# curl 10.111.106.93
这是一个私有库房的镜像
[root@k8s-master01 ~]# 
[root@k8s-master01 ~]# 
[root@k8s-master01 ~]# curl 192.168.1.31:30565
这是一个私有库房的镜像
[root@k8s-master01 ~]# 
[root@k8s-master01 ~]#

关于

https://www.oiox.cn/

https://www.oiox.cn/index.php/start-page.html

CSDN、GitHub、51CTO、知乎、开源我国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今天头条、新浪微博、个人博客

全网可搜《小陈运维》

文章首要发布于微信大众号

扫描二维码推送至手机访问。

版权声明:本文由51Blog发布,如需转载请注明出处。

本文链接:https://www.51blog.vip/?id=658

标签: Kubernetes
分享给朋友:

“K8S 拉取私有库房镜像” 的相关文章

开源云桌面,构建灵活、安全的远程办公环境

开源云桌面,构建灵活、安全的远程办公环境

1. PXVDI云桌面: 平台:基于Proxmox VE 特点:支持RDP协议,适合有技术人员的公司使用。提供了详细的安装步骤和配置指南。2. 基于免费HyperV和Windows Admin Center的桌面云: 平台:HyperV Server和Windows Admin C...

啥是区块链,什么是区块链?

区块链是一种分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式。所谓共识机制是区块链系统中实现不同节点之间建立信任、获取权益的数学算法。区块链(Blockchain)是比特币的一个重要概念,它本质上是一个去中心化的数据库,同时作为比特币的底层技术。区块链是一串使用密码学方法相关...

开源数据库,构建未来数据世界的基石

1. MySQL:由甲骨文公司拥有,但仍然是世界上最流行的开源关系型数据库管理系统之一。它被广泛用于Web应用程序和小型到大型企业。2. PostgreSQL:一个功能强大的开源对象关系型数据库系统,具有丰富的数据类型和强大的扩展性。它被许多企业和开发人员用于生产环境。3. MongoDB:一个基于...

区块链什么意思,什么是区块链?

区块链什么意思,什么是区块链?

区块链是一个分布式数据库,它按照时间顺序将数据(区块)以顺序相连的方式组合成的一种链式数据结构, 并以密码学方式保证的不可篡改和不可伪造的分布式账本。简单来说,区块链技术就像一个公共的、透明的账本,每个参与者在账本上记录信息,这些信息一旦被记录,就不能被篡改或删除。这种技术最初是为了支持比特币等加密...

云计算好学吗,云计算好学吗?入门与进阶指南

云计算好学吗,云计算好学吗?入门与进阶指南

云计算是一个涉及广泛技术和概念领域的学科,包括但不限于网络、存储、服务器、软件、安全、自动化和优化等。对于初学者来说,学习云计算可能会觉得有一定的难度,因为它需要理解许多抽象的概念和技术细节。随着实践经验的积累和不断的学习,学习云计算的过程会变得更加容易。1. 基础知识:首先,确保你具备计算机科学的...

大数据与云计算论文,融合与创新的时代浪潮

大数据与云计算论文,融合与创新的时代浪潮

1. 大数据与云计算 豆丁网 这篇文章介绍了大数据的特征、作用以及对大数据分析的方法理论。文章还分析了大数据的两种处理模式、处理流程以及关键技术,并提出了MapReduce与关系数据库融合技术,为未来大数据的工作提供了一个参考。2. 云计算和大数据技术发展现状与趋势 百度学术 本文主...