faith丶

导航

为pod配置拉取Harbor镜像

 一、保证所有node节点docker login harbor正常登陆

[root@linux-node1 ~]# docker login 192.168.56.13:8000
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

二、创建pod基础yaml文件【#解读yaml文件】

[root@linux-node1 ~]# cat nginx-pod.yaml
apiVersion: v1                                       #版本号
kind: Pod                                            #Pod
metadata:                                            #元数据
name: nginx-pod                                      #metadate.name Pod的名称
  labels:                                            #自定义标签
    app: nginx-pod                                   #自定义标签名字
spec:                                                #Pod中容器的详细定义
  nodeName: "192.168.56.12"                          #node节点选择器
  containers:                                        #spec.containers Pod容器列表
    - name: nginx                                    #spec.containers.name 容器名称
      image: 192.168.56.13:8000/nginx/nginx:1.13.12  #spec.containers.image 容器镜像名称
      ports:                                         #容器需要暴露的端口号列表
      - containerPort: 80                            #容器监听的端口号

三、创建pod报错信息

[root@linux-node1 ~]# kubectl create -f nginx-pod.yaml 
pod "nginx-pod" created

[root@linux-node1 ~]# kubectl get pod nginx-pod
NAME        READY     STATUS             RESTARTS   AGE
nginx-pod   0/1       ImagePullBackOff   0          9s

[root@linux-node1 ~]# kubectl describe pod nginx-pod
Name:         nginx-pod
Namespace:    default
Node:         192.168.56.12/192.168.56.12
Start Time:   Mon, 13 Jan 2020 13:41:52 +0800
Labels:       app=nginx-123
Annotations:  <none>
Status:       Pending
IP:           10.2.98.14
Containers:
  nginx:
    Container ID:   
    Image:          192.168.56.13:8000/nginx/nginx:v1.13.15
    Image ID:       
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Waiting
      Reason:       ErrImagePull
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-t8cvh (ro)
Conditions:
  Type           Status
  Initialized    True 
  Ready          False 
  PodScheduled   True 
Volumes:
  default-token-t8cvh:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-t8cvh
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     <none>
Events:
  Type     Reason                 Age   From                    Message
  ----     ------                 ----  ----                    -------
  Normal   SuccessfulMountVolume  25m   kubelet, 192.168.56.12  MountVolume.SetUp succeeded for volume "default-token-t8cvh"
  Normal   Pulling                25m   kubelet, 192.168.56.12  pulling image "192.168.56.13:8000/nginx/nginx:v1.13.15"
  Warning  Failed                 25m   kubelet, 192.168.56.12  Failed to pull image "192.168.56.13:8000/nginx/nginx:v1.13.15": rpc error: code = Unknown desc = Error response from daemon: pull access denied for 192.168.56.13:8000/nginx/nginx, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
  Warning  Failed                 25m   kubelet, 192.168.56.12  Error: ErrImagePull
  Normal   BackOff                25m   kubelet, 192.168.56.12  Back-off pulling image "192.168.56.13:8000/nginx/nginx:v1.13.15"
  Warning  Failed                 25m   kubelet, 192.168.56.12  Error: ImagePullBackOff

四、查看docker login密码/root/.docker/config.json

【注释:k8s需要用base64转码进行使用】

[root@linux-node1 ~]# cat /root/.docker/config.json
{
    "auths": {
        "192.168.56.13:8000": {
            "auth": "YWRtaW46MTIzNDU="
        }
    },
    "HttpHeaders": {
        "User-Agent": "Docker-Client/19.03.5 (linux)"
    }
}

[root@linux-node1 ~]# cat /root/.docker/config.json|base64
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjU2LjEzOjgwMDAiOiB7CgkJCSJhdXRoIjogIllXUnRh
VzQ2TVRJek5EVT0iCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJE
b2NrZXItQ2xpZW50LzE5LjAzLjUgKGxpbnV4KSIKCX0KfQ==

