84、 k8s的pod基础+https-harbor

news2024/11/15 11:09:05

一、pod基础:

pod进阶:探针(面试必问—扩缩容,挂载)

1.1、pod的定义

pod是k8s里面的最小单位,pod也是最小运行容器的资源对象。

容器时基于pod在k8s集群当中工作。

在k8s集群当中,一个pod就代表一个运行的进程,k8s的大部分组件都是围绕pod来进行的,对pod进行支撑,扩展。

deployment service都是围绕pod来进行部署的。

1.2、k8s的pod的两种使用方式:

1、一个pod一个容器,这是最常见的方式,k8s管理的是pod,不是容器。

2、一个pod里面有多个容器。多个容器,也是共享网络,挂载卷。

现在的容器的技术要求,一个pod下的必须运行在同一个节点上。

共享网络,挂载卷并不是pod自身提供的功能。

pause容器提供的共享和挂载卷共享。

[root@master01 ~]# kubectl run --image=nginx:1.22 test1
pod/test1 created
[root@master01 ~]# kubectl get pod -o wide
NAME    READY   STATUS    RESTARTS   AGE   IP            NODE     NOMINATED NODE   READINESS GATES
test1   1/1     Running   0          61s   10.244.2.70   node02   <none>           <none>

在这里插入图片描述

pause管理系统重要的组件

在这里插入图片描述

1.3、pod的分类

1、基础容器-------pause

共享网络和共享挂载卷

2、初始化容器:

这种初始化容器包含在pod容器内部的,属于pod的组成部分之一,而且伴随着pod生命周期当中的一个环节:启动环节。

当我们拉起一个pod时,先构建pause,构建完成之后,如果包含初始化容器,必须要等初始化容器部署完成之后,才会部署应用容器。

1.3.1、1、3个容器怎么查看

kubectl exec -it init-pod(pod的名称) -c centos2(容器名)
初始化容器运行完成之后,使命完成之后即退出,节点上的容器还在,这个时候只能查询到业务容器的日志和状态。
初始化容器运行完毕之后必须要退出,否则后续的容器无法继续构建。
查看日志:kubectl logs -f init-pod(pod的名称) -c centos2(容器名)

1.3.2、启动的先后顺序

先有初始化的容器,再启动业务容器。
#初始化启动失败,pod能否进入ready状态

[root@master01 k8s-yaml]# vim init.yml


第一种:业务容器在后
apiVersion: v1
kind: Pod
metadata:
  name: init-pod
  labels:
    app: test1
spec:
  initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器
  - name: centos1
    image: centos:7
    command: ["/bin/bash","-c","echo 123 > /opt/123.txt && sleep 2"]
#多个命令   :用逻辑或,&&表示逻辑且
  - name: centos2
    image: centos:7
    command: ["/bin/bash","-c","echo 345 > /opt/345.txt && sleep 50"]
  containers:
  - name: centos3
    image: centos:7
    command: ["/bin/bash","-c","echo system is running && sleep 3600"]
#1、3个容器怎么查看
kubectl exec -it init-pod(pod的名称) -c centos2(容器名)
初始化容器运行完成之后,使命完成之后即退出,节点上的容器还在,这个时候只能查询到业务容器的日志和状态。
初始化容器运行完毕之后必须要退出,否则后续的容器无法继续构建。
查看日志:kubectl logs -f init-pod -c centos2
#2、启动的先后顺序, 
先有初始化的容器,再启动业务容器。
#初始化启动失败,pod能否进入ready状态




[root@master01 k8s-yaml]# kubectl apply -f init.yml 
pod/init-pod created
[root@master01 k8s-yaml]# kubectl get pod -o wide
[root@master01 k8s-yaml]# kubectl describe pod init-pod 


Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  55s   default-scheduler  Successfully assigned default/init-pod to node02
  Normal  Pulled     54s   kubelet            Container image "centos:7" already present on machine
  Normal  Created    54s   kubelet            Created container centos1
  Normal  Started    54s   kubelet            Started container centos1
  Normal  Pulled     52s   kubelet            Container image "centos:7" already present on machine
  Normal  Created    52s   kubelet            Created container centos2
  Normal  Started    52s   kubelet            Started container centos2
  Normal  Pulled     2s    kubelet            Container image "centos:7" already present on machine
  Normal  Created    2s    kubelet            Created container centos3
  Normal  Started    2s    kubelet            Started container centos3

