Containerd之Kubernetes链接Harbor

作者:行癫(盗版必究) ------ ## 一:环境基础 #### 1.Harbor正常运行 #### 2.Kubernetes集群正常 注意:kubernetes集群环境1.27.3版本(containerd) ## 二:配置Containerd ​ Kubernetes中Containerd连接Harbor仓库,Harbor仓库支持http和https部署,Containerd支持http和https连接,默认https #### 1.配置Containerd 修改Kubernetes集群中所有节点的Containerd配置,配置如下: ```shell [root@xingdiancloud ~]# vim /etc/containerd/config.toml [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d" [plugins."io.containerd.grpc.v1.cri".registry.configs] [plugins."io.containerd.grpc.v1.cri".registry.configs."10.9.12.201".auth] username = "admin" password = "Harbor12345" [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.1.238:180".auth] username = "admin" password = "Harbor12345" ``` 注意: ​ 找到配置文件中对应的参数位置;将系统中多余的跟上面配置中相同的参数删除 ```shell [root@xingdiancloud ~]# mkdir /etc/containerd/certs.d/10.9.12.201 -p [root@xingdiancloud ~]# cd /etc/containerd/certs.d/10.9.12.201 [root@xingdiancloud ~]# cat > hosts.toml << EOF server = "http://10.9.12.201" [host."http://10.9.12.201"] capabilities = ["pull", "resolve", "push"] skip_verify = true EOF ``` #### 2.重新启动Containerd ```shell [root@xingdiancloud ~]# systemctl restart containerd ``` ## 三:集群测试 #### 1.创建Deployment ```yaml --- apiVersion: apps/v1 kind: Deployment metadata: annotations: {} labels: k8s.kuboard.cn/name: test name: test namespace: default resourceVersion: '397590' spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s.kuboard.cn/name: test strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: k8s.kuboard.cn/name: test spec: containers: - image: 10.9.12.201/xingdian/nginx:v1 imagePullPolicy: IfNotPresent name: nginx ports: - containerPort: 80 name: http protocol: TCP resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /usr/share/nginx/html name: volume-j2ijw dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 volumes: - name: volume-j2ijw nfs: path: /opt/xingdiancloud_1 server: 10.9.12.250 --- apiVersion: v1 kind: Service metadata: annotations: {} labels: k8s.kuboard.cn/name: test name: test namespace: default resourceVersion: '397893' spec: clusterIP: 10.99.28.173 clusterIPs: - 10.99.28.173 externalTrafficPolicy: Cluster internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - name: xbcbcp nodePort: 30009 port: 80 protocol: TCP targetPort: 80 selector: k8s.kuboard.cn/name: test sessionAffinity: None type: NodePort ``` 注意: ​ 此yaml文件中创建的Deployment、Service;还使用了持久化存储;需要借鉴使用。 #### 2.运行状态 ![image-20230629234917658](https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20230629234917658.png) #### 3.访问服务 ![image-20230629234725709](https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20230629234725709.png) 注意: ​ 以上任何一项都可以说明Kubernetes集群中Containerd可以使用Harbor仓库http方式下载镜像