简单易懂的Kubernetes(K8S)之Pod资源管理与harbor创建
2024-05-13 19:42:50
文章目录
- 一、Pod资源管理
- 特点:
- Pod容器分类:
- 1:infrastructure container 基础容器
- 2:initcontainers 初始化容器
- 3:container 业务容器
- 镜像拉取策略(image PullPolicy)
- 二、 部署harbor创建私有项目
- 1、首先需要安装docker引擎
- 2、新建harbor私有项目
- 3、node节点配置连接私有仓库(注意后面的逗号要添加)
- 4、登录harbor私有仓库
- 5、下载Tomcat镜像进行推送
- 6、node2也需要登录harbor
- 7、在master01上创建凭据资源
- 8、创建secret资源
- 9、查看secret资源
- 10、创建资源从harbor中下载镜像
- 11、私有仓库中的镜像被下载了2次
一、Pod资源管理
特点:
最小部署单元
一组容器的集合
一个Pod中的容器共享网络命名空间
Pod是短暂的
Pod容器分类:
1:infrastructure container 基础容器
//维护整个Pod网络空间
//node节点操作
//查看容器的网络
[root@node1 ~]# cat /opt/kubernetes/cfg/kubeletKUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=192.168.200.40 \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--config=/opt/kubernetes/cfg/kubelet.config \
--cert-dir=/opt/kubernetes/ssl \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"//每次创建Pod时候就会创建,与Pod对应的,对于用户是透明的
[root@node1 ~]# docker ps -a
bf3a30ca89ca registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 "/pause" 45 hours ago Up 45 hours k8s_POD_nginx-deployment-d55b94fd-gc2xv_default_14a6635c-9e86-11eb-8f82-000c29c8b18e_0
2:initcontainers 初始化容器
//先于业务容器开始执行,原先Pod中容器是并行开启,现在进行了改进
3:container 业务容器
//并行启动
官方网站
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
示例:
镜像拉取策略(image PullPolicy)
IfNotPresent:默认值,镜像在宿主机上不存在时才拉取
Always:每次创建Pod都会重新拉取一次镜像
Never:Pod永远不会主动拉取这个镜像
https://kubernetes.io/docs/concepts/containers/images
示例:
//master01操作
[root@master1 ~]# kubectl edit deployment/nginx-deployment# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: extensions/v1beta1
kind: Deployment
metadata:annotations:deployment.kubernetes.io/revision: "1"creationTimestamp: 2021-04-16T07:33:47Zgeneration: 1labels:app: nginxname: nginx-deploymentnamespace: defaultresourceVersion: "118322"selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/nginx-deploymentuid: 14a14cdb-9e86-11eb-98d8-000c295d78bd
"/tmp/kubectl-edit-xuilj.yaml" 70L, 1960C[root@master1 ~]# cd demo/
[root@master1 demo]# ls
my-deployment.yaml nginx-service.yaml nginx-deployment.yaml[root@master1 demo]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:name: mypod
spec:containers:- name: nginximage: nginximagePullPolicy: Alwayscommand: [ "echo", "SUCCESS" ][root@master1 demo]# kubectl create -f pod1.yaml
pod/mypod created[root@master1 demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 0/1 Completed 0 16s[root@master1 demo]# kubectl describe pod mypod
Name: mypod
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: 192.168.200.60/192.168.200.60
Start Time: Sun, 18 Apr 2021 12:35:17 +0800
Labels: <none>
Annotations: <none>
Status: Running
IP: 172.17.86.4
Containers:nginx:Container ID: docker://0a293e5411624d3ac13ac53749787d518ecf104f8073075905dd7c12042c59ceImage: nginxImage ID: docker-pullable://nginx@sha256:75a55d33ecc73c2a242450a9f1cc858499d468f077ea942867e662c247b5e412Port: <none>Host Port: <none>Command:echoSUCCESSState: WaitingReason: CrashLoopBackOffLast State: TerminatedReason: CompletedExit Code: 0Started: Sun, 18 Apr 2021 12:36:48 +0800Finished: Sun, 18 Apr 2021 12:36:48 +0800Ready: FalseRestart Count: 3Environment: <none>Mounts:/var/run/secrets/kubernetes.io/serviceaccount from default-token-697gb (ro)
Conditions:Type StatusInitialized True Ready False ContainersReady False PodScheduled True
Volumes:default-token-697gb:Type: Secret (a volume populated by a Secret)SecretName: default-token-697gbOptional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300snode.kubernetes.io/unreachable:NoExecute for 300s
