上传文件至 'kubernetes-MD'

kubernetes-MD/Containerd之Kubernetes链接Harbor.md

@@ -0,0 +1,161 @@
+<h1><center>Containerd之Kubernetes链接Harbor</center></h1>
+
+作者：行癫（盗版必究）
+
+------
+
+## 一：环境基础
+
+#### 1.Harbor正常运行
+
+#### 2.Kubernetes集群正常
+
+注意：kubernetes集群环境1.27.3版本（containerd）
+
+## 二：配置Containerd
+
+​		Kubernetes中Containerd连接Harbor仓库，Harbor仓库支持http和https部署，Containerd支持http和https连接，默认https
+
+#### 1.配置Containerd
+
+修改Kubernetes集群中所有节点的Containerd配置，配置如下：
+
+```shell
+[root@xingdiancloud ~]# vim /etc/containerd/config.toml
+    [plugins."io.containerd.grpc.v1.cri".registry]
+      config_path = "/etc/containerd/certs.d"
+      [plugins."io.containerd.grpc.v1.cri".registry.configs]
+        [plugins."io.containerd.grpc.v1.cri".registry.configs."10.9.12.201".auth]
+          username = "admin"
+          password = "Harbor12345"
+        [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.1.238:180".auth]
+           username = "admin"
+           password = "Harbor12345"
+```
+
+注意：
+
+​		找到配置文件中对应的参数位置；将系统中多余的跟上面配置中相同的参数删除
+
+```shell
+[root@xingdiancloud ~]# mkdir /etc/containerd/certs.d/10.9.12.201 -p
+[root@xingdiancloud ~]# cd /etc/containerd/certs.d/10.9.12.201
+[root@xingdiancloud ~]# cat > hosts.toml << EOF
+server = "http://10.9.12.201"
+
+[host."http://10.9.12.201"]
+  capabilities = ["pull", "resolve", "push"]
+  skip_verify = true
+EOF
+```
+
+#### 2.重新启动Containerd
+
+```shell
+[root@xingdiancloud ~]# systemctl restart containerd
+```
+
+## 三：集群测试
+
+#### 1.创建Deployment
+
+```yaml
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations: {}
+  labels:
+    k8s.kuboard.cn/name: test
+  name: test
+  namespace: default
+  resourceVersion: '397590'
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s.kuboard.cn/name: test
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        k8s.kuboard.cn/name: test
+    spec:
+      containers:
+        - image: 10.9.12.201/xingdian/nginx:v1
+          imagePullPolicy: IfNotPresent
+          name: nginx
+          ports:
+            - containerPort: 80
+              name: http
+              protocol: TCP
+          resources: {}
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          volumeMounts:
+            - mountPath: /usr/share/nginx/html
+              name: volume-j2ijw
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - name: volume-j2ijw
+          nfs:
+            path: /opt/xingdiancloud_1
+            server: 10.9.12.250
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations: {}
+  labels:
+    k8s.kuboard.cn/name: test
+  name: test
+  namespace: default
+  resourceVersion: '397893'
+spec:
+  clusterIP: 10.99.28.173
+  clusterIPs:
+    - 10.99.28.173
+  externalTrafficPolicy: Cluster
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+    - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+    - name: xbcbcp
+      nodePort: 30009
+      port: 80
+      protocol: TCP
+      targetPort: 80
+  selector:
+    k8s.kuboard.cn/name: test
+  sessionAffinity: None
+  type: NodePort
+```
+
+注意：
+
+​		此yaml文件中创建的Deployment、Service；还使用了持久化存储；需要借鉴使用。
+
+#### 2.运行状态
+
+![image-20230629234917658](https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20230629234917658.png)
+
+#### 3.访问服务
+
+![image-20230629234725709](https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20230629234725709.png)
+
+注意：
+
+​		以上任何一项都可以说明Kubernetes集群中Containerd可以使用Harbor仓库http方式下载镜像