#注意:密码使用时不可以有回车

五、编写secret资源yaml文件

[root@linux-node1 ~]# vim harbor-secret.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: harbor-secret
  namespace: default
data:
  .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjU2LjEzOjgwMDAiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2TVRJek5EVT0iCgkJfQoJfSwKCSJIdHRwSGVhZGVycyI6IHsKCQkiVXNlci1BZ2VudCI6ICJEb2NrZXItQ2xpZW50LzE5LjAzLjUgKGxpbnV4KSIKCX0KfQ==
type: kubernetes.io/dockerconfigjson

六、创建并查看secret资源

[root@linux-node1 ~]# kubectl create -f harbor-secret.yaml 
secret "harbor-secret" created

[root@linux-node1 ~]# kubectl get secret
NAME                  TYPE                                  DATA      AGE
default-token-t8cvh   kubernetes.io/service-account-token   3         5d
harbor-secret         kubernetes.io/dockerconfigjson        1         10s

七、创建pod拉取Harbor镜像yaml

[root@linux-node1 ~]# vim nginx-pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
  labels:
    app: nginx-pod
spec:
  nodeName: "192.168.56.12"
  containers:
  - name: nginx
    image: 192.168.56.13:8000/nginx/nginx:v1.13.15
    ports:
    - containerPort: 80
  imagePullSecrets: 
    - name: harbor-secret

八、创建pod并查看创建信息

[root@linux-node1 ~]# kubectl create -f nginx-pod.yaml 
pod "nginx-pod" created

[root@linux-node1 ~]# kubectl describe pod nginx-pod
Name:         nginx-pod
Namespace:    default
Node:         192.168.56.12/192.168.56.12
Start Time:   Mon, 13 Jan 2020 13:56:51 +0800
Labels:       app=nginx-pod
Annotations:  <none>
Status:       Running
IP:           10.2.98.15
Containers:
  nginx:
    Container ID:   docker://c6c4f25d00eb273299fc989cd4fd4680e14ca3532c9b461b39d9a0274015a7a2
    Image:          192.168.56.13:8000/nginx/nginx:v1.13.15
    Image ID:       docker-pullable://192.168.56.13:8000/nginx/nginx@sha256:ed25ff6de82aa22bec05554c9ae6c90ba203a3e5aef570f88d8e59ba400ef3d3
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Mon, 13 Jan 2020 13:56:53 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-t8cvh (ro)
Conditions:
  Type           Status
  Initialized    True 
  Ready          True 
  PodScheduled   True 
Volumes:
  default-token-t8cvh:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-t8cvh
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     <none>
Events:
  Type    Reason                 Age   From                    Message
  ----    ------                 ----  ----                    -------
  Normal  SuccessfulMountVolume  25m   kubelet, 192.168.56.12  MountVolume.SetUp succeeded for volume "default-token-t8cvh"
  Normal  Pulling                25m   kubelet, 192.168.56.12  pulling image "192.168.56.13:8000/nginx/nginx:v1.13.15"
  Normal  Pulled                 25m   kubelet, 192.168.56.12  Successfully pulled image "192.168.56.13:8000/nginx/nginx:v1.13.15"
  Normal  Created                25m   kubelet, 192.168.56.12  Created container
  Normal  Started                25m   kubelet, 192.168.56.12  Started container

九、测试nginx-pod创建情况

[root@linux-node1 ~]# kubectl get pod -o wide
NAME                    READY     STATUS    RESTARTS   AGE       IP           NODE
nginx-pod               1/1       Running   0          1m        10.2.98.15   192.168.56.12

[root@linux-node1 ~]# curl --head http://10.2.98.15:80
HTTP/1.1 200 OK
Server: nginx/1.13.15
Date: Mon, 13 Jan 2020 05:58:50 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 09 Apr 2018 16:01:09 GMT
Connection: keep-alive
ETag: "5acb8e45-264"
Accept-Ranges: byte

posted on 2020-01-13 14:39  faith丶  阅读(475)  评论(0编辑  收藏  举报