1. 镜像仓库的基本操作 1.1. 登录镜像仓库 1 docker login -u <username> -p <password> <registry-addr>
1.2. 拉取镜像 1 docker pull https://registry.xxx.com/dev/nginx:latest
1.3. 推送镜像 1 docker push https://registry.xxx.com/dev/nginx:latest
1.4. 重命名镜像 1 docker tag <old-image> <new-image>
2. docker.xxx.com镜像仓库 使用docker.xxx.com镜像仓库。
2.1. 所有节点配置insecure-registries 1 2 3 4 5 6 7 8 9 10 { "data-root" : "/data/docker" , "debug" : false , "insecure-registries" : [ ... "docker.xxx.com:8080" ], ... }
2.2. 所有节点配置/var/lib/kubelet/config.json 具体参考:configuring-nodes-to-authenticate-to-a-private-registry
在某个节点登录docker.xxx.com:8080镜像仓库,会更新 $HOME/.docker/config.json
检查$HOME/.docker/config.json是否有该镜像仓库的auth信息。
1 2 3 4 5 6 7 8 9 10 11 #cat ~/.docker/config.json { "auths": { "docker.xxx.com:8080": { "auth": "<此处为凭证信息>" } }, "HttpHeaders": { "User-Agent": "Docker-Client/18.09.9 (linux)" } }
将$HOME/.docker/config.json
拷贝到所有的Node节点上的/var/lib/kubelet/config.json
。
1 2 3 4 nodes=$(kubectl get nodes -o jsonpath='{range .items[*].status.addresses[?(@.type=="ExternalIP")]}{.address} {end}' ) for n in $nodes ; do scp ~/.docker/config.json root@$n :/var/lib/kubelet/config.json; done
2.3. 创建docker.xxx.com镜像的pod 指定镜像为:docker.xxx.com:8080/public/2048:latest
完整pod.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 apiVersion: apps/v1beta2 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "1" generation: 1 labels: k8s-app: dockeroa-hub qcloud-app: dockeroa-hub name: dockeroa-hub namespace: test spec: progressDeadlineSeconds: 600 replicas: 3 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: dockeroa-hub qcloud-app: dockeroa-hub strategy: rollingUpdate: maxSurge: 25 % maxUnavailable: 25 % type: RollingUpdate template: metadata: labels: k8s-app: dockeroa-hub qcloud-app: dockeroa-hub spec: containers: - image: docker.xxx.com:8080/public/2048:latest imagePullPolicy: Always name: game resources: limits: cpu: 500m memory: 1Gi requests: cpu: 250m memory: 256Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always nodeName: 192.168 .1 .1 schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30
查看pod状态
1 2 3 4 5 NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES docker-oa-757bbbddb5-h6j7m 1/1 Running 0 14m 192.168.2.51 192.168.1.1 <none> <none> docker-oa-757bbbddb5-jp5dw 1/1 Running 0 14m 192.168.1.32 192.168.1.2 <none> <none> docker-oa-757bbbddb5-nlw9f 1/1 Running 0 14m 192.168.0.43 192.168.1.3 <none> <none>
参考: