K8S 拉取私有仓库镜像

news/2024/11/30 13:06:08/文章来源:https://www.cnblogs.com/chenby/p/18578303

K8S 拉取私有仓库镜像

在使用Kubernetes（k8s）从私有仓库拉取镜像时，会出现无法拉去镜像的情况，私有仓库需要认证才能访问，如果Kubernetes无法通过认证，就会导致拉取失败，这时我们就需要手动创建私有仓库的登录信息。

省流版

# 创建 secret 
# 【harbor-docker】 自定义名称
# 【--namespace】 和应用在同一个命名空间下
# 【--docker-server】 仓库的地址
# 【--docker-username】 仓库的用户名
# 【--docker-password】 仓库的密码[root@k8s-master01 ~]# kubectl create secret docker-registry harbor-docker --namespace=default --docker-server=z.oiox.cn:18082 --docker-username=admin --docker-password=123123
secret/harbor-docker created
[root@k8s-master01 ~]# # 增加 imagePullSecrets 配置项
----略spec:containers:- image: z.oiox.cn:18082/cby/cby:v1imagePullPolicy: IfNotPresentimagePullSecrets:- name: harbor-docker
----略

完整测试详细的过程

构建私有仓库镜像

# 编写 Dockerfile
cat > Dockerfile <<EOF
FROM nginx
RUN echo '这是一个私有仓库的镜像' > /usr/share/nginx/html/index.html
EOF# 构建镜像
docker build -t z.oiox.cn:18082/cby/cby:v1 .# 登录镜像仓库
docker login  z.oiox.cn:18082# 推送镜像到私有仓库
docker push z.oiox.cn:18082/cby/cby:v1

使用docker测试

# 未登录进行拉去镜像
[root@ik-cby ~]# docker pull z.oiox.cn:18082/cby/cby:v1
Error response from daemon: unauthorized: unauthorized to access repository: cby/cby, action: pull: unauthorized to access repository: cby/cby, action: pull
[root@ik-cby ~]# # 登录镜像仓库
[root@ik-cby ~]# docker login  z.oiox.cn:18082
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-storesLogin Succeeded
[root@ik-cby ~]# # 登录之后进行拉去测试
[root@ik-cby ~]# docker pull z.oiox.cn:18082/cby/cby:v1
v1: Pulling from cby/cby
2d429b9e73a6: Pull complete 
20c8b3871098: Pull complete 
06da587a7970: Pull complete 
f7895e95e2d4: Pull complete 
7b25f3e99685: Pull complete 
dffc1412b7c8: Pull complete 
d550bb6d1800: Pull complete 
dad691375a56: Pull complete 
Digest: sha256:0deca38aaf759b58687737a2aa65840958af31d3ec8b41b68225ac2e91852876
Status: Downloaded newer image for z.oiox.cn:18082/cby/cby:v1
z.oiox.cn:18082/cby/cby:v1
[root@ik-cby ~]# # 删除本地镜像
[root@ik-cby ~]# docker rmi z.oiox.cn:18082/cby/cby:v1
Untagged: z.oiox.cn:18082/cby/cby:v1
Untagged: z.oiox.cn:18082/cby/cby@sha256:0deca38aaf759b58687737a2aa65840958af31d3ec8b41b68225ac2e91852876
Deleted: sha256:8a398a3beb2e124c2e101af093691210c346d3d574e00195da5cefcb2ca3822b
Deleted: sha256:bd8801f29c0017595dae888d0bf92d8a9e828ae9a0fe7be8c4f46a383a65b982
Deleted: sha256:05f1422637e6596cdaff4a3ea77eea2d06652e9a36a6e85e4c88f4a6783db6cd
Deleted: sha256:aefc0beb891c07f82a5bec1301e3a1bfe8e08f27118313d167a606c2d768285b
Deleted: sha256:8006a840595ef554203de033c3b0291cfcc5ee9f194e8cc52b659f1b564d8efa
Deleted: sha256:15338037da38cef194cbdc29a4a6257ff2d41bd868891edee66714f828f48bd3
Deleted: sha256:13271298fdeb33a352a69704aa4b798b06501d6dd0e5ad4529075b4edbdb7e8f
Deleted: sha256:20e7b0616008dbafb4b049243f1c514a4df65536b02c19fbbb75a5c9f70784e4
Deleted: sha256:c3548211b8264f8bfa47a6727043a64f1791b82ac965a284a7ea187e971a95e2
[root@ik-cby ~]# # 退出镜像仓库
[root@ik-cby ~]# docker logout  z.oiox.cn:18082
Removing login credentials for z.oiox.cn:18082
[root@ik-cby ~]# # 退出之后进行拉去测试
[root@ik-cby ~]# docker pull z.oiox.cn:18082/cby/cby:v1
Error response from daemon: unauthorized: unauthorized to access repository: cby/cby, action: pull: unauthorized to access repository: cby/cby, action: pull
[root@ik-cby ~]#

