文章目录

  • pod的容器分类与镜像拉取策略
  • pod的容器分类
  • 镜像拉取策略(image PullPolicy)
  • K8s私有harbor仓库部署
  • 安装docker-ce,docker-compose以及他们的依赖环境还要harbor
  • master节点创建一个yaml文件并将镜像下载地址修改为harbor
  • 强制删除镜像方法


官方文档:https://kubernetes.io/docs/concepts/containers/images/

pod的容器分类与镜像拉取策略

pod在k8s中是:

  1. 最小部署单页
  2. 一组容器的集合
  3. 一个pod中的容器共享网络命名空间
  4. pod是短暂的

pod的容器分类

1、infrastructure container:基础容器
维护整个pod网络空间:可以在node节点操作查看容器的网络

[root@node01 ~]# cat /opt/k8s/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=192.168.233.132 \
--kubeconfig=/opt/k8s/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/k8s/cfg/bootstrap.kubeconfig \
--config=/opt/k8s/cfg/kubelet.config \
--cert-dir=/opt/k8s/ssl \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"	'//是基础容器'

2、initcontainers:初始化容器
先于业务容器开始执行,原先pod中容器是并行开启,现在进行了改进
无论容器写在初始化容器前还是写在初始化容器后,最先执行的都是初始化容器。只有初始化容器执行成功后才可以启动容器。
初始化容器的应用场景一般是多容器,例如:mysql和业务分开两个容器。将业务设为初始化容器,并检查mysql是否启动,若mysql启动,则业务容器启动;否则业务容器等待mysql启动。

3、container:业务容器
业务容器就是我们创建的pod资源内的容器服务,业务容器也叫APP容器,并行启动

镜像拉取策略(image PullPolicy)

有三种

  1. IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
  2. Always:每次创建 Pod 都会重新拉取一次镜像
  3. Never: Pod 永远不会主动拉取这个镜像

查看镜像拉取策略
master 节点

[root@localhost bin]# kubectl get deploy/http-deployment -o yaml |grep imagePull        imagePullPolicy: Always

编辑一个pod并指定拉去策略

[root@localhost /]# mkdir beta1
[root@localhost /]# cd beta1/
[root@localhost beta1]# cat > Gself.yaml <<EOF
> apiVersion: v1
> kind: Pod
> metadata: 
>   name: gselfpod
> spec: 
>   containers: 
>     - name: nginx
>       image: nginx:1.19
>       imagePullPolicy: IfNotPresent
> EOF
[root@localhost beta1]# cat Gself.yaml 
apiVersion: v1
kind: Pod
metadata: 
  name: GselfPod
spec: 
  containers: 
    - name: nginx
      image: nginx:1.19
      imagePullPolicy: ifnotpresent
      command: ["echo","Success"]

[root@localhost beta1]# kubectl create -f Gself.yaml 
pod/gselfpod created

查看状态

[root@localhost beta1]# kubectl get pods
NAME                               READY   STATUS             RESTARTS   AGE
gselfpod                           0/1     CrashLoopBackOff   1          9s
http-deployment-766c5bfc5c-9x4c4   1/1     Running            0          7h38m
http-deployment-766c5bfc5c-ctmnk   1/1     Running            0          7h38m
http-deployment-766c5bfc5c-dkjgk   1/1     Running            0          7h38m

失败的状态的原因是因为命令启动冲突
删除 command: [ “echo”, “SUCCESS” ]

[root@localhost beta1]# vim Gself.yaml 
[root@localhost beta1]# cat Gself.yaml 
apiVersion: v1
kind: Pod
metadata: 
  name: gselfpod
spec: 
  containers: 
    - name: nginx
      image: nginx:1.19
      imagePullPolicy: IfNotPresent
[root@localhost beta1]# kubectl apply -f Gself.yaml 
pod/gselfpod created

[root@localhost beta1]# kubectl describe pod gselfpod
Name:               gselfpod
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               20.0.0.4/20.0.0.4
Start Time:         Mon, 12 Oct 2020 17:32:19 +0800
Labels:             <none>
Annotations:        kubectl.kubernetes.io/last-applied-configuration:
                      {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"name":"gselfpod","namespace":"default"},"spec":{"containers":[{"image":"ngin...
Status:             Running
IP:                 172.17.13.4


