轉 docker建立私有倉庫和k8s中使用私有鏡像

時間 2019-11-13

原文原文鏈接

docker私有倉庫創建

環境說明
咱們選取192.168.5.2作私有倉庫地址
yum install docker -y
1.啓動docker倉庫端口服務

docker run -d -p 5000:5000 --privileged=true -v /data/history:/data/registry registry

[root@Control docker_dw_images]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest c9bd19d022f6 6 weeks ago 33.27 MB

2.查看docker倉庫端口服務

# curl -XGET http://192.168.5.2:5000/v2/_catalog
# curl -XGET http://192.168.5.2:5000/v2/image_name/tags/list

3.將本身的鏡像加到docker倉庫
1.1本身作基礎鏡像並加載到docker中
cd centos6-image && tar -c .|docker import - centos6-base

1.2 建立一個帶ssh的基礎鏡像
mkdir centos6-ssh
cd centos6-ssh
vim Dockerfile
輸入
FROM centos6-base
MAINTAINER wuqichao <wuqichao@playcrab.com>
RUN ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh
EXPOSE 22
RUN echo 'root:xxx.com.cn' | chpasswd
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
CMD /usr/sbin/sshd -D
保存退出
運行以下指令
docker build -t centos6-ssh .
不報錯的話，就完成本地鏡像
1.3 測試啓動ssh的基礎鏡像
docker run -d -p 127.0.0.1:33333:22 centos6-ssh
1.4 登陸ssh的基礎鏡像實例
ssh root@127.0.0.1 -p 33333

2.加載到本身的私有倉庫
###docker pull docker.io/nginx
若是是本地創建docker不用執行上面的
docker tag centos6-ssh 192.168.5.2:5000/centos6-ssh
docker push 192.168.5.2:5000/centos6-ssh

3.檢查是否成功
[root@Control k8s]# curl -XGET http://192.168.5.2:5000/v2/_catalog
{"repositories":["centos6-ssh"]}
k8s中使用docker私有倉庫
環境設置
1.1.設置服務端
[root@Control k8s_master]# cat /etc/sysconfig/docker|grep 192.168.5.2
OPTIONS='--insecure-registry 192.168.5.2:5000 --log-driver=journald'
ADD_REGISTRY='--add-registry 192.168.5.2:5000'
1.2.設置置客戶端
[root@Control k8s_node]# cat /etc/sysconfig/docker|grep 192.168.5.2
OPTIONS='--insecure-registry 192.168.5.2:5000 --log-driver=journald'
ADD_REGISTRY='--add-registry 192.168.5.2:5000'
1.3.去掉權限驗證
在/etc/kubernetes/apiserver中
去除 KUBE_ADMISSION_CONTROL中的 SecurityContextDeny,ServiceAccount，
並重啓kube-apiserver.service服務
#systemctl restart kube-apiserver.service
1.4.加上DNS服務否則後報錯（若是沒有則不加入）
KUBELET_ARGS="--cluster-dns=192.168.5.2 --cluster-domain=playcrab-inc.com"
配置YAML
2.0 經常使用指令
啓動指令
kubectl create -f centos6-ssh/centos6-ssh.yaml

刪除指令
kubectl delete -f centos6-ssh/centos6-ssh.yaml

查看指令
kubectl get pods

查看細節指令
kubectl describe pod centos6-ssh

2.1啓動最簡單的pod
2.1.1 yaml配置
[root@Control k8s_yaml]# cat centos6-ssh/centos6-ssh.yaml
apiVersion: v1
kind: Pod
metadata:
name: centos6-ssh
spec:
containers:
- name: centos6-ssh
image: centos6-ssh
2.1.2 查看指令
[root@Control k8s_yaml]# kubectl get pods
NAME READY STATUS RESTARTS AGE
centos6-ssh-mucsv 1/1 Running 0 0m

2.1.3 查看細節指令
kubectl describe pod centos6-ssh

[root@Control k8s_yaml]# kubectl describe pod centos6-ssh
Name: centos6-ssh
Namespace: default
Node: 192.168.5.3/192.168.5.3
Start Time: Wed, 30 Nov 2016 13:44:51 -0500
Labels: <none>
Status: Running
IP: 10.1.75.2
Controllers: <none>
Containers:
centos6-ssh:
Container ID: docker://7046491f05e3d549c198009f056b4e3e0508ad179712772bb296d0d08cc6ae29
Image: centos6-ssh
Image ID: docker://sha256:6525d364d418ae8dc854e6839dfaa653f2b6cd39c696a2f146bb918e69c20060
Port:
QoS Tier:
cpu: BestEffort
memory: BestEffort
State: Running
Started: Wed, 30 Nov 2016 13:44:52 -0500
Ready: True
Restart Count: 0
Environment Variables:
Conditions:
Type Status
Ready True
No volumes.
No events.

