k8s原生镜像仓库安装registry

在服务部署过程中,有很多的docker镜像文件,由于kubernetes是使用国外的镜像,可能会出现下载很慢或者下载不下来的情况,我们先搭建一个简单的镜像服务器,我们将需要的镜像下载回来,放到我们自己的镜像服务器,然后调用我们自己服务器的镜像就快很多。

Registry是Dcoker官方的一个私有仓库镜像,可以将本地的镜像打标签进行标记然后push到以Registry起的容器的私有仓库中。企业可以根据自己的需求,使用Dokcerfile生成自己的镜像,并推到私有仓库中,这样可以大大提高拉取镜像的效率。

下载官方的registry镜像


[root@k8s-master01 data]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
ddad3d7c1e96: Pull complete 
6eda6749503f: Pull complete 
363ab70c2143: Pull complete 
5b94580856e6: Pull complete 
12008541203a: Pull complete 
Digest: sha256:bac2d7050dc4826516650267fe7dc6627e9e11ad653daca0641437abdf18df27
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
[root@k8s-master01 data]# 

下载完成

启动Registry服务

k8s集群内启动registry服务 deployment 配置如下

apiVersion: apps/v1
kind: Deployment
metadata:
  name: registry
  namespace: docker-registry
spec:
  selector:
    matchLabels:
      app: registry
  replicas: 1 
  template:
    metadata:
      labels:
        app: registry
    spec:
      nodeSelector:
        name: "node-235"
      containers:
      - name: registry
        image: registry:latest
        volumeMounts:
        - mountPath: /var/lib/registry
          name: data-app-1
        ports:
        - containerPort: 5000
      volumes:
      - name: data-app-1
        hostPath:
          path: /data/registry-data #本地目录
          type: Directory

把本地 /data/registry-data 挂载到容器里,做镜像数据持久化

启动服务

[root@k8s-master01 registry]# kubectl apply -f deployment.yaml 
deployment.apps/registry created

查看服务是否启动

[root@k8s-master01 registry]# kubectl get pod -n docker-registry
NAME                                READY   STATUS    RESTARTS   AGE
registry-6c58cb656-7lxgz            1/1     Running   1          13m

配置nodeport 5000端口访问service配置如下

apiVersion: v1
kind: Service
metadata:
  namespace: docker-registry
  labels:
    app: registry
  name: registry-nodeport
spec:
  externalTrafficPolicy: Cluster
  type: NodePort
  ports:
    - name: manager
      protocol: TCP
      port: 5000
      targetPort: 5000
      nodePort: 5000
  selector:
    app: registry

应用Service配置

[root@k8s-master01 registry]# kubectl apply -f service.yaml 
service/registry-nodeport created
[root@k8s-master01 registry]# kubectl get service -n docker-registry
NAME                         TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
registry-nodeport            NodePort   10.103.250.191   <none>        5000:5000/TCP   10m

Service配置已生效

测试


查看Registry中所有镜像信息

[root@k8s-master01 registry]# curl http://172.25.42.235:5000/v2/_catalog
{"repositories":[]}

发现现在仓库列表为空,是因为我没有上传镜像文件

上传镜像文件

修改镜像标签tag

[root@k8s-master01 registry]# docker images|grep openresty-web
openresty-web                                                                 2021042804         a6b14c409cf4   20 hours ago    303MB
[root@k8s-master01 registry]# docker tag openresty-web:2021042804 172.25.42.235:5000/web/openresty-web:v1
[root@k8s-master01 registry]# docker images|grep openresty-web
172.25.42.235:5000/web/openresty-web                                          v1                 a6b14c409cf4   20 hours ago    303MB
openresty-web                                                                 2021042804         a6b14c409cf4   20 hours ago    303MB

上面把 openresty-web:2021042804 这个镜像 修改为 172.25.42.235:5000/web/openresty-web:v1

把镜像push到镜像仓库

[root@k8s-master01 registry]# docker push 172.25.42.235:5000/web/openresty-web:v1
The push refers to repository [172.25.42.235:5000/web/openresty-web]
Get https://172.25.42.235:5000/v2/: http: server gave HTTP response to HTTPS client
[root@k8s-master01 registry]# 

上传镜像失败:原因:docker上传下载默认只支持https协议,搭建的的私有仓库没有https协议

解决方法

修改/etc/docker/daemon.json
增加 “insecure-registries”:[“172.25.42.235:5000”]
重启docker

[root@k8s-master01 registry]# cat /etc/docker/daemon.json 
{
"insecure-registries":["172.25.42.235:5000"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
}
}
[root@k8s-master01 registry]# systemctl restart docker

172.25.42.235:5000 为仓库地址
等待docker服务重启完成

再次把镜像push到镜像仓库

再次把镜像push 172.25.42.235:5000/web/openresty-web:v1 到镜像仓库

[root@k8s-master01 registry]# docker push 172.25.42.235:5000/web/openresty-web:v1
The push refers to repository [172.25.42.235:5000/web/openresty-web]
19012cb487d1: Pushed 
5809ac47fde6: Pushed 
19ae150a9831: Pushed 
94bde1a9815a: Pushed 
0116810ae50c: Pushed 
174f56854903: Pushed 
v1: digest: sha256:4669d832f7cb2e60ff9974765ab605a6c8ca9a7640e18a03fdd85565539dd3ae size: 1575

上传完成

查看仓库镜像

[root@k8s-master01 registry]# curl http://172.25.42.235:5000/v2/_catalog
{"repositories":["web/openresty-web"]}
[root@k8s-master01 registry]# 

版权声明:本文为作者原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

原创文章,作者:老C,如若转载,请注明出处:https://www.code404.icu/506.html

发表评论

登录后才能评论