0
点赞
收藏
分享

微信扫一扫

K8S搭建自动化部署环境(六)K8S拉取私有Harbor仓库镜像

at小涛 2022-01-05 阅读 126

各位大佬,前文如下:
K8S搭建自动化部署环境(一)安装Kubernetes

K8S搭建自动化部署环境(二)安装K8S管理工具Kuboard V3

K8S搭建自动化部署环境(三)Jenkins下载、安装和启动

K8S搭建自动化部署环境(四)Jenkins多分支流水线Blue Ocean的安装和使用

K8S搭建自动化部署环境(五)Harbor私有仓库的搭建全过程

本文正文:

第一种方法,走命令的形式

1、docker 登录 Harbor:

[root@nb1 .ssh]# docker login -u admin -p Harbor12345 192.168.1.127
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

2、查看登录的秘钥数据:

[root@nb1 .ssh]# cat ~/.docker/config.json
{
	"auths": {
		"127.0.0.1": {
			"auth": "YWRtaW46SGFyYm9yMTIzNDU="
		},
		"192.168.1.127": {
			"auth": "YWRtaW46SGFyYm9yMTIzNDU="
		}
	}
}

3、将密钥进行base64加密:

[root@nb1 .ssh]# cat ~/.docker/config.json | base64 -w 0
ewoJImF1dGhzIjogewoJCSIxMjcuMC4wLjEiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9LAoJCSIxOTIuMTY4LjEuMTI3IjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfQp9

4、创建 secret.yaml 文件:
kubectl create -f secret.yaml
文件内容如下:

apiVersion: v1
kind: Secret
metadata:
  name: login
type: kubernetes.io/dockerconfigjson
data:
   # 这里添加上述加密后的密钥
  .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMjcuMC4wLjEiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9LAoJCSIxOTIuMTY4LjEuMTI3IjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfQp9

最后在应用的yaml文件中添加:
imagePullSecrets:
- name: login

apiVersion: v1
kind: Service
metadata:
  name: sbd
  namespace: k8snb
spec:
  type: NodePort
  ports:
  - name: sbd
    port: 8080
    nodePort: 30002
    targetPort: 8080
    protocol: TCP
  selector:
    app: sbd
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sbd
  namespace: k8snb
spec:
  selector:
    matchLabels:
      k8s.kuboard.cn/layer: web
      k8s.kuboard.cn/name: sbd
  replicas: 1
  template:
    metadata:
      labels:
        k8s.kuboard.cn/layer: web
        k8s.kuboard.cn/name: sbd
    spec:
      containers:
        - name: sbd
          image: 192.168.1.127/test/sbd:v1
          imagePullPolicy: IfNotPresent
          ports:
          - containerPort: 8080
      # 这里指定创建的密钥
      imagePullSecrets:
        - name: login

第2种方法,使用kuboard直接添加表单(☆推荐☆)

如下图1,2,3步:
在这里插入图片描述
接下来4,5,6步:
注意: 其中第4步的名称就是上述imagePullSecrets.name用到的哈,上面的命令的方式叫login而已,对应上即可。

     # 这里指定创建的密钥
      imagePullSecrets:
        - name: harbor-register

在这里插入图片描述

拉取镜像问题:

问题1:使用自建https,不被信任,网上有很多解决办法,都不行。
建议购买备案域名进行,添加服务器信任的方式不生效。

Failed to pull image "192.168.1.127/test/sbd:1630643293": rpc error: code = Unknown desc = failed to pull and unpack image "192.168.1.127/test/sbd:1630643293": failed to resolve reference "192.168.1.127/test/sbd:1630643293": failed to do request: Head https://192.168.1.127/v2/test/sbd/manifests/1630643293: x509: certificate signed by unknown authority

问题2:kuboard官方在使用docker-register/ harbor私有仓库时,强制使用https的方式,故下述报错是说
https://192.168.1.127 连不上。

Failed to pull image "192.168.1.127/test/sbd:1630643293": rpc error: code = Unknown desc = failed to pull and unpack image "192.168.1.127/test/sbd:1630643293": failed to resolve reference "192.168.1.127/test/sbd:1630643293": failed to do request: Head https://192.168.1.127/v2/test/sbd/manifests/1630643293: dial tcp 192.168.1.127:443: connect: connection refused

END

举报

相关推荐

0 条评论