kubernetes/NEW/Containerd之Kubernetes链接Harbor.md

<h1><center>Containerd之Kubernetes链接Harbor</center></h1>

作者：行癫（盗版必究）

------

## 一：环境基础

#### 1.Harbor正常运行

#### 2.Kubernetes集群正常

注意：kubernetes集群环境1.27.3版本（containerd）

## 二：配置Containerd

​		Kubernetes中Containerd连接Harbor仓库，Harbor仓库支持http和https部署，Containerd支持http和https连接，默认https

#### 1.配置Containerd

修改Kubernetes集群中所有节点的Containerd配置，配置如下：

```shell
[root@xingdiancloud ~]# vim /etc/containerd/config.toml
    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = "/etc/containerd/certs.d"
      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."10.9.12.201".auth]
          username = "admin"
          password = "Harbor12345"
        [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.1.238:180".auth]
           username = "admin"
           password = "Harbor12345"
```

注意：

​		找到配置文件中对应的参数位置；将系统中多余的跟上面配置中相同的参数删除

```shell
[root@xingdiancloud ~]# mkdir /etc/containerd/certs.d/10.9.12.201 -p
[root@xingdiancloud ~]# cd /etc/containerd/certs.d/10.9.12.201
[root@xingdiancloud ~]# cat > hosts.toml << EOF
server = "http://10.9.12.201"

[host."http://10.9.12.201"]
  capabilities = ["pull", "resolve", "push"]
  skip_verify = true
EOF
```

#### 2.重新启动Containerd

```shell
[root@xingdiancloud ~]# systemctl restart containerd
```

## 三：集群测试

#### 1.创建Deployment

```yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations: {}
  labels:
    k8s.kuboard.cn/name: test
  name: test
  namespace: default
  resourceVersion: '397590'
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s.kuboard.cn/name: test
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        k8s.kuboard.cn/name: test
    spec:
      containers:
        - image: 10.9.12.201/xingdian/nginx:v1
          imagePullPolicy: IfNotPresent
          name: nginx
          ports:
            - containerPort: 80
              name: http
              protocol: TCP
          resources: {}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
            - mountPath: /usr/share/nginx/html
              name: volume-j2ijw
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
      volumes:
        - name: volume-j2ijw
          nfs:
            path: /opt/xingdiancloud_1
            server: 10.9.12.250

---
apiVersion: v1
kind: Service
metadata:
  annotations: {}
  labels:
    k8s.kuboard.cn/name: test
  name: test
  namespace: default
  resourceVersion: '397893'
spec:
  clusterIP: 10.99.28.173
  clusterIPs:
    - 10.99.28.173
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  ports:
    - name: xbcbcp
      nodePort: 30009
      port: 80
      protocol: TCP
      targetPort: 80
  selector:
    k8s.kuboard.cn/name: test
  sessionAffinity: None
  type: NodePort
```

注意：

​		此yaml文件中创建的Deployment、Service；还使用了持久化存储；需要借鉴使用。

#### 2.运行状态

![image-20230629234917658](https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20230629234917658.png)

#### 3.访问服务

![image-20230629234725709](https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20230629234725709.png)

注意：

​		以上任何一项都可以说明Kubernetes集群中Containerd可以使用Harbor仓库http方式下载镜像