k8s创建registry镜像仓库和web管理工具

k8s创建registry镜像仓库和web管理工具

####################################################
####################################################所有节点执行

###所有节点执行
##每一个节点安装GlusterFS
yum install -y centos-release-gluster
yum install glusterfs-server -y
 
#配置 GlusterFS 集群：
#启动 glusterFS 

systemctl restart glusterd.service
systemctl enable glusterd.service


#创建数据存储目录：
mkdir -p /gfs1

####在 swarm-manager 节点上配置，将 节点 加入到 集群中。
##gluster peer probe hostname  
####################################################
####################################################只在主节点
gluster peer probe node224
gluster peer probe node225


###查看集群状态：
gluster peer status



###所有节点执行
##创建GlusterFS磁盘： 复制模式

gluster volume create gv1 replica 3 transport tcp node223:/gfs1 node224:/gfs1 node225:/gfs1 force

#启动 gv1
gluster volume start gv1

###再查看 volume 状态：
gluster volume info gv1

####################################################
####################################################客户端挂载volume  所有节点执行
yum install -y centos-release-gluster
yum install -y glusterfs glusterfs-fuse

mkdir -p /gv1
mount -t glusterfs localhost:gv1 /gv1
echo 'localhost:/gv1 /gv1 glusterfs _netdev,rw,acl 0 0' >>/etc/fstab


####################################################
####################################################
mkdir -p /gv1/registry/{certs,registry}

yum install -y expect openssl 

####创建证书
expect -c  '
spawn  openssl req -newkey rsa:4096 -nodes -sha256 -keyout /gv1/registry/certs/domain.key -x509 -days 3650 -out /gv1/registry/certs/domain.crt
expect {
    "Country Name " { send "cn\r"; exp_continue}
    "State or Province Name" { send "sc\r" ; exp_continue}
    "Locality Name " { send "cd\r"; exp_continue}
    "Default Company Ltd" { send "k8s\r"; exp_continue}
    "Organizational Unit Name" { send "sys\r"; exp_continue}
    "Common Name " { send "k.xxxx.com\r" ; exp_continue}
    "Email Address " { send "\r" ; exp_continue}
    eof { exit }
}'

####################################################
####################################################
echo '
version: 0.1
log:
  fields:
    service: registry
storage:
  delete:
    enabled: true
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
' >/gv1/registry/config.yml

###################################################

mkdir -p /gv1/registry/registry-web

cat >/gv1/registry/registry-web/config.yml <<EOF
registry:
  # Docker registry url
  url: https://192.168.3.207:30050/v2
  # Docker registry fqdn
  name: k.xxxx.com:30050
  # To allow image delete, should be false
  readonly: false
  auth:
    # Disable authentication
    enabled: false
EOF

###################################################


cat >registry.yaml <<EOF
apiVersion: v1
kind: ReplicationController
metadata:
  name: registry-rc
  namespace: kube-system
spec:
  replicas: 2
  selector:
    app: registry-rc 
  template:
    metadata:
      labels:
        app: registry-rc 
    spec:
      nodeSelector:
        node-role.kubernetes.io/master: "" 
      containers:
        - name: registry
          image: registry:2
          ports:
            - containerPort: 5000
          env:
            - name: REGISTRY_HTTP_TLS_CERTIFICATE
              value: "/certs/domain.crt"
            - name: REGISTRY_HTTP_TLS_KEY
              value: "/certs/domain.key"
          volumeMounts:
            - name: registry
              mountPath: /var/lib/registry              
            - name: certs
              mountPath: /certs
            - name: conf
              mountPath: /etc/docker/registry/config.yml                 
        - name: registry-web
          image: hyper/docker-registry-web
          ports:
            - containerPort: 8080
          env:
            - name: REGISTRY_TRUST_ANY_SSL
              value: "true"
            - name: REGISTRY_URL
              value: "https://192.168.3.207:30050/v2"
            - name: REGISTRY_NAME
              value: "k.xxxx.com:30050" 
          volumeMounts:
            - name: webconf
              mountPath: /conf/config.yml   
      volumes: 
        - name: webconf
          hostPath:
            path: /gv1/registry/registry-web/config.yml  
        - name: registry
          hostPath:
            path: /gv1/registry/registry
        - name: certs
          hostPath:
            path: /gv1/registry/certs
        - name: conf
          hostPath:
            path: /gv1/registry/config.yml
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
            
---
apiVersion: v1
kind: Service
metadata:
  name: registry-svc
  namespace: kube-system
spec:
  selector:
    app: registry-rc
  type: NodePort
  ports:
    - name: registry
      protocol: TCP
      port: 5000
      targetPort: 5000
      nodePort: 30050
    - name: registry-web
      protocol: TCP
      port: 8080
      targetPort: 8080
      nodePort: 30180
 
EOF

kubectl apply -f registry.yaml 

kubectl get pod,svc,rc -n kube-system -o wide |grep registry

#kubectl delete -f registry.yaml 



curl --cacert /gv1/registry/certs/domain.crt  https://k.xxxx.com:30050/v2/_catalog


######################################################
#########################################web管理工具访问地址:http://k.xxxx.com:30180   仓库的地址为：k.xxxx.com:30050