转 docker创建私有仓库和k8s中使用私有镜像
docker私有仓库建立
环境说明
我们选取192.168.5.2做私有仓库地址
yum install docker -y
1.启动docker仓库端口服务
docker run -d -p 5000:5000 --privileged=true -v /data/history:/data/registry registry
[root@Control docker_dw_images]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest c9bd19d022f6 6 weeks ago 33.27 MB
2.查看docker仓库端口服务
# curl -XGET http://192.168.5.2:5000/v2/_catalog
# curl -XGET http://192.168.5.2:5000/v2/image_name/tags/list
3.将自己的镜像加到docker仓库
1.1自己做基础镜像并加载到docker中
cd centos6-image && tar -c .|docker import - centos6-base
1.2 创建一个带ssh的基础镜像
mkdir centos6-ssh
cd centos6-ssh
vim Dockerfile
输入
FROM centos6-base
MAINTAINER wuqichao <wuqichao@playcrab.com>
RUN ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key
RUN sed -ri 's/session required pam_loginuid.so/#session required pam_loginuid.so/g' /etc/pam.d/sshd
RUN mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh
EXPOSE 22
RUN echo 'root:xxx.com.cn' | chpasswd
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
CMD /usr/sbin/sshd -D
保存退出
运行如下指令
docker build -t centos6-ssh .
不报错的话,就完成本地镜像
1.3 测试启动ssh的基础镜像
docker run -d -p 127.0.0.1:33333:22 centos6-ssh
1.4 登录ssh的基础镜像实例
ssh root@127.0.0.1 -p 33333
2.加载到自己的私有仓库
###docker pull docker.io/nginx
如果是本地建立docker不用执行上面的
docker tag centos6-ssh 192.168.5.2:5000/centos6-ssh
docker push 192.168.5.2:5000/centos6-ssh
3.检查是否成功
[root@Control k8s]# curl -XGET http://192.168.5.2:5000/v2/_catalog
{"repositories":["centos6-ssh"]}
k8s中使用docker私有仓库
环境设置
1.1.设置服务端
[root@Control k8s_master]# cat /etc/sysconfig/docker|grep 192.168.5.2
OPTIONS='--insecure-registry 192.168.5.2:5000 --log-driver=journald'
ADD_REGISTRY='--add-registry 192.168.5.2:5000'
1.2.设置置客户端
[root@Control k8s_node]# cat /etc/sysconfig/docker|grep 192.168.5.2
OPTIONS='--insecure-registry 192.168.5.2:5000 --log-driver=journald'
ADD_REGISTRY='--add-registry 192.168.5.2:5000'
1.3.去掉权限验证
在/etc/kubernetes/apiserver中
去除 KUBE_ADMISSION_CONTROL中的 SecurityContextDeny,ServiceAccount,
并重启kube-apiserver.service服务
#systemctl restart kube-apiserver.service
1.4.加上DNS服务不然后报错(如果没有则不加入)
KUBELET_ARGS="--cluster-dns=192.168.5.2 --cluster-domain=playcrab-inc.com"
配置YAML
2.0 常用指令
启动指令
kubectl create -f centos6-ssh/centos6-ssh.yaml
删除指令
kubectl delete -f centos6-ssh/centos6-ssh.yaml
查看指令
kubectl get pods
查看细节指令
kubectl describe pod centos6-ssh
2.1启动最简单的pod
2.1.1 yaml配置
[root@Control k8s_yaml]# cat centos6-ssh/centos6-ssh.yaml
apiVersion: v1
kind: Pod
metadata:
name: centos6-ssh
spec:
containers:
- name: centos6-ssh
image: centos6-ssh
2.1.2 查看指令
[root@Control k8s_yaml]# kubectl get pods
NAME READY STATUS RESTARTS AGE
centos6-ssh-mucsv 1/1 Running 0 0m
2.1.3 查看细节指令
kubectl describe pod centos6-ssh
[root@Control k8s_yaml]# kubectl describe pod centos6-ssh
Name: centos6-ssh
Namespace: default
Node: 192.168.5.3/192.168.5.3
Start Time: Wed, 30 Nov 2016 13:44:51 -0500
Labels: <none>
Status: Running
IP: 10.1.75.2
Controllers: <none>
Containers:
centos6-ssh:
Container ID: docker://7046491f05e3d549c198009f056b4e3e0508ad179712772bb296d0d08cc6ae29
Image: centos6-ssh
Image ID: docker://sha256:6525d364d418ae8dc854e6839dfaa653f2b6cd39c696a2f146bb918e69c20060
Port:
QoS Tier:
cpu: BestEffort
memory: BestEffort
State: Running
Started: Wed, 30 Nov 2016 13:44:52 -0500
Ready: True
Restart Count: 0
Environment Variables:
Conditions:
Type Status
Ready True
No volumes.