能夠確認docker的實例跑在192.168.5.3這個NODE節點，分配到的集羣內網IP爲10.1.75.2
咱們如今若是須要登陸10.1.75.2要到192.168.5.3這個服務，ssh root@10.1.75.2,才能夠登陸
2.2啓動多份的pod
2.2.1 yaml配置
咱們定義了一個centos6-ssh pod複製器，複製份數爲2，使用centos6-ssh鏡像。

[root@Control k8s_yaml]# cat test/centos6-ssh-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: centos6-ssh
spec:
replicas: 2
selector:
name: centos6-ssh
template:
metadata:
labels:
name: centos6-ssh
spec:
containers:
- name: centos6-ssh
image: centos6-ssh
ports:
- containerPort: 22

2.2.2 查看指令
[root@Control k8s_yaml]# kubectl get pods
NAME READY STATUS RESTARTS AGE
centos6-ssh-mucsv 1/1 Running 0 0m
centos6-ssh-yoghv 1/1 Running 0 0m
2.2.3 查看細節指令
[root@Control k8s_yaml]# kubectl describe pod centos6-ssh
Name: centos6-ssh-mucsv
Namespace: default
Node: 192.168.5.3/192.168.5.3
Start Time: Thu, 01 Dec 2016 11:04:24 -0500
Labels: name=centos6-ssh
Status: Running
IP: 10.1.75.2
Controllers: ReplicationController/centos6-ssh
Containers:
centos6-ssh:
Container ID: docker://ba9327de6f067b46ce348f409e9efa2b44a9064c4f1ea508cf7d92ff9c450541
Image: centos6-ssh
Image ID: docker://sha256:6525d364d418ae8dc854e6839dfaa653f2b6cd39c696a2f146bb918e69c20060
Port: 22/TCP
QoS Tier:
memory: BestEffort
cpu: BestEffort
State: Running
Started: Thu, 01 Dec 2016 11:04:25 -0500
Ready: True
Restart Count: 0
Environment Variables:
Conditions:
Type Status
Ready True
No volumes.
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
5h 5h 2 {kubelet 192.168.5.3} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
5h 5h 1 {kubelet 192.168.5.3} spec.containers{centos6-ssh} Normal Pulling pulling image "centos6-ssh"
5h 5h 1 {kubelet 192.168.5.3} spec.containers{centos6-ssh} Normal Pulled Successfully pulled image "centos6-ssh"
5h 5h 1 {kubelet 192.168.5.3} spec.containers{centos6-ssh} Normal Created Created container with docker id ba9327de6f06
5h 5h 1 {kubelet 192.168.5.3} spec.containers{centos6-ssh} Normal Started Started container with docker id ba9327de6f06
3m 3m 1 {default-scheduler } Normal Scheduled Successfully assigned centos6-ssh-mucsv to 192.168.5.3

Name: centos6-ssh-yoghv
Namespace: default
Node: 192.168.5.4/192.168.5.4
Start Time: Thu, 01 Dec 2016 11:04:37 -0500
Labels: name=centos6-ssh
Status: Running
IP: 10.1.68.2
Controllers: ReplicationController/centos6-ssh
Containers:
centos6-ssh:
Container ID: docker://221e4335774a8347a74fa7341f947954e3fb0eccff5fce7be427b532a4f5d31f
Image: centos6-ssh
Image ID: docker://sha256:6525d364d418ae8dc854e6839dfaa653f2b6cd39c696a2f146bb918e69c20060
Port: 22/TCP
QoS Tier:
cpu: BestEffort
memory: BestEffort
State: Running
Started: Thu, 01 Dec 2016 11:04:38 -0500
Ready: True
Restart Count: 0
Environment Variables:
Conditions:
Type Status
Ready False
No volumes.
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
5h 5h 2 {kubelet 192.168.5.4} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
5h 5h 1 {kubelet 192.168.5.4} spec.containers{centos6-ssh} Normal Pulling pulling image "centos6-ssh"
5h 5h 1 {kubelet 192.168.5.4} spec.containers{centos6-ssh} Normal Pulled Successfully pulled image "centos6-ssh"
5h 5h 1 {kubelet 192.168.5.4} spec.containers{centos6-ssh} Normal Created Created container with docker id 221e4335774a
5h 5h 1 {kubelet 192.168.5.4} spec.containers{centos6-ssh} Normal Started Started container with docker id 221e4335774a
3m 3m 1 {default-scheduler } Normal Scheduled Successfully assigned centos6-ssh-yoghv to 192.168.5.4