使用kubernetes进行拉去私有镜像

# 编写基础的测试样例
cat > cby.yaml <<EOF
apiVersion: v1
kind: Service
metadata:name: nginxlabels:app: nginx
spec:type: NodePortselector:app: nginxports:- port: 80targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:name: web
spec:replicas: 1selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- name: nginximage: z.oiox.cn:18082/cby/cby:v1ports:- containerPort: 80name: web
EOF

测试部署

# 执行部署应用
[root@k8s-master01 ~]# kubectl apply -f cby.yaml 
service/nginx created
deployment.apps/web created
[root@k8s-master01 ~]# # 查看pod已经报错拉去不到镜像
[root@k8s-master01 ~]# kubectl get pod 
NAME                            READY   STATUS         RESTARTS        AGE
busybox                         1/1     Running        311 (21m ago)   13d
hello-server-588d6f5cd6-24ttg   1/1     Running        3 (9d ago)      63d
hello-server-588d6f5cd6-kxv45   1/1     Running        4 (9d ago)      63d
nginx-demo-cccbdc67f-6nkgd      1/1     Running        3 (9d ago)      63d
nginx-demo-cccbdc67f-h9p8d      1/1     Running        3 (9d ago)      63d
web-0                           1/1     Running        1 (9d ago)      13d
web-1                           1/1     Running        1 (9d ago)      13d
web-586946798b-n6dpg            0/1     ErrImagePull   0               7s
[root@k8s-master01 ~]# # 查看svc信息
[root@k8s-master01 ~]# kubectl get svc
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
hello-server   ClusterIP   10.103.104.242   <none>        8000/TCP       63d
kubernetes     ClusterIP   10.96.0.1        <none>        443/TCP        68d
nginx          NodePort    10.111.106.93    <none>        80:30565/TCP   12s
nginx-demo     ClusterIP   10.107.132.57    <none>        8000/TCP       63d
[root@k8s-master01 ~]# 
[root@k8s-master01 ~]#

查看POD的详细信息

[root@k8s-master01 ~]# kubectl describe pod web-586946798b-n6dpg 
Name:             web-586946798b-n6dpg
Namespace:        default
Priority:         0
Service Account:  default
Node:             k8s-node01/192.168.1.34
Start Time:       Sat, 30 Nov 2024 12:26:52 +0800
Labels:           app=nginxpod-template-hash=586946798b
Annotations:      <none>
Status:           Pending
IP:               10.0.3.104
IPs:IP:           10.0.3.104
Controlled By:  ReplicaSet/web-586946798b
Containers:nginx:Container ID:   Image:          z.oiox.cn:18082/cby/cby:v1Image ID:     Port:           80/TCPHost Port:      0/TCPState:          WaitingReason:       ErrImagePullReady:          FalseRestart Count:  0Environment:    <none>Mounts:/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-p7x5k (ro)
Conditions:Type                        StatusPodReadyToStartContainers   True Initialized                 True Ready                       False ContainersReady             False PodScheduled                True 
Volumes:kube-api-access-p7x5k:Type:                    Projected (a volume that contains injected data from multiple sources)TokenExpirationSeconds:  3607ConfigMapName:           kube-root-ca.crtConfigMapOptional:       <nil>DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300snode.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:Type     Reason     Age                From               Message----     ------     ----               ----               -------Normal   Scheduled  51s                default-scheduler  Successfully assigned default/web-586946798b-n6dpg to k8s-node01Normal   Pulling    12s (x3 over 50s)  kubelet            Pulling image "z.oiox.cn:18082/cby/cby:v1"Warning  Failed     12s (x3 over 50s)  kubelet            Failed to pull image "z.oiox.cn:18082/cby/cby:v1": Error response from daemon: unauthorized: unauthorized to access repository: cby/cby, action: pull: unauthorized to access repository: cby/cby, action: pullWarning  Failed     12s (x3 over 50s)  kubelet            Error: ErrImagePullNormal   BackOff    1s (x3 over 50s)   kubelet            Back-off pulling image "z.oiox.cn:18082/cby/cby:v1"Warning  Failed     1s (x3 over 50s)   kubelet            Error: ImagePullBackOff
[root@k8s-master01 ~]#