No events.
可以确认docker的实例跑在192.168.5.3这个NODE节点,分配到的集群内网IP为10.1.75.2
我们现在如果需要登录10.1.75.2要到192.168.5.3这个服务,ssh root@10.1.75.2,才可以登录
2.2启动多份的pod
2.2.1 yaml配置
我们定义了一个centos6-ssh pod复制器,复制份数为2,使用centos6-ssh镜像。
[root@Control k8s_yaml]# cat test/centos6-ssh-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: centos6-ssh
spec:
replicas: 2
selector:
name: centos6-ssh
template:
metadata:
labels:
name: centos6-ssh
spec:
containers:
- name: centos6-ssh
image: centos6-ssh
ports:
- containerPort: 22
2.2.2 查看指令
[root@Control k8s_yaml]# kubectl get pods
NAME READY STATUS RESTARTS AGE
centos6-ssh-mucsv 1/1 Running 0 0m
centos6-ssh-yoghv 1/1 Running 0 0m
2.2.3 查看细节指令
[root@Control k8s_yaml]# kubectl describe pod centos6-ssh
Name: centos6-ssh-mucsv
Namespace: default
Node: 192.168.5.3/192.168.5.3
Start Time: Thu, 01 Dec 2016 11:04:24 -0500
Labels: name=centos6-ssh
Status: Running
IP: 10.1.75.2
Controllers: ReplicationController/centos6-ssh
Containers:
centos6-ssh:
Container ID: docker://ba9327de6f067b46ce348f409e9efa2b44a9064c4f1ea508cf7d92ff9c450541
Image: centos6-ssh
Image ID: docker://sha256:6525d364d418ae8dc854e6839dfaa653f2b6cd39c696a2f146bb918e69c20060
Port: 22/TCP
QoS Tier:
memory: BestEffort
cpu: BestEffort
State: Running
Started: Thu, 01 Dec 2016 11:04:25 -0500
Ready: True
Restart Count: 0
Environment Variables:
Conditions:
Type Status
Ready True
No volumes.
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
5h 5h 2 {kubelet 192.168.5.3} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
5h 5h 1 {kubelet 192.168.5.3} spec.containers{centos6-ssh} Normal Pulling pulling image "centos6-ssh"
5h 5h 1 {kubelet 192.168.5.3} spec.containers{centos6-ssh} Normal Pulled Successfully pulled image "centos6-ssh"
5h 5h 1 {kubelet 192.168.5.3} spec.containers{centos6-ssh} Normal Created Created container with docker id ba9327de6f06
5h 5h 1 {kubelet 192.168.5.3} spec.containers{centos6-ssh} Normal Started Started container with docker id ba9327de6f06
3m 3m 1 {default-scheduler } Normal Scheduled Successfully assigned centos6-ssh-mucsv to 192.168.5.3
Name: centos6-ssh-yoghv
Namespace: default
Node: 192.168.5.4/192.168.5.4
Start Time: Thu, 01 Dec 2016 11:04:37 -0500
Labels: name=centos6-ssh
Status: Running
IP: 10.1.68.2
Controllers: ReplicationController/centos6-ssh
Containers:
centos6-ssh:
Container ID: docker://221e4335774a8347a74fa7341f947954e3fb0eccff5fce7be427b532a4f5d31f
Image: centos6-ssh
Image ID: docker://sha256:6525d364d418ae8dc854e6839dfaa653f2b6cd39c696a2f146bb918e69c20060
Port: 22/TCP
QoS Tier:
cpu: BestEffort
memory: BestEffort
State: Running
Started: Thu, 01 Dec 2016 11:04:38 -0500
Ready: True
Restart Count: 0
Environment Variables:
Conditions:
Type Status
Ready False
No volumes.