第二种:业务容器在前
[root@master01 k8s-yaml]# vim init.yml

apiVersion: v1
kind: Pod
metadata:
  name: init-pod
  labels:
    app: test1
spec:
  containers:
  - name: centos3
    image: centos:7
    command: ["/bin/bash","-c","echo system is running && sleep 3600"]
  initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器
  - name: centos1
    image: centos:7
    command: ["/bin/bash","-c","echo 123 > /opt/123.txt && sleep 2"]
#多个命令   :用逻辑或,&&表示逻辑且
  - name: centos2
    image: centos:7
    command: ["/bin/bash","-c","echo 345 > /opt/345.txt && sleep 50"]
[root@master01 k8s-yaml]# kubectl apply -f init.yml 

[root@master01 k8s-yaml]# kubectl get pod
NAME        READY   STATUS    RESTARTS   AGE
init-pod    1/1     Running   0          107s

[root@master01 k8s-yaml]# kubectl describe pod init-pod 

Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  3m6s   default-scheduler  Successfully assigned default/init-pod to node02
  Normal  Pulled     3m6s   kubelet            Container image "centos:7" already present on machine
  Normal  Created    3m6s   kubelet            Created container centos1
  Normal  Started    3m6s   kubelet            Started container centos1
  Normal  Pulled     3m4s   kubelet            Container image "centos:7" already present on machine
  Normal  Created    3m4s   kubelet            Created container centos2
  Normal  Started    3m4s   kubelet            Started container centos2
  Normal  Pulled     2m13s  kubelet            Container image "centos:7" already present on machine
  Normal  Created    2m13s  kubelet            Created container centos3
  Normal  Started    2m13s  kubelet            Started container centos3




进入容器
kubectl exec -it init-pod(pod名称) -c centos2(容器)
查看日志
kubectl logs -f init-pod(pod名称) -c centos2(容器)
初始化nginx容器一直再运行,容器启动不了
[root@master01 k8s-yaml]# vim init1.yml 

apiVersion: v1
kind: Pod
metadata:
  name: init1-pod
  labels:
    app: test1
spec:
  initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器
  - name: nginx1
    image: nginx:1.22
#多个命令   :用逻辑或,&&表示逻辑且
  - name: nginx2
    image: nginx:1.22
  containers:
  - name: nginx3
    image: nginx:1.22

[root@master01 k8s-yaml]# kubectl apply -f init1.yml 
[root@master01 k8s-yaml]# kubectl get pod -o wide
[root@master01 k8s-yaml]# kubectl describe pod init1-pod
Events:
  Type    Reason     Age    From               Message
  ----    ------     ----   ----               -------
  Normal  Scheduled  2m33s  default-scheduler  Successfully assigned default/init1-pod to node01
  Normal  Pulled     2m33s  kubelet            Container image "nginx:1.22" already present on machine
  Normal  Created    2m33s  kubelet            Created container nginx1
  Normal  Started    2m33s  kubelet            Started container nginx1

command–/bin/bash命令进行覆盖
[root@master01 k8s-yaml]# vim init1.yml 

apiVersion: v1
kind: Pod
metadata:
  name: init1-pod
  labels:
    app: test1
spec:
  initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器
  - name: nginx1
    image: nginx:1.22
    command: ["/bin/bash","-c","touch /opt/123.txt"]
#多个命令   :用逻辑或,&&表示逻辑且
  - name: nginx2
    image: nginx:1.22
    command: ["/bin/bash","-c","touch /opt/123.txt"]
  containers:
  - name: nginx3
    image: nginx:1.22
    command: ["/bin/bash","-c","touch /opt/123.txt"]


[root@master01 k8s-yaml]# kubectl apply -f init1.yml --force
[root@master01 k8s-yaml]# kubectl get pod -o wide
[root@master01 k8s-yaml]# kubectl describe pod init1-pod 

Events:
  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  86s                default-scheduler  Successfully assigned default/init1-pod to node01
  Normal   Pulled     86s                kubelet            Container image "nginx:1.22" already present on machine
  Normal   Created    85s                kubelet            Created container nginx1
  Normal   Started    85s                kubelet            Started container nginx1
  Normal   Pulled     85s                kubelet            Container image "nginx:1.22" already present on machine
  Normal   Created    85s                kubelet            Created container nginx2
  Normal   Started    84s                kubelet            Started container nginx2
  Normal   Pulled     39s (x4 over 84s)  kubelet            Container image "nginx:1.22" already present on machine
  Normal   Created    39s (x4 over 83s)  kubelet            Created container nginx3
  Normal   Started    39s (x4 over 83s)  kubelet            Started container nginx3
  Warning  BackOff    14s (x7 over 81s)  kubelet            Back-off restarting failed container
  