[root@localhost beta1]# kubectl get pods -o wide
NAME                               READY   STATUS    RESTARTS   AGE     IP            NODE       NOMINATED NODE
gselfpod                           1/1     Running   0          40s     172.17.13.4   20.0.0.4   <none>
http-deployment-766c5bfc5c-9x4c4   1/1     Running   0          7h48m   172.17.13.3   20.0.0.4   <none>
http-deployment-766c5bfc5c-ctmnk   1/1     Running   0          7h48m   172.17.54.2   20.0.0.5   <none>
http-deployment-766c5bfc5c-dkjgk   1/1     Running   0          7h48m   172.17.54.3   20.0.0.5   <none>

去 20.0.0.4 节点,查看数据报头

[root@localhost docker]# curl -I 172.17.13.4	##大写i
HTTP/1.1 200 OK
Server: nginx/1.19.3
Date: Mon, 12 Oct 2020 09:35:38 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 29 Sep 2020 14:12:31 GMT
Connection: keep-alive
ETag: "5f7340cf-264"
Accept-Ranges: bytes

K8s私有harbor仓库部署

安装docker-ce,docker-compose以及他们的依赖环境还要harbor

[root@harbor ~]# yum -y install yum-utils device-mapper-persistent-data lvm2	##安装依赖
[root@harbor ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo	##安装阿里云docker镜像
已加载插件:fastestmirror, langpacks
adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@harbor ~]# ll /etc/yum.repos.d/
总用量 36
-rw-r--r--. 1 root root 1664 11月 23 2018 CentOS-Base.repo
-rw-r--r--. 1 root root 1309 11月 23 2018 CentOS-CR.repo
-rw-r--r--. 1 root root  649 11月 23 2018 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root  314 11月 23 2018 CentOS-fasttrack.repo
-rw-r--r--. 1 root root  630 11月 23 2018 CentOS-Media.repo
-rw-r--r--. 1 root root 1331 11月 23 2018 CentOS-Sources.repo
-rw-r--r--. 1 root root 5701 11月 23 2018 CentOS-Vault.repo
-rw-r--r--. 1 root root 2640 3月  16 2020 docker-ce.repo

[root@harbor ~]# yum -y install docker-ce
[root@harbor ~]# systemctl start docker

下一步是镜像加速,自己去阿里云设置吧

[root@harbor ~]# systemctl daemon-reload 
[root@harbor ~]# systemctl restart docker

安装docker-compose

[root@harbor ~]# rz -E
rz waiting to receive.
[root@harbor ~]# ls
anaconda-ks.cfg  initial-setup-ks.cfg  模板  图片  下载  桌面
docker-compose   公共                  视频  文档  音乐
[root@harbor ~]# mv docker-compose /usr/local/bin/docker-compose
[root@harbor ~]# chmod +x /usr/local/bin/docker-compose        
[root@harbor ~]# docker-compose -v
docker-compose version 1.21.1, build 5a3f1a3

安装harbor

[root@harbor ~]# mkdir /harbor
[root@harbor ~]# cd /harbor/
[root@harbor harbor]# rz -E
rz waiting to receive.
[root@harbor harbor]# tar zxvf harbor-offline-installer-v1.2.2.tgz
[root@harbor harbor]# cd harbor/
[root@harbor harbor]# ls
common                     docker-compose.yml     harbor.v1.2.2.tar.gz  NOTICE
docker-compose.clair.yml   harbor_1_1_0_template  install.sh            prepare
docker-compose.notary.yml  harbor.cfg             LICENSE               upgrade
[root@harbor harbor]# vim harbor.cfg 
hostname = 20.0.0.12
[root@harbor harbor]# sh install.sh

kubernetes镜像导入 kubernetes 镜像仓库_etcd


kubernetes镜像导入 kubernetes 镜像仓库_docker_02


设置全部node节点的deamon-json文件,指定私仓地址

[root@localhost /]# vim /etc/docker/daemon.json
{
  "registry-mirrors": ["https://*******.mirror.aliyuncs.com"],
  "insecure-registries":["20.0.0.12"]
}
[root@localhost /]# systemctl daemon-reload 
[root@localhost /]# systemctl restart docker
[root@5centos ~]# docker login -u admin -p Harbor12345 http://20.0.0.12
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