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
5h 5h 2 {kubelet 192.168.5.4} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
5h 5h 1 {kubelet 192.168.5.4} spec.containers{centos6-ssh} Normal Pulling pulling image "centos6-ssh"
5h 5h 1 {kubelet 192.168.5.4} spec.containers{centos6-ssh} Normal Pulled Successfully pulled image "centos6-ssh"
5h 5h 1 {kubelet 192.168.5.4} spec.containers{centos6-ssh} Normal Created Created container with docker id 221e4335774a
5h 5h 1 {kubelet 192.168.5.4} spec.containers{centos6-ssh} Normal Started Started container with docker id 221e4335774a
3m 3m 1 {default-scheduler } Normal Scheduled Successfully assigned centos6-ssh-yoghv to 192.168.5.4
可以确认启动了两个实例
10.1.75.2实例在192.168.5.3上
10.1.68.2实例在192.168.5.4上
如果需要SSH连接上去操作还是需要登到各自的物理机上去才可操作
2.3启动内网可访问的services
2.3.1 yaml配置
[root@Control k8s_yaml]# cat test/centos6-ssh-clusterip.yaml
apiVersion: v1
kind: Service
metadata:
name: centos6-ssh-clusterip
spec:
ports:
- port: 2222
targetPort: 22
protocol: TCP
selector:
name: centos6-ssh
selector中的name必须和rc或者pod保持一致
2.3.2 查看
[root@Control k8s_yaml]# kubectl get service
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
centos6-ssh-clusterip 10.254.155.14 <none> 2222/TCP 3s
kubernetes 10.254.0.1 <none> 443/TCP 1d
[root@Control k8s_yaml]# kubectl describe service centos6-ssh-clusterip
Name: centos6-ssh-clusterip
Namespace: default
Labels: <none>
Selector: name=centos6-ssh
Type: ClusterIP
IP: 10.254.155.14
Port: <unset> 2222/TCP
Endpoints: 10.1.68.2:22,10.1.75.2:22
Session Affinity: None
No events.
上面可以确认centos6-ssh-clusterip已经启动,分配到的IP为10.254.155.14,开启2222端口
代理Endpoints: 10.1.68.2:22,10.1.75.2:22
2.3.3 登录测试
[root@Resources-s1 ~]# telnet 10.254.155.14 2222
Trying 10.254.155.14...
Connected to 10.254.155.14.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
^Cxx
Connection closed by foreign host.
QA:
1.解决https问题
[root@Control k8s]# docker push 192.168.5.2:5000/centos6-ssh
The push refers to a repository [192.168.5.2:5000/centos6-ssh]
unable to ping registry endpoint https://192.168.5.2:5000/v0/
v2 ping attempt failed with error: Get https://192.168.5.2:5000/v2/: http: server gave HTTP response to HTTPS client
v1 ping attempt failed with error: Get https://192.168.5.2:5000/v1/_ping: http: server gave HTTP response to HTTPS client
要解决这个问题要在服务端和客户端改配置
服务端:
[root@Control k8s]# cat /etc/sysconfig/docker|grep 192.168.5.2
OPTIONS='--insecure-registry 192.168.5.2:5000 --log-driver=journald'
ADD_REGISTRY='--add-registry 192.168.5.2:5000'
客户端:
[root@Control k8s]# cat /etc/sysconfig/docker|grep 192.168.5.2
OPTIONS='--insecure-registry 192.168.5.2:5000 --log-driver=journald'
ADD_REGISTRY='--add-registry 192.168.5.2:5000'
2.解决创建成功但是kubectl get pods 没有的问题
Error from server: error when creating "nginx.yaml": Pod "nginx" is forbidden: no API token found for service account default/default, retry after the token is automatically created and added to the service account
要解决这个问题如下:
创建pod:
# kubectl create -f nginx.yaml
此时有如下报错:
Error from server: error when creating "nginx.yaml": Pod "nginx" is forbidden: no API token found for service account default/default, retry after the token is automatically created and added to the service account
解决办法是编辑/etc/kubernetes/apiserver 去除 KUBE_ADMISSION_CONTROL中的SecurityContextDeny,ServiceAccount,并重启kube-apiserver.service服务:
#vim /etc/kubernetes/apiserver
KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"
#systemctl restart kube-apiserver.service
之后重新创建pod:
# kubectl create -f nginx.yaml
pods/nginx
playcrab.com.cn
3. ClusterDNS 出问题,pod不成功
kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
这样解决
KUBELET_ARGS="--cluster-dns=192.168.5.2 --cluster-domain=playcrab-inc.com"
参考链接