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Scheduled 112s default-scheduler Successfully assigned default/mypod to 192.168.200.60Normal Pulling 40s (x4 over 112s) kubelet, 192.168.200.60 pulling image "nginx"Normal Pulled 24s (x4 over 111s) kubelet, 192.168.200.60 Successfully pulled image "nginx"Normal Created 24s (x4 over 111s) kubelet, 192.168.200.60 Created containerNormal Started 24s (x4 over 111s) kubelet, 192.168.200.60 Started containerWarning BackOff 12s (x6 over 94s) kubelet, 192.168.200.60 Back-off restarting failed container[root@master1 demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 0/1 CrashLoopBackOff 5 4m14s
nginx-deployment-d55b94fd-gc2xv 1/1 Running 0 45h
nginx-deployment-d55b94fd-wt5g7 1/1 Running 1 45h
nginx-deployment-d55b94fd-xwxsr 1/1 Running 0 45h
//失败的状态的原因是因为命令启动冲突
删除 command: [ “echo”, “SUCCESS” ]
//同时更改一下版本
image: nginx:1.14
//删除原有的资源
[root@master1 demo]# kubectl delete -f pod1.yaml
pod "mypod" deleted
[root@master1 demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-deployment-d55b94fd-gc2xv 1/1 Running 0 45h
nginx-deployment-d55b94fd-wt5g7 1/1 Running 1 45h
nginx-deployment-d55b94fd-xwxsr 1/1 Running 0 45h//更新资源
[root@master1 demo]# vim pod1.yaml
apiVersion: v1
kind: Pod
metadata:name: mypod
spec:containers:- name: nginximage: nginx:1.14imagePullPolicy: Always[root@master1 demo]# kubectl apply -f pod1.yaml
pod/mypod created[root@master1 demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod 1/1 Running 0 18s
nginx-deployment-d55b94fd-gc2xv 1/1 Running 0 45h
nginx-deployment-d55b94fd-wt5g7 1/1 Running 1 45h
nginx-deployment-d55b94fd-xwxsr 1/1 Running 0 45h
//查看分配节点
[root@master1 demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
mypod 1/1 Running 0 2m29s 172.17.86.4 192.168.200.60 <none>
nginx-deployment-d55b94fd-gc2xv 1/1 Running 0 45h 172.17.63.3 192.168.200.40 <none>
nginx-deployment-d55b94fd-wt5g7 1/1 Running 1 45h 172.17.86.3 192.168.200.60 <none>
nginx-deployment-d55b94fd-xwxsr 1/1 Running 0 45h 172.17.63.2 192.168.200.40 <none>
//在任意node节点使用curl 查看头部信息
//node节点操作
[root@node2 ~]# curl 172.17.86.4
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>body {width: 35em;margin: 0 auto;font-family: Tahoma, Verdana, Arial, sans-serif;}
......
二、 部署harbor创建私有项目
1、首先需要安装docker引擎
yum -y install yum-utils device-mapper-persistent-data lvm2yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repoyum makecache fast
yum -y install docker-ce docker-ce-cli containerd.io systemctl start docker
systemctl enable dockertee /etc/docker/daemon.json <<-'EOF'
{"registry-mirrors": ["https://p3pqujwc.mirror.aliyuncs.com"]
}
EOFsystemctl daemon-reload
systemctl restart dockerecho 'net.ipv4.ip_forward=1' >> /etc/sysctl.confsysctl -pservice network restart
systemctl restart docker
//安装docker-compose并检查版本判断是否安装成功
[root@harbor ~]# cd /usr/local/bin/
[root@harbor bin]# rz[root@harbor bin]# ls
docker-composechmod +x /usr/local/bin/docker-compose
docker-compose -v
//下载habor安装程序
wget http:// harbor.orientsoft.cn/harbor-1.2.2/harbor-offline-installer-v1.2.2.tgztar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
//配置harbor参数文件
vim /usr/local/harbor/harbor.cfghostname = 192.168.200.90 #第五行修改为主机IP
//启动harbor
sh /usr/local/harbor/install.sh
// 如果一切都正常,应该可以打开浏览器访问 http://192.168.200.90 的管理页面,默认 的管理员用户名和密码是 admin/Harbor12345。
2、新建harbor私有项目
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-lMfNe54S-1618725755665)
3、node节点配置连接私有仓库(注意后面的逗号要添加)
[root@node1 ~]# vim /etc/docker/daemon.json
{"registry-mirrors": ["https://p3pqujwc.mirror.aliyuncs.com"],"insecure-registries":["192.168.200.90"]
}[root@node1 ~]# systemctl restart docker.service
4、登录harbor私有仓库
[root@node1 ~]# docker login 192.168.200.90
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
5、下载Tomcat镜像进行推送
[root@node1 ~]# docker pull tomcat:8.0.52
//推送格式
docker tag SOURCE_IMAGE[:TAG] 192.168.195.80/project/IMAGE[:TAG]
//打标签
[root@node1 ~]# docker tag tomcat:8.0.52 192.168.200.90/myproject-gcc/tomcat:v1
