标签:登录 博客 image 端口 policy sql 情况 contain tar
写在前面之前的博客中有写过k8s拉取官方镜像,但在实际生产环境中,我们通常都是利用Dockerfile构建的镜像,再上传到Harbor仓库,所以,使用k8s拉取harbor私有仓库的镜像,是很有必要学习的。
| IP地址 | 角色 | 部署软件 |
|---|---|---|
| 192.168.154.134 | master | docker 、k8s |
| 192.168.154.129 | node01 | docker 、k8s |
| 192.168.154.132 | node02 | docker 、k8s |
| 192.168.154.131 | mysql | mysql 5.7 |
K8S在默认情况下只能拉取Harbor仓库中的公有镜像,拉取私有镜像会报错:ErrImagePull 或 ImagePullBackOff
两种解决办法:
1.到 Harbor 仓库中把该镜像的项目设置成公开权限
2.创建认证登录秘钥,在拉取镜像时带上该秘钥
docker login -u admin -p Harbor12345 192.168.154.129
cat ~/.docker/config.json
cat ~/.docker/config.json | base64 -w 0
vim secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: login
type: kubernetes.io/dockerconfigjson
data:
#这里添加加密后的密钥
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE1NC4xMjkiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRvY2tlci1DbGllbnQvMTguMDkuNSAobGludXgpIgoJfQp9kubectl create -f secret.yaml
vim tomcat-deploy.yml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: tomcat-dpm
spec:
replicas: 2
template:
metadata:
labels: # Pod副本拥有的标签,对应RC的Selector
app: tomcat-cluster
spec:
containers:
- name: tomcat-cluster
image: 192.168.154.129/maven-test01/maven-quartz:master #这里镜像就是harbor仓库的项目镜像
imagePullPolicy: Always
ports:
- containerPort: 8080 # 容器应用监听的端口号
# 这里指定创建的密钥
imagePullSecrets:
- name: login注意:需要在创建容器时指定 imagePullSecrets 指标,指定刚才创建的秘钥
kubectl create -f tomcat-deploy.yml
kubectl get pod -o wide
kubectl describe pod tomcat-dpm-568ff775cf-l69s8
vim tomcat-service.yml
apiVersion: v1
kind: Service
metadata:
name: tomcat-service
labels:
app: tomcat-service
spec:
type: NodePort
selector:
app: tomcat-cluster
ports:
- port: 8000
targetPort: 8080
nodePort: 32500
kubectl get svc
kubectl describe service tomcat-service
标签:登录 博客 image 端口 policy sql 情况 contain tar
原文地址:https://blog.51cto.com/13760351/2533947