k8s相关:
http://www.cnblogs.com/openxxs/p/5072865.html
http://www.dockone.io/article/578
http://www.dockone.io/article/1616
http://webpaas.com/index.php/archives/111/
https://mos.meituan.com/library/37/how-to-setup-k8s-cluster-on-CentOS7/
https://www.caicloud.io/article_detail/573d85d2824168110000001d
http://kubernetes.io/docs/user-guide/quick-start/
http://blog.csdn.net/qq1010885678/article/details/49405435
http://www.cnblogs.com/CraryPrimitiveMan/p/4657835.html
http://www.tuicool.com/articles/y26nyar
https://segmentfault.com/q/1010000006127473
http://www.cnblogs.com/stonehat/p/5148455.html
http://valleylord.github.io/post/201603-kubernetes-roll/
kubernetes入门之kube-proxy实现原理
http://www.cnblogs.com/xuxinkun/p/5799986.html
http://blog.coocla.org/kubernetes-storage-volumes-rbd-docker.html
http://www.fangyunlin.com/?p=54
docker相关:
http://dockone.io/article/783
http://dockone.io/article/372
http://dockone.io/article/259
http://blog.liuts.com/post/242/
http://www.infoq.com/cn/articles/docker-network-and-pipework-open-source-explanation-practice
http://note.youdao.com/share/?id=8387b9e886c84f413a97d678c3d01869&type=note#/
http://www.pangxie.space/docker/157
http://www.pangxie.space/docker/176
http://dockone.io/article/1264
docker打镜像
http://my.oschina.net/feedao/blog
http://www.opstool.com/article/315
https://amao12580.github.io/post/2016/04/Nginx-with-docker-part-one/
删除docker私有仓库里的镜像
https://www.v2ex.com/t/266876
微服务化相关:
http://www.infoq.com/cn/articles/micro-service-architecture-evolution-of-daocloud
http://www.infoq.com/cn/articles/enterprise-core-systems-transformation-practice
http://dockone.io/article/394
http://www.infoq.com/cn/articles/the-back-end-business-systems-service-transformation
http://www.infoq.com/cn/articles/ultimate-discussion-of-micro-service-architecture
http://martinfowler.com/articles/microservices.html
kube-ui:
http://blog.csdn.net/zczzsq/article/details/50787810
交换机:
http://blog.csdn.net/wylfengyujiancheng/article/details/51762169
http://blog.csdn.net/wylfengyujiancheng/article/details/51762792
排错的用法
https://linfan1.gitbooks.io/kubernetes-chinese-docs/content/166-Applications.html
kube2sky
http://www.tuicool.com/articles/yeIJNjJ
手册
https://linfan1.gitbooks.io/kubernetes-chinese-docs/content/170-Services_FAQ.html
http://www.widuu.com/chinese_docker/examples/nodejs_web_app.html
https://docs.docker.com/registry/spec/api/#pagination
http://kubernetes.io/docs/user-guide/configmap/
http://tonybai.com/2016/11/17/nginx-config-hot-reloading-approach-for-kubernetes-cluster/
http://tonybai.com/2016/11/21/kuberize-ceph-rbd-api-service/
http://tonybai.com/2016/11/22/deploy-nginx-service-for-the-services-in-kubernetes-cluster/
http://tonybai.com/2016/11/16/how-to-pull-images-from-private-registry-on-kubernetes-cluster/
http://tonybai.com/2016/11/07/integrate-kubernetes-with-ceph-rbd/
http://tonybai.com/2016/10/23/install-dns-addon-for-k8s/
http://www.pangxie.space/docker/735
http://www.csdn.net/article/2015-06-12/2824937
http://www.cnblogs.com/puroc/p/5764330.html
http://www.pangxie.space/docker/643
http://www.webpaas.com/index.php/archives/115/
http://zhjwpku.com/docker/2016/08/30/k8s-deploy-a-3-nodes-cluster.html
http://zhjwpku.com/docker/2016/09/01/cluster-addon.html
http://blog.csdn.net/dream_broken/article/details/53115770
http://blog.csdn.net/dc_726/article/details/46475633
另一个文档地址:https://blog.csdn.net/boling_cavalry/article/details/78818462
转 docker创建私有仓库和k8s中使用私有镜像的更多相关文章
- (四)docker创建私人仓库
(一) 简介 仓库(Repository)是集中存放镜像的地方.仓库可以 被认为是一个具体的项目或目录.例如对于仓库地址 docker.sina.com.cn/centos:centos63 来说,d ...
- docker的本地仓库换成阿里云的镜像仓库
1,阿里云上注册账号,我的已经注册好了,仓库名称:registry.cn-hangzhou.aliyuncs.com/woccb2/chen 2,本地安装docker: yum -y install ...
