引言
使用 k3s 之后,我需要把我的项目迁移到 k3s 上部署,这时候需要部署一下私有仓库。我选用Docker Registry来做私有仓库。
部署registry
我们需要配置一个PV来做registry的存储映射,registry 默认存储位置为/var/lib/registry。
# registry-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: registry-pv
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/data/k3s/registry"
我们配置一个PVC绑定我们刚刚配置的PV,供之后的Pod使用。
# registry-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: registry-local-pvc
namespace: default
spec:
accessModes:
- ReadWriteOnce
storageClassName: manual # 必须与pv一致
resources:
requests:
storage: 5Gi
volumeName: registry-pv # PV的名称
创建账号密码
# 映射目录创建认证
cd /data/k3s/registry/
mkdir auth
docker run --entrypoint htpasswd registry:2 -Bbn <testuser> <testpassword> auth/htpasswd
Deployment配置
# registry-deploy.yaml
# 创建该对象所使用的 Kubernetes API 的版本
apiVersion: apps/v1 # Deployment是apps/v1而不是v1
# 想要创建的对象的类别
kind: Deployment
# 帮助唯一性标识对象的一些数据,包括一个 name 字符串、UID 和可选的 namespace
metadata:
name: registry
# 你所期望的该对象的状态
spec:
# replicas: 2 # Pod的数量,Deployment会确保一直有2个Pod运行
selector: # 标签选择器,表示这个Deployment会选择Label为app=mysql的Pod
matchLabels:
app: registry
# 升级策略
# RollingUpdate:滚动升级,即逐步创建新Pod再删除旧Pod,为默认策略。
#
# strategy:
# type: Recreate
# rollingUpdate:
# type: RollingUpdate
# maxSurge: 1
# maxUnavailable: 0
#
# Recreate:替换升级,即先把当前Pod删掉再重新创建Pod
strategy:
type: Recreate
template: # Pod的定义,用于创建Pod,也称为Pod template
metadata:
labels:
app: registry
spec:
containers:
- image: registry:laster
name: registry
env: # 环境变量
# Use secret in real usage
- name: REGISTRY_AUTH
value: htpasswd
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: Registry Realm
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: /auth/htpasswd # 刚刚配置的用户名密码
volumeMounts:
- name: registry-persistent-storage
mountPath: /var/lib/registry
ports:
- name: registry # Pod间通信的端口名称
containerPort: 5000 # Pod间通信的端口号
volumes:
- name: registry-persistent-storage
persistentVolumeClaim:
claimName: registry-local-pvc
Service配置
# registry-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: registry-svc
spec:
selector:
app: registry
#这里代表是NodePort类型的
type: ClusterIP
ports:
#端口名称
- name: registry-port
#端口协议,支持TCP或UDP,默认TCP
protocol: TCP
#服务监听的端口号
port: 5000
#需要转发到后端的端口号
targetPort: 5000 #端口一定要和container暴露出来的端口对应
Ingress配置
# registry-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: registry-ingress
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: registry.godance.cc
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: registry-svc
port:
number: 5000
这样registry就部署完了。
构建镜像
# 给本地镜像打标签
docker tag mynode:latest registry.godance.cc/mynode:v1
# 提交私有镜像
docker push registry.godance.cc/mynode:v1
k3s 私有镜像配置
在k3s使用私有镜像还需要配置下,不然没办法pull私有镜像。因为是内部使用,所以就没开启TLS。
# 跳转到k3s的配置目录
cd /etc/rancher/k3s/
# registries.yaml
mirrors:
10.0.20.2:5000:
endpoint:
- "http://10.0.20.2:5000"
registry.godance.cc:
endpoint:
- "http://registry.godance.cc"
configs:
"registry.godance.cc":
auth:
username: user01 # 这是私有镜像仓库的用户名
password: 123456 # 这是私有镜像仓库的密码
然后重启下k3s
systemctl restart k3s
这样我们就可以在k3s中拉取我们自己的私有镜像。
测试
# node-test-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: node-test-deployment
spec:
selector:
matchLabels:
app: node-test
strategy:
type: Recreate
template:
metadata:
labels:
app: node-test
spec:
containers:
- image: registry.godance.cc/mynode:v1
name: node-test
imagePullPolicy: IfNotPresent
env:
- name: NODE_ENV
value: test
ports:
- name: node-test # Pod间通信的端口名称
containerPort: 3000 # Pod间通信的端口号
# node-test-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: node-test-svc
spec:
selector:
app: node-test
type: ClusterIP
ports:
- name: node-test
protocol: TCP
port: 3001
targetPort: 3000 #端口一定要和container暴露出来的端口对应
运行下
kubectl apply -f deploy.yaml
kubectl get pods
END
