zwb/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9bcfc096be
kubernetes/kubernetes-MD/Containerd之Kubernetes链接Harbor.md
diandian bb2403d365 上传文件至 'kubernetes-MD'
2024-12-17 16:55:59 +08:00

4.0 KiB
Raw Blame History

Containerd之Kubernetes链接Harbor

作者:行癫(盗版必究)

一:环境基础

1.Harbor正常运行

2.Kubernetes集群正常

注意kubernetes集群环境1.27.3版本containerd

配置Containerd

Kubernetes中Containerd连接Harbor仓库Harbor仓库支持http和https部署Containerd支持http和https连接默认https

1.配置Containerd

修改Kubernetes集群中所有节点的Containerd配置配置如下

[root@xingdiancloud ~]# vim /etc/containerd/config.toml
    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = "/etc/containerd/certs.d"
      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."10.9.12.201".auth]
          username = "admin"
          password = "Harbor12345"
        [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.1.238:180".auth]
           username = "admin"
           password = "Harbor12345"

注意:

找到配置文件中对应的参数位置;将系统中多余的跟上面配置中相同的参数删除

[root@xingdiancloud ~]# mkdir /etc/containerd/certs.d/10.9.12.201 -p
[root@xingdiancloud ~]# cd /etc/containerd/certs.d/10.9.12.201
[root@xingdiancloud ~]# cat > hosts.toml << EOF
server = "http://10.9.12.201"

[host."http://10.9.12.201"]
  capabilities = ["pull", "resolve", "push"]
  skip_verify = true
EOF

2.重新启动Containerd

[root@xingdiancloud ~]# systemctl restart containerd

三:集群测试

1.创建Deployment

---
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations: {}
  labels:
    k8s.kuboard.cn/name: test
  name: test
  namespace: default
  resourceVersion: '397590'
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s.kuboard.cn/name: test
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        k8s.kuboard.cn/name: test
    spec:
      containers:
        - image: 10.9.12.201/xingdian/nginx:v1
          imagePullPolicy: IfNotPresent
          name: nginx
          ports:
            - containerPort: 80
              name: http
              protocol: TCP
          resources: {}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
            - mountPath: /usr/share/nginx/html
              name: volume-j2ijw
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
      volumes:
        - name: volume-j2ijw
          nfs:
            path: /opt/xingdiancloud_1
            server: 10.9.12.250

---
apiVersion: v1
kind: Service
metadata:
  annotations: {}
  labels:
    k8s.kuboard.cn/name: test
  name: test
  namespace: default
  resourceVersion: '397893'
spec:
  clusterIP: 10.99.28.173
  clusterIPs:
    - 10.99.28.173
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ipFamilies:
    - IPv4
  ipFamilyPolicy: SingleStack
  ports:
    - name: xbcbcp
      nodePort: 30009
      port: 80
      protocol: TCP
      targetPort: 80
  selector:
    k8s.kuboard.cn/name: test
  sessionAffinity: None
  type: NodePort

注意:

此yaml文件中创建的Deployment、Service还使用了持久化存储需要借鉴使用。

2.运行状态

image-20230629234917658

3.访问服务

image-20230629234725709

注意:

以上任何一项都可以说明Kubernetes集群中Containerd可以使用Harbor仓库http方式下载镜像