  
[root@master01 k8s-yaml]# kubectl exec -it init1-pod -c nginx3 bash  ##已经退出,进去


[root@master01 k8s-yaml]# vim init1.yml 


apiVersion: v1
kind: Pod
metadata:
  name: init1-pod
  labels:
    app: test1
spec:
  initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器
  - name: nginx1
    image: nginx:1.22
    command: ["/bin/bash","-c","touch /opt/123.txt"]
#多个命令   :用逻辑或,&&表示逻辑且
  - name: nginx2
    image: nginx:1.22
    command: ["/bin/bash","-c","touch /opt/123.txt"]
  containers:
  - name: nginx3
    image: nginx:1.22



[root@master01 k8s-yaml]# kubectl apply -f init1.yml --force
[root@master01 k8s-yaml]# kubectl get pod -o wide
[root@master01 k8s-yaml]# kubectl describe pod init1-pod 
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  44s   default-scheduler  Successfully assigned default/init1-pod to node01
  Normal  Pulled     43s   kubelet            Container image "nginx:1.22" already present on machine
  Normal  Created    43s   kubelet            Created container nginx1
  Normal  Started    43s   kubelet            Started container nginx1
  Normal  Pulled     43s   kubelet            Container image "nginx:1.22" already present on machine
  Normal  Created    43s   kubelet            Created container nginx2
  Normal  Started    43s   kubelet            Started container nginx2
  Normal  Pulled     42s   kubelet            Container image "nginx:1.22" already present on machine
  Normal  Created    42s   kubelet            Created container nginx3
  Normal  Started    42s   kubelet            Started container nginx3

[root@master01 k8s-yaml]# kubectl exec -it init1-pod -c nginx3 bash  ##-c 登录容器
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@init1-pod:/# 
root@init1-pod:/# exit
exit

[root@master01 k8s-yaml]# kubectl logs -f init1-pod -c nginx3      ##查看容器日志
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/08/30 03:06:28 [notice] 1#1: using the "epoll" event method
2024/08/30 03:06:28 [notice] 1#1: nginx/1.22.1
2024/08/30 03:06:28 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 
2024/08/30 03:06:28 [notice] 1#1: OS: Linux 3.10.0-957.el7.x86_64
2024/08/30 03:06:28 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 65536:65536
2024/08/30 03:06:28 [notice] 1#1: start worker processes
2024/08/30 03:06:28 [notice] 1#1: start worker process 29
2024/08/30 03:06:28 [notice] 1#1: start worker process 30
2024/08/30 03:06:28 [notice] 1#1: start worker process 31
2024/08/30 03:06:28 [notice] 1#1: start worker process 32






错误的初始化nginx容器启动失败,后续的业务容器也起不来
[root@master01 k8s-yaml]# vim init1.yml 

apiVersion: v1
kind: Pod
metadata:
  name: init1-pod
  labels:
    app: test1
spec:
  initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器
  - name: nginx1
    image: nginx:1.22
    command: ["/bin/bash","-c","touch /uipt/123.txt"]
#多个命令   :用逻辑或,&&表示逻辑且
  - name: nginx2
    image: nginx:1.22
    command: ["/bin/bash","-c","touch /opt/123.txt"]
  containers:
  - name: nginx3
    image: nginx:1.22
[root@master01 k8s-yaml]# kubectl apply -f init1.yml --force
[root@master01 k8s-yaml]# kubectl describe pod init1-pod 



Events:
  Type     Reason     Age              From               Message
  ----     ------     ----             ----               -------
  Normal   Scheduled  7s               default-scheduler  Successfully assigned default/init1-pod to node01
  Normal   Pulled     6s (x2 over 7s)  kubelet            Container image "nginx:1.22" already present on machine
  Normal   Created    6s (x2 over 7s)  kubelet            Created container nginx1
  Normal   Started    6s (x2 over 7s)  kubelet            Started container nginx1
  Warning  BackOff    4s (x2 over 5s)  kubelet            Back-off restarting failed container
[root@master01 k8s-yaml]# kubectl get pod
NAME        READY   STATUS                  RESTARTS   AGE
init-pod    1/1     Running                 0          39m
init1-pod   0/1     Init:CrashLoopBackOff   2          35s

1.4、init容器的作用:

1、创建pod的时候,可以位业务容器初始化运行条件以及提供环境变量和一些软件(自定义)

