镜像仓库使用https协议


k8s 的 master1和 node1/2节点的 docker 的操作

[root@node1 ~]#  mkdir /etc/docker/certs.d/reg.harbor.com -p
[root@node1 ~]# cp reg.harbor.com.pem /etc/docker/certs.d/reg.harbor.com/reg.harbor.com.crt
[root@node1 ~]# docker login reg.harbor.com
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store


[root@node1 ~]# vim /etc/hosts
192.168.0.10   reg.harbor.com

 


在 k8s 的 master1 节点操作



创建拉取私有镜像仓库需要的 secret

kubectl create ns ms && 
kubectl create secret docker-registry registry-pull-secret --docker-server=reg.harbor.com --docker-username=admin --docker-password=Harbor12345 -n ms


[root@master ~]# kubectl get secret -n ms
NAME                   TYPE                                  DATA   AGE
default-token-l2bcv    kubernetes.io/service-account-token   3      3m10s
registry-pull-secret   kubernetes.io/dockerconfigjson        1      109s

 

在 harbor 上创建一个项目 microservice

微服务 在 k8s 中部署网关 Eureka 服务_java

微服务 在 k8s 中部署网关 Eureka 服务_java_02

 

 

制作eureka镜像

[root@master ~]# cd microservic-test
[root@master microservic-test]# cd eureka-service/
[root@master eureka-service]# ls
Dockerfile  pom.xml  src  target
[root@master eureka-service]# cd src/
[root@master src]# ls
main
[root@master src]# cd main/
[root@master main]# ls
java  resources
[root@master main]# cd resources/
[root@master resources]# ls
application-dev.yml  application-fat.yml  application.yml



#这个就是eurka的一个配置
[root@master resources]# cat application-fat.yml 
eureka:
  server:
    renewal-percent-threshold: 0.9
    enable-self-preservation: false
    eviction-interval-timer-in-ms: 40000
  instance:
    hostname: 127.0.0.1
    prefer-ip-address: false
  client:
    register-with-eureka: true
    serviceUrl:
      defaultZone: http://eureka-0.eureka.ms:${server.port}/eureka/,http://eureka-1.eureka.ms:${server.port}/eureka/,http://eureka-2.eureka.ms:${server.port}/eureka/
    fetch-registry: true


域名为:pod当中主机名称+service名称+命名空间
[root@master eureka-service]# ls target/
classes  eureka-service.jar  eureka-service.jar.original  generated-sources  maven-archiver  maven-status

[root@master eureka-service]# cat Dockerfile 
FROM java:8-jdk-alpine
RUN  apk add -U tzdata && \
     ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
COPY ./target/eureka-service.jar ./
EXPOSE 8888
CMD java -jar -Deureka.instance.hostname=${MY_POD_NAME}.eureka.ms /eureka-service.jar
#这个镜像就是将eureka的一些配置封装在里面了
[root@master eureka-service]# docker build -t reg.harbor.com/microservice/eureka:v1 .
Sending build context to Docker daemon  47.26MB
Step 1/5 : FROM java:8-jdk-alpine
 ---> 3fd9dd82815c
Step 2/5 : RUN  apk add -U tzdata &&      ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
 ---> Using cache
 ---> a9034491fdd5
Step 3/5 : COPY ./target/eureka-service.jar ./
 ---> Using cache
 ---> 5216286f3d41
Step 4/5 : EXPOSE 8888
 ---> Using cache
 ---> cd6df6e0bf55
Step 5/5 : CMD java -jar -Deureka.instance.hostname=${MY_POD_NAME}.eureka.ms /eureka-service.jar
 ---> Using cache
 ---> a455488fe74c
Successfully built a455488fe74c
Successfully tagged reg.harbor.com/microservice/eureka:v1

[root@master eureka-service]# docker push  reg.harbor.com/microservice/eureka:v1 
The push refers to repository [reg.harbor.com/microservice/eureka]
ada532ee2d35: Pushed 
8994a8716f11: Pushed 
a1e7033f082e: Pushed 
78075328e0da: Pushed 
9f8566ee5135: Pushed 
v1: digest: sha256:e38703cbca2ed1a2ac801ce5b32777526ac66694fd7a848847faa9a911e6e85a size: 1370

微服务 在 k8s 中部署网关 Eureka 服务_jar_03

 

