k8s创建registry镜像仓库和web管理工具
#################################################### ####################################################所有节点执行 ###所有节点执行 ##每一个节点安装GlusterFS yum install -y centos-release-gluster yum install glusterfs-server -y #配置 GlusterFS 集群: #启动 glusterFS systemctl restart glusterd.service systemctl enable glusterd.service #创建数据存储目录: mkdir -p /gfs1 ####在 swarm-manager 节点上配置,将 节点 加入到 集群中。 ##gluster peer probe hostname #################################################### ####################################################只在主节点 gluster peer probe node224 gluster peer probe node225 ###查看集群状态: gluster peer status ###所有节点执行 ##创建GlusterFS磁盘: 复制模式 gluster volume create gv1 replica 3 transport tcp node223:/gfs1 node224:/gfs1 node225:/gfs1 force #启动 gv1 gluster volume start gv1 ###再查看 volume 状态: gluster volume info gv1 #################################################### ####################################################客户端挂载volume 所有节点执行 yum install -y centos-release-gluster yum install -y glusterfs glusterfs-fuse mkdir -p /gv1 mount -t glusterfs localhost:gv1 /gv1 echo 'localhost:/gv1 /gv1 glusterfs _netdev,rw,acl 0 0' >>/etc/fstab #################################################### #################################################### mkdir -p /gv1/registry/{certs,registry} yum install -y expect openssl ####创建证书 expect -c ' spawn openssl req -newkey rsa:4096 -nodes -sha256 -keyout /gv1/registry/certs/domain.key -x509 -days 3650 -out /gv1/registry/certs/domain.crt expect { "Country Name " { send "cn\r"; exp_continue} "State or Province Name" { send "sc\r" ; exp_continue} "Locality Name " { send "cd\r"; exp_continue} "Default Company Ltd" { send "k8s\r"; exp_continue} "Organizational Unit Name" { send "sys\r"; exp_continue} "Common Name " { send "k.xxxx.com\r" ; exp_continue} "Email Address " { send "\r" ; exp_continue} eof { exit } }' #################################################### #################################################### echo ' version: 0.1 log: fields: service: registry storage: delete: enabled: true cache: blobdescriptor: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000 headers: X-Content-Type-Options: [nosniff] health: storagedriver: enabled: true interval: 10s threshold: 3 ' >/gv1/registry/config.yml ################################################### mkdir -p /gv1/registry/registry-web cat >/gv1/registry/registry-web/config.yml <<EOF registry: # Docker registry url url: https://192.168.3.207:30050/v2 # Docker registry fqdn name: k.xxxx.com:30050 # To allow image delete, should be false readonly: false auth: # Disable authentication enabled: false EOF ################################################### cat >registry.yaml <<EOF apiVersion: v1 kind: ReplicationController metadata: name: registry-rc namespace: kube-system spec: replicas: 2 selector: app: registry-rc template: metadata: labels: app: registry-rc spec: nodeSelector: node-role.kubernetes.io/master: "" containers: - name: registry image: registry:2 ports: - containerPort: 5000 env: - name: REGISTRY_HTTP_TLS_CERTIFICATE value: "/certs/domain.crt" - name: REGISTRY_HTTP_TLS_KEY value: "/certs/domain.key" volumeMounts: - name: registry mountPath: /var/lib/registry - name: certs mountPath: /certs - name: conf mountPath: /etc/docker/registry/config.yml - name: registry-web image: hyper/docker-registry-web ports: - containerPort: 8080 env: - name: REGISTRY_TRUST_ANY_SSL value: "true" - name: REGISTRY_URL value: "https://192.168.3.207:30050/v2" - name: REGISTRY_NAME value: "k.xxxx.com:30050" volumeMounts: - name: webconf mountPath: /conf/config.yml volumes: - name: webconf hostPath: path: /gv1/registry/registry-web/config.yml - name: registry hostPath: path: /gv1/registry/registry - name: certs hostPath: path: /gv1/registry/certs - name: conf hostPath: path: /gv1/registry/config.yml tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- apiVersion: v1 kind: Service metadata: name: registry-svc namespace: kube-system spec: selector: app: registry-rc type: NodePort ports: - name: registry protocol: TCP port: 5000 targetPort: 5000 nodePort: 30050 - name: registry-web protocol: TCP port: 8080 targetPort: 8080 nodePort: 30180 EOF kubectl apply -f registry.yaml kubectl get pod,svc,rc -n kube-system -o wide |grep registry #kubectl delete -f registry.yaml curl --cacert /gv1/registry/certs/domain.crt https://k.xxxx.com:30050/v2/_catalog ###################################################### #########################################web管理工具访问地址:http://k.xxxx.com:30180 仓库的地址为:k.xxxx.com:30050