各位大佬,前文如下:
K8S搭建自动化部署环境(一)安装Kubernetes
K8S搭建自动化部署环境(二)安装K8S管理工具Kuboard V3
K8S搭建自动化部署环境(三)Jenkins下载、安装和启动
K8S搭建自动化部署环境(四)Jenkins多分支流水线Blue Ocean的安装和使用
K8S搭建自动化部署环境(五)Harbor私有仓库的搭建全过程
本文正文:
第一种方法,走命令的形式
1、docker 登录 Harbor:
[root@nb1 .ssh]# docker login -u admin -p Harbor12345 192.168.1.127
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
2、查看登录的秘钥数据:
[root@nb1 .ssh]# cat ~/.docker/config.json
{
"auths": {
"127.0.0.1": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
},
"192.168.1.127": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
}
}
3、将密钥进行base64加密:
[root@nb1 .ssh]# cat ~/.docker/config.json | base64 -w 0
ewoJImF1dGhzIjogewoJCSIxMjcuMC4wLjEiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9LAoJCSIxOTIuMTY4LjEuMTI3IjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfQp9
4、创建 secret.yaml 文件:
kubectl create -f secret.yaml
文件内容如下:
apiVersion: v1
kind: Secret
metadata:
name: login
type: kubernetes.io/dockerconfigjson
data:
# 这里添加上述加密后的密钥
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMjcuMC4wLjEiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9LAoJCSIxOTIuMTY4LjEuMTI3IjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfQp9
最后在应用的yaml文件中添加:
imagePullSecrets:
- name: login
apiVersion: v1
kind: Service
metadata:
name: sbd
namespace: k8snb
spec:
type: NodePort
ports:
- name: sbd
port: 8080
nodePort: 30002
targetPort: 8080
protocol: TCP
selector:
app: sbd
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sbd
namespace: k8snb
spec:
selector:
matchLabels:
k8s.kuboard.cn/layer: web
k8s.kuboard.cn/name: sbd
replicas: 1
template:
metadata:
labels:
k8s.kuboard.cn/layer: web
k8s.kuboard.cn/name: sbd
spec:
containers:
- name: sbd
image: 192.168.1.127/test/sbd:v1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
# 这里指定创建的密钥
imagePullSecrets:
- name: login
第2种方法,使用kuboard直接添加表单(☆推荐☆)
如下图1,2,3步:
接下来4,5,6步:
注意: 其中第4步的名称就是上述imagePullSecrets.name用到的哈,上面的命令的方式叫login而已,对应上即可。
# 这里指定创建的密钥
imagePullSecrets:
- name: harbor-register
拉取镜像问题:
问题1:使用自建https,不被信任,网上有很多解决办法,都不行。
建议购买备案域名进行,添加服务器信任的方式不生效。
Failed to pull image "192.168.1.127/test/sbd:1630643293": rpc error: code = Unknown desc = failed to pull and unpack image "192.168.1.127/test/sbd:1630643293": failed to resolve reference "192.168.1.127/test/sbd:1630643293": failed to do request: Head https://192.168.1.127/v2/test/sbd/manifests/1630643293: x509: certificate signed by unknown authority
问题2:kuboard官方在使用docker-register/ harbor私有仓库时,强制使用https的方式,故下述报错是说
https://192.168.1.127 连不上。
Failed to pull image "192.168.1.127/test/sbd:1630643293": rpc error: code = Unknown desc = failed to pull and unpack image "192.168.1.127/test/sbd:1630643293": failed to resolve reference "192.168.1.127/test/sbd:1630643293": failed to do request: Head https://192.168.1.127/v2/test/sbd/manifests/1630643293: dial tcp 192.168.1.127:443: connect: connection refused