能夠確認啓動了兩個實例
10.1.75.2實例在192.168.5.3上
10.1.68.2實例在192.168.5.4上
若是須要SSH鏈接上去操做仍是須要登到各自的物理機上去纔可操做
2.3啓動內網可訪問的services
2.3.1 yaml配置
[root@Control k8s_yaml]# cat test/centos6-ssh-clusterip.yaml
apiVersion: v1
kind: Service
metadata:
name: centos6-ssh-clusterip
spec:
ports:
- port: 2222
targetPort: 22
protocol: TCP
selector:
name: centos6-ssh

selector中的name必須和rc或者pod保持一致
2.3.2 查看
[root@Control k8s_yaml]# kubectl get service
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
centos6-ssh-clusterip 10.254.155.14 <none> 2222/TCP 3s
kubernetes 10.254.0.1 <none> 443/TCP 1d
[root@Control k8s_yaml]# kubectl describe service centos6-ssh-clusterip
Name: centos6-ssh-clusterip
Namespace: default
Labels: <none>
Selector: name=centos6-ssh
Type: ClusterIP
IP: 10.254.155.14
Port: <unset> 2222/TCP
Endpoints: 10.1.68.2:22,10.1.75.2:22
Session Affinity: None
No events.

上面能夠確認centos6-ssh-clusterip已經啓動，分配到的IP爲10.254.155.14，開啓2222端口
代理Endpoints: 10.1.68.2:22,10.1.75.2:22
2.3.3 登陸測試
[root@Resources-s1 ~]# telnet 10.254.155.14 2222
Trying 10.254.155.14...
Connected to 10.254.155.14.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
^Cxx
Connection closed by foreign host.
QA:
1.解決https問題
[root@Control k8s]# docker push 192.168.5.2:5000/centos6-ssh
The push refers to a repository [192.168.5.2:5000/centos6-ssh]
unable to ping registry endpoint https://192.168.5.2:5000/v0/
v2 ping attempt failed with error: Get https://192.168.5.2:5000/v2/: http: server gave HTTP response to HTTPS client
v1 ping attempt failed with error: Get https://192.168.5.2:5000/v1/_ping: http: server gave HTTP response to HTTPS client
要解決這個問題要在服務端和客戶端改配置

服務端：
[root@Control k8s]# cat /etc/sysconfig/docker|grep 192.168.5.2
OPTIONS='--insecure-registry 192.168.5.2:5000 --log-driver=journald'
ADD_REGISTRY='--add-registry 192.168.5.2:5000'

客戶端：
[root@Control k8s]# cat /etc/sysconfig/docker|grep 192.168.5.2
OPTIONS='--insecure-registry 192.168.5.2:5000 --log-driver=journald'
ADD_REGISTRY='--add-registry 192.168.5.2:5000'
2.解決建立成功可是kubectl get pods 沒有的問題
Error from server: error when creating "nginx.yaml": Pod "nginx" is forbidden: no API token found for service account default/default, retry after the token is automatically created and added to the service account
要解決這個問題以下：

建立pod:
# kubectl create -f nginx.yaml
此時有以下報錯：

Error from server: error when creating "nginx.yaml": Pod "nginx" is forbidden: no API token found for service account default/default, retry after the token is automatically created and added to the service account
解決辦法是編輯/etc/kubernetes/apiserver 去除 KUBE_ADMISSION_CONTROL中的SecurityContextDeny,ServiceAccount，並重啓kube-apiserver.service服務：

#vim /etc/kubernetes/apiserver
KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"

#systemctl restart kube-apiserver.service
以後從新建立pod:

# kubectl create -f nginx.yaml
pods/nginx

playcrab.com.cn
3. ClusterDNS 出問題，pod不成功
kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.