给集群配置密码信息

# 创建 secret 
# 【harbor-docker】 自定义名称
# 【--namespace】 和应用在同一个命名空间下
# 【--docker-server】 仓库的地址
# 【--docker-username】 仓库的用户名
# 【--docker-password】 仓库的密码[root@k8s-master01 ~]# kubectl create secret docker-registry harbor-docker --namespace=default --docker-server=z.oiox.cn:18082 --docker-username=admin --docker-password=123123
secret/harbor-docker created
[root@k8s-master01 ~]# # 查看 secret 详细信息
[root@k8s-master01 ~]# kubectl get secret
NAME            TYPE                             DATA   AGE
harbor-docker   kubernetes.io/dockerconfigjson   1      7s
[root@k8s-master01 ~]# # 使用yaml的格式显示
[root@k8s-master01 ~]# kubectl describe secret harbor-docker 
Name:         harbor-docker
Namespace:    default
Labels:       <none>
Annotations:  <none>Type:  kubernetes.io/dockerconfigjsonData
====
.dockerconfigjson:  102 bytes
[root@k8s-master01 ~]#[root@k8s-master01 ~]# kubectl get secret harbor-docker -o yaml
apiVersion: v1
data:.dockerconfigjson: eyJhdXRocyI6eyJ6Lm9pb3guY246MTgwODIiOnsidXNlcm5hbWUiOiJhZG1pbiIsInBhc3N3b3JkIjoiQ2J5MTIzLi4iLCJhdXRoIjoiWVdSdGFXNDZRMko1TVRJekxpND0ifX19
kind: Secret
metadata:creationTimestamp: "2024-11-30T04:33:22Z"name: harbor-dockernamespace: defaultresourceVersion: "5235056"uid: 03adf25f-3c1d-4942-bd1f-bb3c24b84608
type: kubernetes.io/dockerconfigjson
[root@k8s-master01 ~]#

更新服务yaml文件，添加引用创建的秘钥

# 查看依旧未成功拉去镜像
[root@k8s-master01 ~]# kubectl get pod 
NAME                            READY   STATUS             RESTARTS        AGE
busybox                         1/1     Running            311 (32m ago)   13d
hello-server-588d6f5cd6-24ttg   1/1     Running            3 (9d ago)      63d
hello-server-588d6f5cd6-kxv45   1/1     Running            4 (9d ago)      63d
nginx-demo-cccbdc67f-6nkgd      1/1     Running            3 (9d ago)      63d
nginx-demo-cccbdc67f-h9p8d      1/1     Running            3 (9d ago)      63d
web-0                           1/1     Running            1 (9d ago)      13d
web-1                           1/1     Running            1 (9d ago)      13d
web-586946798b-n6dpg            0/1     ImagePullBackOff   0               10m
[root@k8s-master01 ~]# # 增加 imagePullSecrets 配置项
----略spec:containers:- image: z.oiox.cn:18082/cby/cby:v1imagePullPolicy: IfNotPresentimagePullSecrets:- name: harbor-docker
----略# 修改编辑 deployments 
[root@k8s-master01 ~]# kubectl edit deployments.apps web 
deployment.apps/web edited
[root@k8s-master01 ~]# # 查看完整的配置
[root@k8s-master01 ~]# kubectl get deployments.apps web -o yaml
apiVersion: apps/v1
kind: Deployment
metadata:annotations:deployment.kubernetes.io/revision: "2"kubectl.kubernetes.io/last-applied-configuration: |{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"name":"web","namespace":"default"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"nginx"}},"template":{"metadata":{"labels":{"app":"nginx"}},"spec":{"containers":[{"image":"z.oiox.cn:18082/cby/cby:v1","name":"nginx","ports":[{"containerPort":80,"name":"web"}]}]}}}}creationTimestamp: "2024-11-30T04:26:52Z"generation: 2name: webnamespace: defaultresourceVersion: "5236110"uid: c6225e80-5526-4dd9-8642-358bf186a79e
spec:progressDeadlineSeconds: 600replicas: 1revisionHistoryLimit: 10selector:matchLabels:app: nginxstrategy:rollingUpdate:maxSurge: 25%maxUnavailable: 25%type: RollingUpdatetemplate:metadata:creationTimestamp: nulllabels:app: nginxspec:containers:- image: z.oiox.cn:18082/cby/cby:v1imagePullPolicy: IfNotPresentname: nginxports:- containerPort: 80name: webprotocol: TCPresources: {}terminationMessagePath: /dev/termination-logterminationMessagePolicy: FilednsPolicy: ClusterFirstimagePullSecrets:- name: harbor-dockerrestartPolicy: AlwaysschedulerName: default-schedulersecurityContext: {}terminationGracePeriodSeconds: 30
status:availableReplicas: 1conditions:- lastTransitionTime: "2024-11-30T04:38:40Z"lastUpdateTime: "2024-11-30T04:38:40Z"message: Deployment has minimum availability.reason: MinimumReplicasAvailablestatus: "True"type: Available- lastTransitionTime: "2024-11-30T04:38:36Z"lastUpdateTime: "2024-11-30T04:38:40Z"message: ReplicaSet "web-5bcf459779" has successfully progressed.reason: NewReplicaSetAvailablestatus: "True"type: ProgressingobservedGeneration: 2readyReplicas: 1replicas: 1updatedReplicas: 1
[root@k8s-master01 ~]#