2、权限,初始化容器可以访问Serects权限,不需要配置。业务容器必须要配置之后才能访问serect。

可以业务容器运行之前,提供一些必要的条件,前置条件满足之后,业务容器才会运行。

1.5、镜像拉取策略:

1、IfNotPresent:镜像在本地已经存在,就不会到镜像仓库再一次拉取镜像。(默认方式)
2、Always: 每次创建pod都会拉取镜像
3、Never:从来不去仓库拉取镜像,只使用本地镜像

镜像的标签:nginx:1.22 nginx 1.22

如果不加标签 nginx 默认 nginx:laster laster指的是最新版

如果没有镜像拉取策略,默认策略就默认策略就是IfNotPresent,但是如果镜像没有指定标签,即使没有声明镜像的拉取策略。默认就是始终。

nginx:1.22----IfNotPresent-------指定版本号镜像拉取策略就是IfNotPresent

nginx:laster----Always-------不指定版本号镜像拉取策略就是Always

[root@master01 k8s-yaml]# vim init.yml 

apiVersion: v1
kind: Pod
metadata:
  name: init-pod
  labels:
    app: test1
spec:
  volumes:
  - name: testdata
    emptyDir: {}
  initContainers:
#定义pod的内部的初始化容器-----一个pod里面有多个容器-----初始化容器
  - name: centos1
    image: centos:7
    command: ["/bin/bash","-c","echo 123 > /opt/data/123.txt && sleep 2"]
#多个命令   :用逻辑或,&&表示逻辑且
    volumeMounts:
    - name: testdata
      mountPath: /opt/data
  - name: centos2
    image: centos:7
    command: ["/bin/bash","-c","echo 345 > /opt/data/345.txt && sleep 50"]
    volumeMounts:
    - name: testdata
      mountPath: /opt/data
  containers:
  - name: centos3
    image: centos:7
    command: ["/bin/bash","-c","echo 567 > /opt/data/567.txt && sleep 3600"]
    volumeMounts:
    - name: testdata
      mountPath: /opt/data


[root@master01 k8s-yaml]# kubectl apply -f init.yml --force

[root@master01 k8s-yaml]# kubectl describe pod init-pod 

[root@master01 k8s-yaml]# kubectl get pod
NAME        READY   STATUS                  RESTARTS   AGE
init-pod    0/1     Init:1/2                0          44s
init1-pod   0/1     Init:CrashLoopBackOff   7          11m
[root@master01 k8s-yaml]# kubectl get pod
NAME        READY   STATUS                  RESTARTS   AGE
init-pod    0/1     PodInitializing         0          54s
init1-pod   0/1     Init:CrashLoopBackOff   7          11m
[root@master01 k8s-yaml]# kubectl exec -it init-pod bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
[root@init-pod /]# cd /opt/
[root@init-pod opt]# ls
data
[root@init-pod opt]# cd data/
[root@init-pod data]# ls
123.txt  345.txt  567.txt
[root@init-pod data]# cat 123.txt 
123

镜像拉取策略imagePullPolicy: Always
[root@master01 k8s-yaml]# vim init2.yml 

apiVersion: v1
kind: Pod
metadata:
  name: init2-pod
  labels:
    app: test1
spec:
  containers:
  - name: centos3
    image: centos:7
    imagePullPolicy: Always
~                             
[root@master01 k8s-yaml]# kubectl apply -f init2.yml --force
[root@master01 k8s-yaml]# kubectl describe pod init2-pod 


Events:
  Type     Reason     Age                   From               Message
  ----     ------     ----                  ----               -------
  Normal   Scheduled  3m19s                 default-scheduler  Successfully assigned default/init2-pod to node02
  Normal   Pulled     2m31s                 kubelet            Successfully pulle
镜像拉取策略imagePullPolicy: Never
[root@master01 k8s-yaml]# vim init2.yml 

apiVersion: v1
kind: Pod
metadata:
  name: init2-pod
  labels:
    app: test1
spec:
  containers:
  - name: centos3
    image: centos
    imagePullPolicy: Never
[root@master01 k8s-yaml]# kubectl apply -f init2.yml --force
[root@master01 k8s-yaml]# kubectl describe pod init2-pod 
Events:
  Type     Reason     Age               From               Message
  ----     ------     ----              ----               -------
  Normal   Scheduled  10s               default-scheduler  Successfully assigned default/init2-pod to node02
  Normal   Pulled     9s (x2 over 10s)  kubelet            Container image "centos" already present on machine
  Normal   Created    9s (x2 over 10s)  kubelet            Created container centos3
  Normal   Started    9s (x2 over 10s)  kubelet            Started container centos3
  Warning  BackOff    7s (x2 over 8s)   kubelet            Back-off restarting failed container


