我们在学习K8S时会有个问题,那就是我自己做的应用镜像如何在K8S中部署呢?如果我们每做一个镜像都要推送到公共镜像仓库那未免太麻烦了,这就需要我们搭一个私有镜像仓库,通过私有仓库,K8S集群便可以从中拉取镜像了。
一、拉取并部署docker register
私有镜像仓库部署也很简单,Docker 官方提供了私有仓库的镜像 registry ,只需把镜像下载下来,运行容器并暴露5000端口,就OK了。
$ sudo docker pull docker.io/registry
Using default tag: latest
latest: Pulling from library/registry
79e9f2f55bf5: Pull complete
0d96da54f60b: Pull complete
5b27040df4a2: Pull complete
e2ead8259a04: Pull complete
3790aef225b9: Pull complete
Digest: sha256:169211e20e2f2d5d115674681eb79d21a217b296b43374b8e39f97fcf866b375
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
$ sudo docker run -d -p 5000:5000 --name=registry --restart=always --privileged=true --log-driver=none -v /data/images:/tmp/registry registry
5fe99c39a729c844566cd329fee6e0c304924bfe6a829ea609b6850a0322a145
我这里将本地的/data/images作为镜像数据存放目录。接着我们通过浏览器看下仓库内容:这里repositories:[]表示当前无任何仓库。
二、将镜像推送至私有仓库
我们将制作好的镜像webapp,推送到私有仓库中:
首先,我们给要上传镜像打tag:
sudo docker tag webapp:latest 172.16.194.135:5000/webapp:latest
接着上传镜像:
$ sudo docker push 172.16.194.135:5000/webapp:latest
The push refers to repository [172.16.194.135:5000/webapp]
Get "https://172.16.194.135:5000/v2/": http: server gave HTTP response to HTTPS client
这里出问题了,我们可以看到默认情况下docker使用https协议访问镜像仓库,如果想让docker使用http协议,则需要配置信任源:
我们编辑/etc/docker/daemon.json文件(如果没有此文件则新建):
{
"insecure-registries" : [ "你所搭建的registry服务的ip:5000" ]
}
保存后重启docker服务即可:sudo systemctl docker restart,然后重新推送镜像:
$ sudo docker push 172.16.194.135:5000/webapp:latest
The push refers to repository [172.16.194.135:5000/webapp]
db1a54a89227: Pushed
60348cf35183: Pushed
35c20f26d188: Pushed
c3fe59dd9556: Pushed
6ed1a81ba5b6: Pushed
a3483ce177ce: Pushed
ce6c8756685b: Pushed
30339f20ced0: Pushed
0eb22bfb707d: Pushed
a2ae92ffcd29: Pushed
latest: digest: sha256:a06f9a9efe77d3b029fac660cccf2d563e742f7a1b64f6c92960d5ebd7a4d8d9 size: 2419
这样我们通过浏览器也能看到上传的镜像了:
三、K8S通过私有仓库拉取镜像
我们将webapp部署到K8S集群上,我们首先编写deployment,这里要注意image处需要带上我们仓库地址。
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: webapp
name: webapp
spec:
replicas: 2
selector:
matchLabels:
app: webapp
template:
metadata:
labels:
app: webapp
spec:
containers:
- name: webapp
image: 172.16.194.135:5000/webapp:latest
ports:
- containerPort: 4567
接着我们apply此Deployment,并查看pod启动情况:
$ sudo kubectl apply -f webapp.yaml
deployment.apps/webapp created
$ sudo kubectl get pods
NAME READY STATUS RESTARTS AGE
webapp-5fb8547b77-8xtwk 1/1 Running 0 8s
webapp-5fb8547b77-bht5j 1/1 Running 0 8s
$ sudo kubectl describe pod webapp-5fb8547b77-8xtwk
Name: webapp-5fb8547b77-8xtwk
Namespace: default
Priority: 0
Node: ayato/172.16.194.135
Start Time: Mon, 03 Jan 2022 08:46:47 +0000
Labels: app=webapp
pod-template-hash=5fb8547b77
Annotations: <none>
Status: Running
IP: 172.17.0.7
IPs:
IP: 172.17.0.7
Controlled By: ReplicaSet/webapp-5fb8547b77
Containers:
webapp:
Container ID: docker://03e4f676c8cf337038f4535dfa6598a717e10853662f894aaba85c27bb19fc92
Image: 172.16.194.135:5000/webapp:latest
Image ID: docker-pullable://172.16.194.135:5000/webapp@sha256:a06f9a9efe77d3b029fac660cccf2d563e742f7a1b64f6c92960d5ebd7a4d8d9
Port: 4567/TCP
Host Port: 0/TCP
State: Running
Started: Mon, 03 Jan 2022 08:46:48 +0000
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-pcr2h (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-pcr2h:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-pcr2h
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 23s default-scheduler Successfully assigned default/webapp-5fb8547b77-8xtwk to ayato
Normal Pulling 22s kubelet Pulling image "172.16.194.135:5000/webapp:latest"
Normal Pulled 22s kubelet Successfully pulled image "172.16.194.135:5000/webapp:latest" in 99.689211ms
Normal Created 22s kubelet Created container webapp
Normal Started 21s kubelet Started container webapp
我们可以从Events中看到,我们K8S集群成功从我们私有仓库中拉取到镜像。