部署eureka服务

[root@master k8s]# cat eureka.yaml 
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: eureka 
  namespace: ms 
  annotations:          
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
    - host: eureka.ctnrs.com 
      http:
        paths:
        - path: /
          backend:
            serviceName: eureka 
            servicePort: 8888
---
apiVersion: v1
kind: Service
metadata:
  name: eureka
  namespace: ms
spec:
  clusterIP: None
  ports:
  - port: 8888
    name: eureka 
  selector:
    project: ms
    app: eureka

---

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: eureka
  namespace: ms 
spec:
  replicas: 3
  selector:
    matchLabels:
      project: ms
      app: eureka
  serviceName: "eureka"
  template:
    metadata:
      labels:
        project: ms 
        app: eureka
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      - name: eureka
        image: reg.harbor.com/microservice/eureka:v1
        ports:
          - protocol: TCP
            containerPort: 8888
        env:
          - name: MY_POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
        resources:
          requests:
            cpu: 0.5
            memory: 256Mi
          limits:
            cpu: 1
            memory: 1Gi
        readinessProbe:
          tcpSocket:
            port: 8888
          initialDelaySeconds: 60
          periodSeconds: 10
        livenessProbe:
          tcpSocket:
            port: 8888
          initialDelaySeconds: 60
          periodSeconds: 10
[root@master k8s]# kubectl get ingress -n ms
NAME     CLASS    HOSTS              ADDRESS   PORTS   AGE
eureka   <none>   eureka.ctnrs.com             80      38m
[root@master k8s]# kubectl describe ingress eureka -n ms
Name:             eureka
Namespace:        ms
Address:          
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host              Path  Backends
  ----              ----  --------
  eureka.ctnrs.com  
                    /   eureka:8888 (10.233.90.36:8888,10.233.96.29:8888,10.233.96.30:8888)
Annotations:        kubernetes.io/ingress.class: nginx
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  CREATE  39m   nginx-ingress-controller  Ingress ms/eureka
  Normal  CREATE  39m   nginx-ingress-controller  Ingress ms/eureka


[root@master k8s]# kubectl  get pod -n ms
NAME       READY   STATUS      RESTARTS   AGE
eureka-0   0/1     OOMKilled   1          34s



[root@master k8s]# kubectl run -it dns-test --image=busybox:1.28.4 -- sh
If you don't see a command prompt, try pressing enter.

/ # nslookup eureka-0.eureka.ms
Server:    169.254.25.10
Address 1: 169.254.25.10

Name:      eureka-0.eureka.ms
Address 1: 10.233.90.36 eureka-0.eureka.ms.svc.cluster.local
/ # nslookup eureka-1.eureka.ms
Server:    169.254.25.10
Address 1: 169.254.25.10

Name:      eureka-1.eureka.ms
Address 1: 10.233.96.29 eureka-1.eureka.ms.svc.cluster.local
/ # nslookup eureka-2.eureka.ms
Server:    169.254.25.10
Address 1: 169.254.25.10

Name:      eureka-2.eureka.ms
Address 1: 10.233.96.30 eureka-2.eureka.ms.svc.cluster.local
/ # exit
Session ended, resume using 'kubectl attach dns-test -c dns-test -i -t' command when the pod is running
[root@master k8s]# kubectl get pod -n ms
NAME       READY   STATUS    RESTARTS   AGE
eureka-0   1/1     Running   0          19m
eureka-1   1/1     Running   0          18m
eureka-2   1/1     Running   0          17m
[root@master k8s]# kubectl get pod -n ms -o wide
NAME       READY   STATUS    RESTARTS   AGE   IP             NODE    NOMINATED NODE   READINESS GATES
eureka-0   1/1     Running   0          19m   10.233.90.36   node1   <none>           <none>
eureka-1   1/1     Running   0          18m   10.233.96.29   node2   <none>           <none>
eureka-2   1/1     Running   0          17m   10.233.96.30   node2   <none>           <none>


[root@master k8s]# kubectl exec -it eureka-0 -n ms  -- sh
/ # echo  $MY_POD_NAME
eureka-0

微服务 在 k8s 中部署网关 Eureka 服务_java_04

微服务 在 k8s 中部署网关 Eureka 服务_java_05

微服务 在 k8s 中部署网关 Eureka 服务_jar_06