這樣解決
KUBELET_ARGS="--cluster-dns=192.168.5.2 --cluster-domain=playcrab-inc.com"

參考連接
k8s相關：
http://www.cnblogs.com/openxxs/p/5072865.html
http://www.dockone.io/article/578
http://www.dockone.io/article/1616
http://webpaas.com/index.php/archives/111/
https://mos.meituan.com/library/37/how-to-setup-k8s-cluster-on-CentOS7/
https://www.caicloud.io/article_detail/573d85d2824168110000001d
http://kubernetes.io/docs/user-guide/quick-start/ http://blog.csdn.net/qq1010885678/article/details/49405435 http://www.cnblogs.com/CraryPrimitiveMan/p/4657835.html http://www.tuicool.com/articles/y26nyar https://segmentfault.com/q/1010000006127473 http://www.cnblogs.com/stonehat/p/5148455.html http://valleylord.github.io/post/201603-kubernetes-roll/ kubernetes入門之kube-proxy實現原理 http://www.cnblogs.com/xuxinkun/p/5799986.html http://blog.coocla.org/kubernetes-storage-volumes-rbd-docker.html http://www.fangyunlin.com/?p=54 docker相關： http://dockone.io/article/783 http://dockone.io/article/372 http://dockone.io/article/259 http://blog.liuts.com/post/242/ http://www.infoq.com/cn/articles/docker-network-and-pipework-open-source-explanation-practice http://note.youdao.com/share/?id=8387b9e886c84f413a97d678c3d01869&type=note#/ http://www.pangxie.space/docker/157 http://www.pangxie.space/docker/176 http://dockone.io/article/1264 docker打鏡像 http://my.oschina.net/feedao/blog http://www.opstool.com/article/315 https://amao12580.github.io/post/2016/04/Nginx-with-docker-part-one/ 刪除docker私有倉庫裏的鏡像 https://www.v2ex.com/t/266876 微服務化相關： http://www.infoq.com/cn/articles/micro-service-architecture-evolution-of-daocloud http://www.infoq.com/cn/articles/enterprise-core-systems-transformation-practice http://dockone.io/article/394 http://www.infoq.com/cn/articles/the-back-end-business-systems-service-transformation http://www.infoq.com/cn/articles/ultimate-discussion-of-micro-service-architecture http://martinfowler.com/articles/microservices.html kube-ui: http://blog.csdn.net/zczzsq/article/details/50787810 交換機： http://blog.csdn.net/wylfengyujiancheng/article/details/51762169 http://blog.csdn.net/wylfengyujiancheng/article/details/51762792 排錯的用法 https://linfan1.gitbooks.io/kubernetes-chinese-docs/content/166-Applications.html kube2sky http://www.tuicool.com/articles/yeIJNjJ

手冊
https://linfan1.gitbooks.io/kubernetes-chinese-docs/content/170-Services_FAQ.html http://www.widuu.com/chinese_docker/examples/nodejs_web_app.html https://docs.docker.com/registry/spec/api/#pagination http://kubernetes.io/docs/user-guide/configmap/ http://tonybai.com/2016/11/17/nginx-config-hot-reloading-approach-for-kubernetes-cluster/ http://tonybai.com/2016/11/21/kuberize-ceph-rbd-api-service/ http://tonybai.com/2016/11/22/deploy-nginx-service-for-the-services-in-kubernetes-cluster/ http://tonybai.com/2016/11/16/how-to-pull-images-from-private-registry-on-kubernetes-cluster/ http://tonybai.com/2016/11/07/integrate-kubernetes-with-ceph-rbd/ http://tonybai.com/2016/10/23/install-dns-addon-for-k8s/ http://www.pangxie.space/docker/735 http://www.csdn.net/article/2015-06-12/2824937 http://www.cnblogs.com/puroc/p/5764330.html http://www.pangxie.space/docker/643 http://www.webpaas.com/index.php/archives/115/ http://zhjwpku.com/docker/2016/08/30/k8s-deploy-a-3-nodes-cluster.html http://zhjwpku.com/docker/2016/09/01/cluster-addon.html http://blog.csdn.net/dream_broken/article/details/53115770 http://blog.csdn.net/dc_726/article/details/46475633