- 如何在K8S中优雅的使用私有镜像库 (Docker版)
前言 在企业落地 K8S 的过程中,私有镜像库 (专用镜像库) 必不可少,特别是在 Docker Hub 开始对免费用户限流之后, 越发的体现了搭建私有镜像库的重要性. 私有镜像库不但可以加速镜像的拉 ...
- Docker容器管理平台Humpback进阶-私有仓库
Docker私有仓库 在 Docker 中,当我们执行 docker pull xxx 的时候,可能会比较好奇,docker 会去哪儿查找并下载镜像呢? 它实际上是从 registry.hub.doc ...
- Docker容器学习梳理 - 私有仓库Registry使用
但有时候使用Docker Hub这样的公共仓库可能不方便,这种情况下用户可以使用registry创建一个本地仓库供私人使用,这点跟Maven的管理类似.使用私有仓库有许多优点: 1)节省网络带宽,针对 ...
- 部署Nexus作为docker的私有仓库
目录 Docker搭建Nexus私有仓库... 1 一.安装部署... 1 1.安装... 2 2.访问网页端... 2 二.配置使用... 2 1.创建本地仓库... 2 2.docker配置... ...
- Docker容器化【Dockerfile编写&&搭建与使用Docker私有仓库】
# Docker 学习目标: 掌握Docker基础知识,能够理解Docker镜像与容器的概念 完成Docker安装与启动 掌握Docker镜像与容器相关命令 掌握Tomcat Nginx 等软件的常用 ...
- Ubuntu构建Docker私有仓库(Repository) 配置过程笔记
一.准备: 1.服务器(或者虚拟机2台,我的服务环境[ 阿里云服务器-Ubuntu 1804 +百度云-Ubuntu 1604]) 2.有效镜像(我这里以上一篇随笔镜像作为有效镜像https://w ...
- Docker:私有仓库registry [十一]
一.运行docker私有仓库 安装registry docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregi ...
随机推荐
- 【Apache】Apache的安装和配置
Apache是世界非常流行的Web服务器软件.它可以运行在几乎所有广泛使用的计算机平台上,由于其跨平台和安全性被广泛使用,是最流行的Web服务器端软件之一. Apache在Win7上的安装 下载apa ...
- 分析轮子(八)- List.java 各种遍历方式及遍历时移除元素的方法
注:玩的是JDK1.7版本 1:先尝栗子,再分析,代码简单,注释清晰,可自玩一下 /** * @description:测试集合遍历和移除元素的方式 * @author:godtrue * @crea ...
- MySQL查询库和表占用的硬盘空间大小
在mysql中有一个默认的数据表information_schema,information_schema这张数据表保存了MySQL服务器所有数据库的信息.如数据库名,数据库的表,表栏的数据类型与访问 ...
- Linux进程资源占用分析
[时间:2018-03] [状态:Open] [关键词:linux, 进程,proc,top] 0 引言 最近在分析安卓程序上的monkey测试日志时发现,需要了解下Linux进程资源占用情况及其查看 ...
- js正则匹配html标签中的style样式和img标签
<!DOCTYPE html> <html> <head> <title></title> </head> <body&g ...
- Pandas基础(十一)时间序列
1. pandas时间序列:时间索引 2. pandas时间序列数据结构 2.1 定期序列 3. 频率和偏移 4. 重采样,转移,加窗口 4.1 重采样及频率转换 4.2 时间移动 4.3 滚动窗口 ...
- 如何配置JVM系统属性及获取方式System.getProperty("pname")
https://www.cnblogs.com/keyi/p/7721893.html
- [Java并发编程(四)] Java volatile 的理论实践
[Java并发编程(四)] Java volatile 的理论实践 摘要 Java 语言中的 volatile 变量可以被看作是一种 "程度较轻的 synchronized":与 ...
- VirtualBox通过Host-Only网络连接方式实现宿主机与虚拟机通信
适用情况 (1)没有联网, 不插网线 (2)宿主机直接连接宽带(无路由器) 情景: 宿主机 Windows 7 虚拟机 Windows XP 虚拟机安装了SQLServer2005,宿主机想连接使用虚 ...
- Windows10下virtualenv配置
1.安装virtualenv pip install virtualenv 2.选定一个目录,作为存储不同环境的总目录 3.安装virtualenvwrapper-powershell(只适用于Pyt ...