//推送成功
[root@node1 ~]# docker push 192.168.200.90/myproject-gcc/tomcat:v1
6、node2也需要登录harbor
[root@node2 ~]# docker login 192.168.200.90
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
7、在master01上创建凭据资源
首先在node节点上查看凭证资源
[root@node1 ~]# cd .docker/
[root@node1 .docker]# ls
config.json[root@node1 .docker]# cat config.json | base64 -w 0
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIwMC45MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0KfQ==
然后在master01上创建凭证资源
[root@master1 demo]# vim registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:name: registry-pull-secret
data: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIwMC45MCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0KfQ==
type: kubernetes.io/dockerconfigjson8、创建secret资源
[root@master1 demo]# kubectl create -f registry-pull-secret.yaml
9、查看secret资源
[root@master1 demo]# kubectl get secret
NAME TYPE DATA AGE
default-token-697gb kubernetes.io/service-account-token 3 4d19h
registry-pull-secret kubernetes.io/dockerconfigjson 1 31s
10、创建资源从harbor中下载镜像
[root@master1 demo]# vim tomcat-deployment.yamlapiVersion: extensions/v1beta1
kind: Deployment
metadata:name: my-tomcat
spec:replicas: 2template:metadata:labels:app: my-tomcatspec:imagePullSecrets:- name: registry-pull-secretcontainers:- name: my-tomcatimage: 192.168.200.90/myproject-gcc/tomcat:v1ports:- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:name: my-tomcat
spec:type: NodePortports:- port: 8080targetPort: 8080nodePort: 31111selector:app: my-tomcat[root@master1 demo]# kubectl create -f tomcat-deployment.yaml
11、私有仓库中的镜像被下载了2次
[root@master1 demo]# kubectl get pods
NAME READY STATUS RESTARTS AGE
my-tomcat-5674fb9b47-7z9qn 1/1 Running 0 100s
my-tomcat-5674fb9b47-hxnjc 1/1 Running 0 100s
mypod 1/1 Running 1 59m
nginx-deployment-d55b94fd-gc2xv 1/1 Running 1 46h
nginx-deployment-d55b94fd-wt5g7 1/1 Running 2 46h
nginx-deployment-d55b94fd-xwxsr 1/1 Running 1 46h[root@master1 demo]# kubectl describe pod my-tomcat-5674fb9b47-7z9qn
Name: my-tomcat-5674fb9b47-7z9qn
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: 192.168.200.40/192.168.200.40
Start Time: Sun, 18 Apr 2021 13:41:12 +0800
Labels: app=my-tomcatpod-template-hash=5674fb9b47
Annotations: <none>
Status: Running
IP: 172.17.92.4
Controlled By: ReplicaSet/my-tomcat-5674fb9b47
Containers:my-tomcat:Container ID: docker://26488fbe8429cf6dda3e78fd2a87b66391fece4fa882c1ed67082add02524f21Image: 192.168.200.90/myproject-gcc/tomcat:v1Image ID: docker-pullable://192.168.200.90/myproject-gcc/tomcat@sha256:f3cfaf433cb95dafca20143ba99943249ab830d0aca484c89ffa36cf2a9fb4c9Port: 80/TCPHost Port: 0/TCPState: RunningStarted: Sun, 18 Apr 2021 13:41:14 +0800Ready: TrueRestart Count: 0Environment: <none>Mounts:/var/run/secrets/kubernetes.io/serviceaccount from default-token-697gb (ro)
Conditions:Type StatusInitialized True Ready True ContainersReady True PodScheduled True
Volumes:default-token-697gb:Type: Secret (a volume populated by a Secret)SecretName: default-token-697gbOptional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300snode.kubernetes.io/unreachable:NoExecute for 300s
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Scheduled 2m52s default-scheduler Successfully assigned default/my-tomcat-5674fb9b47-7z9qn to 192.168.200.40Normal Pulled 2m50s kubelet, 192.168.200.40 Container image "192.168.200.90/myproject-gcc/tomcat:v1" already present on machineNormal Created 2m50s kubelet, 192.168.200.40 Created containerNormal Started 2m50s kubelet, 192.168.200.40 Started container
简单易懂的Kubernetes(K8S)之Pod资源管理与harbor创建相关推荐
- k8s的pod资源管理与配置使用凭证的harbor仓库
文章目录 一: Pod 的基础概念 1.1 pod 是什么 1.2 pod 的两种使用(运行方式) 1.3 工作方式 1.4 pause 容器的功能 1.4.1 提供pid命名空间,作为pid等于1的 ...
