From bb2403d3652aa92a41361026e9f7d0a48691b457 Mon Sep 17 00:00:00 2001 From: diandian Date: Tue, 17 Dec 2024 16:55:59 +0800 Subject: [PATCH] =?UTF-8?q?=E4=B8=8A=E4=BC=A0=E6=96=87=E4=BB=B6=E8=87=B3?= =?UTF-8?q?=20'kubernetes-MD'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Containerd之Kubernetes链接Harbor.md | 161 ++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 kubernetes-MD/Containerd之Kubernetes链接Harbor.md diff --git a/kubernetes-MD/Containerd之Kubernetes链接Harbor.md b/kubernetes-MD/Containerd之Kubernetes链接Harbor.md new file mode 100644 index 0000000..fed45c7 --- /dev/null +++ b/kubernetes-MD/Containerd之Kubernetes链接Harbor.md @@ -0,0 +1,161 @@ +

Containerd之Kubernetes链接Harbor

+ +作者:行癫(盗版必究) + +------ + +## 一:环境基础 + +#### 1.Harbor正常运行 + +#### 2.Kubernetes集群正常 + +注意:kubernetes集群环境1.27.3版本(containerd) + +## 二:配置Containerd + +​ Kubernetes中Containerd连接Harbor仓库,Harbor仓库支持http和https部署,Containerd支持http和https连接,默认https + +#### 1.配置Containerd + +修改Kubernetes集群中所有节点的Containerd配置,配置如下: + +```shell +[root@xingdiancloud ~]# vim /etc/containerd/config.toml + [plugins."io.containerd.grpc.v1.cri".registry] + config_path = "/etc/containerd/certs.d" + [plugins."io.containerd.grpc.v1.cri".registry.configs] + [plugins."io.containerd.grpc.v1.cri".registry.configs."10.9.12.201".auth] + username = "admin" + password = "Harbor12345" + [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.1.238:180".auth] + username = "admin" + password = "Harbor12345" +``` + +注意: + +​ 找到配置文件中对应的参数位置;将系统中多余的跟上面配置中相同的参数删除 + +```shell +[root@xingdiancloud ~]# mkdir /etc/containerd/certs.d/10.9.12.201 -p +[root@xingdiancloud ~]# cd /etc/containerd/certs.d/10.9.12.201 +[root@xingdiancloud ~]# cat > hosts.toml << EOF +server = "http://10.9.12.201" + +[host."http://10.9.12.201"] + capabilities = ["pull", "resolve", "push"] + skip_verify = true +EOF +``` + +#### 2.重新启动Containerd + +```shell +[root@xingdiancloud ~]# systemctl restart containerd +``` + +## 三:集群测试 + +#### 1.创建Deployment + +```yaml +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + k8s.kuboard.cn/name: test + name: test + namespace: default + resourceVersion: '397590' +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s.kuboard.cn/name: test + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + k8s.kuboard.cn/name: test + spec: + containers: + - image: 10.9.12.201/xingdian/nginx:v1 + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + name: http + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /usr/share/nginx/html + name: volume-j2ijw + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - name: volume-j2ijw + nfs: + path: /opt/xingdiancloud_1 + server: 10.9.12.250 + +--- +apiVersion: v1 +kind: Service +metadata: + annotations: {} + labels: + k8s.kuboard.cn/name: test + name: test + namespace: default + resourceVersion: '397893' +spec: + clusterIP: 10.99.28.173 + clusterIPs: + - 10.99.28.173 + externalTrafficPolicy: Cluster + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: xbcbcp + nodePort: 30009 + port: 80 + protocol: TCP + targetPort: 80 + selector: + k8s.kuboard.cn/name: test + sessionAffinity: None + type: NodePort +``` + +注意: + +​ 此yaml文件中创建的Deployment、Service;还使用了持久化存储;需要借鉴使用。 + +#### 2.运行状态 + +![image-20230629234917658](https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20230629234917658.png) + +#### 3.访问服务 + +![image-20230629234725709](https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20230629234725709.png) + +注意: + +​ 以上任何一项都可以说明Kubernetes集群中Containerd可以使用Harbor仓库http方式下载镜像 \ No newline at end of file