zwb/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

上传文件至 'kubernetes-MD'

Browse Source
This commit is contained in:
diandian 2024-12-17 16:55:59 +08:00
parent 13ebf2dbc7
commit bb2403d365
1 changed files with 161 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
kubernetes-MD/Containerd之Kubernetes链接Harbor.md Normal file
View File

@ -0,0 +1,161 @@
<h1><center>Containerd之Kubernetes链接Harbor</center></h1>
作者:行癫(盗版必究)
------
## 一:环境基础
#### 1.Harbor正常运行
#### 2.Kubernetes集群正常
注意kubernetes集群环境1.27.3版本containerd
## 二配置Containerd
Kubernetes中Containerd连接Harbor仓库Harbor仓库支持http和https部署Containerd支持http和https连接默认https
#### 1.配置Containerd
修改Kubernetes集群中所有节点的Containerd配置配置如下
```shell
[root@xingdiancloud ~]# vim /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."10.9.12.201".auth]
username = "admin"
password = "Harbor12345"
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.1.238:180".auth]
username = "admin"
password = "Harbor12345"
```
注意:
找到配置文件中对应的参数位置;将系统中多余的跟上面配置中相同的参数删除
```shell
[root@xingdiancloud ~]# mkdir /etc/containerd/certs.d/10.9.12.201 -p
[root@xingdiancloud ~]# cd /etc/containerd/certs.d/10.9.12.201
[root@xingdiancloud ~]# cat > hosts.toml << EOF
server = "http://10.9.12.201"
[host."http://10.9.12.201"]
capabilities = ["pull", "resolve", "push"]
skip_verify = true
EOF
```
#### 2.重新启动Containerd
```shell
[root@xingdiancloud ~]# systemctl restart containerd
```
## 三:集群测试
#### 1.创建Deployment
```yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
k8s.kuboard.cn/name: test
name: test
namespace: default
resourceVersion: '397590'
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s.kuboard.cn/name: test
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
k8s.kuboard.cn/name: test
spec:
containers:
- image: 10.9.12.201/xingdian/nginx:v1
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 80
name: http
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /usr/share/nginx/html
name: volume-j2ijw
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: volume-j2ijw
nfs:
path: /opt/xingdiancloud_1
server: 10.9.12.250
---
apiVersion: v1
kind: Service
metadata:
annotations: {}
labels:
k8s.kuboard.cn/name: test
name: test
namespace: default
resourceVersion: '397893'
spec:
clusterIP: 10.99.28.173
clusterIPs:
- 10.99.28.173
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: xbcbcp
nodePort: 30009
port: 80
protocol: TCP
targetPort: 80
selector:
k8s.kuboard.cn/name: test
sessionAffinity: None
type: NodePort
```
注意:
此yaml文件中创建的Deployment、Service还使用了持久化存储需要借鉴使用。
#### 2.运行状态
![image-20230629234917658](https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20230629234917658.png)
#### 3.访问服务
![image-20230629234725709](https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20230629234725709.png)
注意:
以上任何一项都可以说明Kubernetes集群中Containerd可以使用Harbor仓库http方式下载镜像