Docker Image 推到阿里云仓库,可以看 SpringBoot Docker 发布到 阿里仓库
1. 阿里镜像仓库加了授权,所以 K8S 拉之前要做下授权处理
[root@k8smaster ~]# kubectl create secret docker-registry registry-demo \
--namespace=default \
--docker-server=registry.cn-shanghai.aliyuncs.com \
--docker-username=hi帐户ID@aliyun.com \
--docker-password=vipsoft \
--docker-email=xxxxx@qq.com
secret/registry-demo created
[root@k8smaster ~]# kubectl get secrets
NAME TYPE DATA AGE
default-token-q7lps kubernetes.io/service-account-token 3 5d17h
registry-demo kubernetes.io/dockerconfigjson 1 2m53s
[root@k8smaster ~]# kubectl describe secrets registry-demo
Name: registry-demo
Namespace: default
Labels:
Annotations:
Type: kubernetes.io/dockerconfigjson
Data
====
.dockerconfigjson: 196 bytes
[root@k8smaster ~]#
解释说明:
[root@k8smaster ~]# kubectl create secret docker-registry registry-demo \ #创建类型为:docker-registry的secrets名称为registry-demo
--namespace=default \ # K8S 的命名空间,非阿里云仓库的命名空间,值 default 可不写,默认为 default, 不同Namespace,在创建secrets时需要指定Namespace,
--docker-server=registry.cn-shanghai.aliyuncs.com \ #阿里云镜像仓库,公网地址
--docker-username=hi帐户ID@aliyun.com \ #阿里云的帐号
--docker-password=vipsoft \ #仓库的密码,在 仓库管理-> 访问凭证中可设置
--docker-email=xxxx@qq.com # 用户邮箱
[root@k8smaster ~]# kubectl get secret registry-demo -o yaml #查看secret详细信息
2. 生成 yaml ,并修改yaml 配置 imagePullSecrets,否则后面会报 ImagePullBackOff,拉取需要登录 requested access to the resource is denied
K8S 拉取镜像 ImagePullBackOff pull access denied
[root@k8smaster ~]# kubectl create deployment javademo1 --image=registry.cn-shanghai.aliyuncs.com/vipsoft/vipsoft:1.0 --dry-run -o yaml > javademo1.yaml
W1018 18:49:33.112150 62765 helpers.go:535] --dry-run is deprecated and can be replaced with --dry-run=client.
[root@k8smaster ~]# vi javademo1.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: javademo1
name: javademo1
spec:
replicas: 1
selector:
matchLabels:
app: javademo1
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: javademo1
spec:
containers:
- image: registry.cn-shanghai.aliyuncs.com/vipsoft/vipsoft:1.0
name: vipsoft
resources: {}
imagePullSecrets:
- name: registry-demo
status: {}
3. 创建容器
[root@k8smaster ~]# kubectl apply -f javademo1.yaml
deployment.apps/javademo1 created
[root@k8smaster ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
javademo1-84dd5c9485-8ckk6 0/1 ContainerCreating 0 6s
nginx-f89759699-5hkdw 1/1 Running 0 5d17h
[root@k8smaster ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
javademo1-84dd5c9485-8ckk6 1/1 Running 0 65s
nginx-f89759699-5hkdw 1/1 Running 0 5d17h
[root@k8smaster ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
javademo1-84dd5c9485-8ckk6 1/1 Running 0 111s 10.244.1.4 k8snode1
nginx-f89759699-5hkdw 1/1 Running 0 5d17h 10.244.2.2 k8snode2
[root@k8smaster ~]# kubectl scale deployment javademo1 --replicas=3 # 扩容3个服务
deployment.apps/javademo1 scaled
[root@k8smaster ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
javademo1-84dd5c9485-7vgkr 0/1 ImagePullBackOff 0 16s 10.244.2.6 k8snode2
javademo1-84dd5c9485-8ckk6 1/1 Running 0 6m21s 10.244.1.4 k8snode1
javademo1-84dd5c9485-8hfmd 0/1 ImagePullBackOff 0 16s 10.244.2.7 k8snode2
nginx-f89759699-5hkdw 1/1 Running 0 5d17h 10.244.2.2 k8snode2
[root@k8smaster ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
javademo1-84dd5c9485-7vgkr 1/1 Running 0 58s 10.244.2.6 k8snode2
javademo1-84dd5c9485-8ckk6 1/1 Running 0 7m3s 10.244.1.4 k8snode1
javademo1-84dd5c9485-8hfmd 1/1 Running 0 58s 10.244.2.7 k8snode2
nginx-f89759699-5hkdw 1/1 Running 0 5d17h 10.244.2.2 k8snode2
[root@k8smaster ~]# kubectl expose deployment javademo1 --port=8111 --target-port=8111 --type=NodePort # 对外暴露端口,不然不能访问
service/javademo1 exposed
[root@k8smaster ~]# kubectl get svc #查看 service 的运行状态
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
javademo1 NodePort 10.106.43.46
kubernetes ClusterIP 10.96.0.1
nginx NodePort 10.103.87.81
[root@k8smaster ~]#
4. 测试
5. 补充
CrashLoopBackOff
容器退出,kubelet正在将它重启
InvalidImageName
无法解析镜像名称
ImageInspectError
无法校验镜像
ErrImageNeverPul
策略禁止拉取镜像
ImagePullBackOff
正在重试拉取
RegistryUnavailable
连接不到镜像中心
ErrImagePull
通用的拉取镜像出错
CreateContainerConfigError
不能创建kubelet使用的容器配置
CreateContainerError
创建容器失败
m.internalLifecycle.PreStartContainer
执行hook报错
RunContainerError
启动容器失败
PostStartHookError
执行hook报错
ContainersNotInitialized
容器没有初始化完毕
ContainersNotReady
容器没有准备完毕
ContainerCreating
容器创建中
PodInitializing
pod初始化中
DockerDaemonNotReady
docker还没有完全启动
NetworkPluginNotReady
网络插件还没有完全启动
Evicted
即驱赶的意思,意思是当节点出现异常时,kubernetes将有相应的机制驱赶该节点上的Pod。多见于资源不足时导致的驱赶。
推荐阅读
发表评论