下载tomcat镜像,并上载给harbor

[root@localhost /]# docker pull dordoka/tomcat
Using default tag: latest
latest: Pulling from dordoka/tomcat
e082d4499130: Pull complete 
371450624c9e: Pull complete 
c8a555b3a57c: Pull complete 
1456d810d42e: Pull complete 
1934ab037d50: Pull complete 
297b1bee5293: Pull complete 
d33229998f09: Pull complete 
a18a39d0e788: Pull complete 
8bcdb23cee94: Pull complete 
cd68c521fa95: Pull complete 
Digest: sha256:711b24da0a43f461d0a21d6348794880207d783e3c89cc761af34543de7912a3
Status: Downloaded newer image for dordoka/tomcat:latest
docker.io/dordoka/tomcat:latest

上传给私库

[root@localhost /]# docker tag dordoka/tomcat:latest 20.0.0.12/beta01/tomcat
[root@localhost /]# docker push 20.0.0.12/beta01/tomcat
The push refers to repository [20.0.0.12/beta01/tomcat]
ea9c5326a600: Pushed 
0eb88e292f51: Pushed 
bfaffd009606: Pushed 
0e17934bdc74: Pushed 
c2476938351f: Pushed 
6e0734ca81cd: Pushed 
5f96fa66dc12: Pushed 
dda5ec330bd9: Pushed 
11a0c2f551fd: Pushed 
eef560b4ec4f: Pushed 
latest: digest: sha256:711b24da0a43f461d0a21d6348794880207d783e3c89cc761af34543de7912a3 size: 2412

kubernetes镜像导入 kubernetes 镜像仓库_kubernetes_03


下载测试

[root@localhost /]# docker rmi 20.0.0.12/beta01/tomcat:latest 
Untagged: 20.0.0.12/beta01/tomcat:latest
Untagged: 20.0.0.12/beta01/tomcat@sha256:711b24da0a43f461d0a21d6348794880207d783e3c89cc761af34543de7912a3
[root@localhost /]# docker pull 20.0.0.12/beta01/tomcat
Using default tag: latest
latest: Pulling from beta01/tomcat
Digest: sha256:711b24da0a43f461d0a21d6348794880207d783e3c89cc761af34543de7912a3
Status: Downloaded newer image for 20.0.0.12/beta01/tomcat:latest
20.0.0.12/beta01/tomcat:latest

master节点创建一个yaml文件并将镜像下载地址修改为harbor

[root@localhost beta1]# vim tomcat.yaml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: mytomcat
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: mytomcat
    spec:
      imagePullSecrets:
      - name: registry-pull-secret
      containers:
      -name: mytomcat
        image: 20.0.0.12/beta01/tomcat
        imagePullPolicy: IfNotPresent		##如果我不指明拉去策略,我镜像就一直报错,就很烦
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: mytomcat
spec:
  type: NodePort
  ports:
  - port: 80
    targetPort: 80
    nodePort: 30800
  selector:
    app: mytomcat
[root@localhost beta1]# kubectl apply -f tomcat.yaml 
deployment.extensions/mytomcat unchanged
service/mytomcat created
[root@localhost beta1]# kubectl get pods
NAME                               READY   STATUS    RESTARTS   AGE
http-deployment-766c5bfc5c-ctmnk   1/1     Running   1          14h
http-deployment-766c5bfc5c-dkjgk   1/1     Running   1          14h
http-deployment-766c5bfc5c-ttpt6   1/1     Running   0          4h51m
mytomcat-59bc9fdc84-7db4p          1/1     Running   0          3s
mytomcat-59bc9fdc84-cvd8r          1/1     Running   0          3s

看到镜像被多下载了两次,这就差不多OK了

kubernetes镜像导入 kubernetes 镜像仓库_centos_04

强制删除镜像方法

如果遇到处于Terminating状态的无法删除的容器可以强制删除

[root@master test]# kubectl get pods
NAME                              READY   STATUS        RESTARTS   AGE

my-nginx-57667b9d9-nklvj         1/1     Terminating   0          10h

my-nginx-57667b9d9-wllnp         1/1     Terminating   0          10h

这种情况下可以使用强制删除命令
[root@master test]# kubectl delete pod my-nginx-57667b9d9-nklvj  --force --grace-period=0 -n default

使用kubectl get ns,查看命名空间
[root@master test]# kubectl get ns
NAME          STATUS   AGE
default       Active   12d
kube-public   Active   12d
kube-system   Active   12d