- k8s之pod资源管理
k8s启动pod中,可以使用requests来设置各容器需要的最小资源 limits用于限制运行时容器占用的资源,用来限制容器的最大CPU.内存的使用率. 当容器申请内存超过limits时会被终止,并 ...
- Kubernetes K8S之Pod跨namespace名称空间访问Service服务
Kubernetes的两个Service(ServiceA.ServiceB)和对应的Pod(PodA.PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace ...
- kubernetes(k8s)使用声明式管理与 创建yaml模板文件
文章目录 一:声明式管理方法 1.1 什么是声明式管理 1.2 查看资源配置 1.2.1 查看资源配置清单 1.2 使用explain 解释资源配置清单 1.3 修改资源配置清单并应用 1.3.1 离 ...
- Pod资源管理(pod容器分类,k8s添加harbor私库,上传下载私库)
Pod资源管理 了解pod Pod容器分类: 1:infrastructure container 基础容器:维护整个Pod网络空间 2:initcontainers 初始化容器 3:containe ...
- K8s脱坑前的挣扎——Pod资源管理及部署Harbor创建私有项目
前言:Pod是kubernetes中最小的资源管理组件,Pod也是最小化运行容器化应用的资源对象.kubernetes中其他大多数组件都是围绕着Pod来进行支撑和扩展Pod功能的,例如,用于管理Pod ...
- Kubernetes学习总结(8)—— Kubernetes Pod 资源管理 和 Pod 服务质量
一.Pod 资源管理 1.1.resource 的定义 容器运行过程中需要分配所需的资源,如何与 cggroup 联动配合呢?答案是通过定义resource来实现资源的分配,资源的分配单位主要是 cp ...
- Ratel-Kubernetes Dashboard 一键式 Kubernetes多集群资源管理平台 k8s 管理平台
github开源项目:https://github.com/dotbalo/ratel-doc 1.介绍 Ratel是什么? Ratel是一个Kubernetes多集群资源管理平台,基于管理Kuber ...
- 微服务探索之路03篇-docker私有仓库Harbor搭建+Kubernetes(k8s)部署私有仓库的镜像
目录: 微服务探索之路01篇.net6.0项目本地win10系统docker到服务器liunx系统docker的贯通 微服务探索之路02篇liunx ubuntu服务器部署k8s(kubernetes ...
- k8s使用harbor创建POD
k8s使用harbor创建POD 1.环境准备 1.1安装harborv2.1.0 1.2安装k8sv1.2 1.3部署flannel-v0.10.0网络空间 1.4下载pod-infrastruct ...
最新文章
- CRM与SCM整合 让企业供应链无缝连接
- Python学习之序列
- python连接mongo_Python连接MongoDB操作
- 织梦channel标签currentstyle样式无效不起作用
- 减少生活中的不确定性
- tsql 正则_T-SQL中的SQL Server正则表达式
- POJ 2785 有多少种4个数相加等于0的方案(二分查找 or hash)
- IBM Copy Service--Flashcopy Introduction
- 【转】mybatis在xml文件中处理大于号小于号的方法
- (转)区块链上的股市:十年后传统股市还会存在吗?
- JavaFX及Java客户端技术的未来
- 一种排序NYOJ 8
- w ndows7运行命令,如何打开Win7命令提示符cmd.exe窗口
- js 实现表格合并单元格
- 玩转IE之自动切换代理服务器
- 高通Q888内核源码分析--概述篇
- 根据经纬度计算指定范围内或者附近的人(java)
- 家用 NAS 服务器搭建 | 前篇
- 故障诊断专家系统研究之四-----知识库结构
- addEventListener() 事件监听
热门文章
- 为什么计算机没有桌面显示不出来,我的电脑桌面不显示“我的电脑”了,请问怎么调出来?谢谢...
- 从零开始学PCR技术(四):常见问题
- JAVA_OPTS(JVM相关运行参数的变量)设置
- 计算机上u盘打不开,u盘打不开怎么办,插在电脑上有显示,但是打不开?
- Android异常 Eclipse编译应用时出现 com.android.dx.cf.iface.parseexception
- 计算机cpu后面字母代表什么意思,英特尔CPU型号中最后的字母什么意思?如有不懂欢迎驻足停留...
- 计算机语言学方面的期刊.,自然语言处理投稿哪些sci期刊
- javascript百度地图使用(根据地名定位、根据经纬度定位)
- Linux查询本机的内网IP和外网IP
- Latex学习笔记(十五)特殊符号的插入