上次我搭建了K8S集群和OpenEBS Jiva存儲方案,由於集群是混合架構,既有x86的機器也有arm64的機器,最好是自己維護一套鏡像倉庫比較好。
方案
- 使用OpenEBS Jiva存储镜像
- 使用docker registry作为镜像仓库
实施
- ns.yaml
apiVersion: v1
kind: Namespace
metadata:
name: repo
labels:
name: repo- deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: registry
namespace: repo
spec:
replicas: 1
selector:
matchLabels:
app: registry
template:
metadata:
labels:
app: registry
spec:
containers:
- name: registry
image: registry:2
ports:
- containerPort: 5000
volumeMounts:
- name: registry-storage
mountPath: /var/lib/registry
volumes:
- name: registry-storage
persistentVolumeClaim:
claimName: registry-pvc
---
apiVersion: v1
kind: Service
metadata:
name: registry
namespace: repo
spec:
selector:
app: registry
ports:
- protocol: TCP
port: 5000
targetPort: 5000- pvc-data.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: registry-pvc
namespace: repo
spec:
storageClassName: openebs-jiva-csi-2r
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi然后执行以下命令:
kubectl apply -f ns.yaml -f pvc-data.yaml -f deploy.yaml连接仓库
先创建凭据
kubectl create secret docker-registry my-registry-secret \
--docker-server=registry.example.com:5000 \ # 可以使用kubectl get svc -n repo查看service地址和端口
--docker-username=<your-username> \
--docker-password=<your-password> \
--docker-email=<your-email>因为部署完之后镜像使用HTTP提供服务,在开发机上面登录仓库需要先将地址加入到insecure-registries。
编辑 Docker 的守护进程配置文件 /etc/docker/daemon.json,添加你的私有镜像仓库地址到 insecure-registries 列表中。
{
"insecure-registries": ["<your-registry-server>"]
}如果是Docker Desktop(windows 和 macos),可以打开 Docker Desktop 设置。在 "Daemon" 或 "Docker Engine" 选项卡中,添加你的私有镜像仓库地址到 insecure-registries 列表中。
{
"builder": {
"gc": {
"defaultKeepStorage": "20GB",
"enabled": true
}
},
"experimental": false,
"insecure-registries": [
"<your-registry-server>"
]
}最后进行登录
docker login registry.example.com:5000然后就可以打包镜像上传到仓库里面
- 将容器提交为镜像:
docker commit container_id my_image - 给镜像打标签:
docker tag my_image <your-repo>/my_image - 推送镜像:
docker push <your-repo>/my_image