查看是否已成功启动容器

[root@k8s-master01 ~]# kubectl get pod 
NAME                            READY   STATUS    RESTARTS        AGE
busybox                         1/1     Running   311 (33m ago)   13d
hello-server-588d6f5cd6-24ttg   1/1     Running   3 (9d ago)      63d
hello-server-588d6f5cd6-kxv45   1/1     Running   4 (9d ago)      63d
nginx-demo-cccbdc67f-6nkgd      1/1     Running   3 (9d ago)      63d
nginx-demo-cccbdc67f-h9p8d      1/1     Running   3 (9d ago)      63d
web-0                           1/1     Running   1 (9d ago)      13d
web-1                           1/1     Running   1 (9d ago)      13d
web-5bcf459779-pdbgm            1/1     Running   0               16s
[root@k8s-master01 ~]#

查看详细信息

[root@k8s-master01 ~]# kubectl describe po web-5bcf459779-pdbgm 
Name:             web-5bcf459779-pdbgm
Namespace:        default
Priority:         0
Service Account:  default
Node:             k8s-node02/192.168.1.35
Start Time:       Sat, 30 Nov 2024 12:38:36 +0800
Labels:           app=nginxpod-template-hash=5bcf459779
Annotations:      <none>
Status:           Running
IP:               10.0.0.14
IPs:IP:           10.0.0.14
Controlled By:  ReplicaSet/web-5bcf459779
Containers:nginx:Container ID:   docker://fc107b489899b85f388db93eb4003e887df0107f13937471364f442fcf8a35d9Image:          z.oiox.cn:18082/cby/cby:v1Image ID:       docker-pullable://z.oiox.cn:18082/cby/cby@sha256:0deca38aaf759b58687737a2aa65840958af31d3ec8b41b68225ac2e91852876Port:           80/TCPHost Port:      0/TCPState:          RunningStarted:      Sat, 30 Nov 2024 12:38:39 +0800Ready:          TrueRestart Count:  0Environment:    <none>Mounts:/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-46c5x (ro)
Conditions:Type                        StatusPodReadyToStartContainers   True Initialized                 True Ready                       True ContainersReady             True PodScheduled                True 
Volumes:kube-api-access-46c5x:Type:                    Projected (a volume that contains injected data from multiple sources)TokenExpirationSeconds:  3607ConfigMapName:           kube-root-ca.crtConfigMapOptional:       <nil>DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300snode.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:Type    Reason     Age   From               Message----    ------     ----  ----               -------Normal  Scheduled  33s   default-scheduler  Successfully assigned default/web-5bcf459779-pdbgm to k8s-node02Normal  Pulling    32s   kubelet            Pulling image "z.oiox.cn:18082/cby/cby:v1"Normal  Pulled     31s   kubelet            Successfully pulled image "z.oiox.cn:18082/cby/cby:v1" in 1.538s (1.538s including waiting). Image size: 191717134 bytes.Normal  Created    30s   kubelet            Created container nginxNormal  Started    30s   kubelet            Started container nginx
[root@k8s-master01 ~]#

测试访问

[root@k8s-master01 ~]# kubectl get svc
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
hello-server   ClusterIP   10.103.104.242   <none>        8000/TCP       63d
kubernetes     ClusterIP   10.96.0.1        <none>        443/TCP        68d
nginx          NodePort    10.111.106.93    <none>        80:30565/TCP   17m
nginx-demo     ClusterIP   10.107.132.57    <none>        8000/TCP       63d
[root@k8s-master01 ~]# # 看到访问正常，已经可以访问刚才构建好的镜像
[root@k8s-master01 ~]# curl 10.111.106.93
这是一个私有仓库的镜像
[root@k8s-master01 ~]# 
[root@k8s-master01 ~]# 
[root@k8s-master01 ~]# curl 192.168.1.31:30565
这是一个私有仓库的镜像
[root@k8s-master01 ~]# 
[root@k8s-master01 ~]#

关于

https://www.oiox.cn/

https://www.oiox.cn/index.php/start-page.html

CSDN、GitHub、51CTO、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客

全网可搜《小陈运维》

文章主要发布于微信公众号