k8s中使用harbor

参考地址：https://www.cnblogs.com/wayneiscoming/p/7716238.html


1、在harbor的ui界面上注册一个账号

姓名：zihao

全名：zhuzihao

密码：Zihao@5tgb

邮箱：15613691030@163.com


2、在需要下载镜像的机器上，同样需要修改docker进程参数（跟上传镜像到私有仓库一样操作进行修改）
   在node节点配置：
[root@reg harbor]# vi /etc/docker/daemon.json
{ "registry-mirrors": ["https://wb2g6zxl.mirror.aliyuncs.com"],"insecure-registries": ["192.168.43.65:5000"]}

[root@reg harbor]# systemctl restart docker

3、在node节点验证登录harbor主机

[root@lab2 ~]# docker login 192.168.43.65:5000
Username (zihao): zihao
Password: 
Login Succeeded
[root@lab2 ~]# docker logout
Not logged in to https://index.docker.io/v1/


4、配置私有仓库harbor的secret

   在harbor这台上先登录，输入docker login登陆成功后，会在 /root/.docker/ 目标下生成一个 config.json 文件

[root@reg harbor]# docker login 192.168.43.65:5000
Username (admin): admin
Password: 
Login Succeeded
[root@reg harbor]# ls /root/.docker/
config.json
[root@reg harbor]# cat /root/.docker/config.json 
{
    "auths": {
        "192.168.43.65:5000": {
            "auth": "YWRtaW46SGFyYm9yMTIzNDU="
        },
        "wb2g6zxl.mirror.aliyuncs.com": {
            "auth": "YWRtaW46SGFyYm9yMTIzNDU="
        }
    }
}


创建secret

准备：

kubectl create secret docker-registry registry-secret --namespace=default \
--docker-server=192.168.43.65:5000 --docker-username=zihao \
--docker-password=Zihao@5tgb --docker-email=15613691030@163.com

创建：

[root@lab2 nginx-harbor]# kubectl create secret docker-registry registry-secret --namespace=default \
> --docker-server=192.168.43.65:5000 --docker-username=zihao \
> --docker-password=Zihao@5tgb --docker-email=15613691030@163.com


查看secret

[root@lab2 nginx-harbor]# kubectl get secret
NAME                  TYPE                                  DATA      AGE
default-token-czfbg   kubernetes.io/service-account-token   3         21d
registry-secret       kubernetes.io/dockerconfigjson        1         1h

删除secret

[root@lab2 nginx-harbor]# kubectl delete secret registry-secret
secret "registry-secret" deleted




5、在k8s的node节点中使用yaml拉取镜像


注意: image不要写成  http://   这样无法拉取镜像

下面两句不写也可以

imagePullSecrets:
       - name: registry-secret



spec:
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
      - name: http-test-con
        image: 192.168.43.65:5000/library/nginx/latest:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 80
      imagePullSecrets:
       - name: registry-secret


测试：

[root@lab2 nginx-harbor]# vi http-test.yaml 
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: http-test-dm2
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: http-test-dm2
    spec:
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
      - name: http-test-con
        image: 192.168.43.65:5000/library/nginx/latest:latest
        imagePullPolicy: Always      
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: http-nginx-ser
spec:
  type: NodePort
  ports: 
  - port: 80
    nodePort: 30000
    targetPort: 80
  selector:
    name: http-test-dm2
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: grafana
spec:
  rules:
  - host: www.nginx2.com      
    http:
      paths:
      - path: /
        backend:
          serviceName: http-nginx-ser
          servicePort: 80



[root@lab2 nginx-harbor]# kubectl create -f http-test.yaml
[root@lab2 nginx-harbor]# kubectl get po
NAME                                   READY     STATUS    RESTARTS   AGE
http-test-dm2-7f9c4fd896-jkkrx         1/1       Running   0          8m