镜像拉取策略imagePullPolicy: IfNotPresent
[root@master01 k8s-yaml]# vim init2.yml 

apiVersion: v1
kind: Pod
metadata:
  name: init2-pod
  labels:
    app: test1
spec:
  containers:
  - name: centos3
    image: centos:7
    imagePullPolicy: IfNotPresent    


[root@master01 k8s-yaml]# kubectl describe pod init2-pod 

Events:
  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  34s                default-scheduler  Successfully assigned default/init2-pod to node02
  Normal   Pulled     16s (x3 over 34s)  kubelet            Container image "centos:7" already present on machine
镜像拉取策略imagePullPolicy: IfNotPresent----未指定版本
[root@master01 k8s-yaml]# vim init2.yml 

apiVersion: v1
kind: Pod
metadata:
  name: init2-pod
  labels:
    app: test1
spec:
  containers:
  - name: centos3
    image: centos
    imagePullPolicy: IfNotPresent
[root@master01 k8s-yaml]# kubectl apply -f init2.yml --force
[root@master01 k8s-yaml]# kubectl describe pod init2-pod 
Events:
  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  14s                default-scheduler  Successfully assigned default/init2-pod to node02
  Normal   Pulled     12s (x2 over 13s)  kubelet            Container image "centos" already present on machine
  Normal   Created    12s (x2 over 13s)  kubelet            Created container centos3
  Normal   Started    12s (x2 over 13s)  kubelet            Started container centos3
  Warning  BackOff    10s (x2 over 11s)  kubelet            Back-off restarting failed container





镜像拉取策略未指定版本,未指定策略
[root@master01 k8s-yaml]# vim init2.yml 

apiVersion: v1
kind: Pod
metadata:
  name: init2-pod
  labels:
    app: test1
spec:
  containers:
  - name: centos3
    image: centos
   # imagePullPolicy: IfNotPresent 

[root@master01 k8s-yaml]# kubectl apply -f init2.yml --force
[root@master01 k8s-yaml]# kubectl describe pod init2-pod 
Events:
  Type     Reason     Age              From               Message
  ----     ------     ----             ----               -------
  Normal   Scheduled  7s               default-scheduler  Successfully assigned default/init2-pod to node02
  Normal   Pulling    5s (x2 over 7s)  kubelet            Pulling image "centos"
[root@master01 k8s-yaml]# kubectl describe pod init2-pod 
Events:
  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  86s                default-scheduler  Successfully assigned default/init2-pod to node02
  Normal   Pulled     84s                kubelet            Successfully pulled image "centos" in 1.127308104s
  Normal   Pulled     83s                kubelet            Successfully pulled image "centos" in 1.190259011s
  Normal   Pulled     66s                kubelet            Successfully pulled image "centos" in 1.472428673s

二、https就是加密的http

端口443

tcp,建立连接和普通的tcp是一样的

三次握手------->SSL/TCL握手,握手过程是为了建立安全的加密通信通道

SSL/TCL握手的过程:

1、客户端向服务端发送一个信息,包含客户端支持的SSL/TCL的协议版本,加密算法的列表,随机数等等。

2、服务端收到消息之后,回复客户端,确认使用的SSL/TCL的加密版本,加密算法,发送随机数给客户端

发送随机数是为了双方确认身份。

3、服务端发送数字证书给客户端,数字证书包含服务器的公匙

数字证书.……买,第二种,服务器自己签发(自己做)客户端有了公钥之后,就可以确认服务器的真实身份。

4、密钥交换,服务端和客户端协商一个对称加密的密钥,用于后续的加密通信。密钥怎么生成:服务器的公钥加密之后生成客户端的对称密钥,然后服务器解密,得到密钥。

5、只有上述完成之后,服务端和客户端才能进行加密的通信。加密的本质就是服务器和客户端之间互相认证的密钥对。

在这里插入图片描述

三、https和docker harbor仓库:

------------------安装docker------------------

[root@k8s4 ~]#systemctl stop firewalld

[root@k8s4 ~]#setenforce 0

yum install -y yum-utils device-mapper-persistent-data lvm2 

yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 

yum install -y docker-ce-24.0.1 docker-ce-cli-24.0.1 containerd.io

[root@k8s4 ~]#vim /etc/docker/daemon.json 

{
  "registry-mirrors": [
                "https://hub-mirror.c.163.com",
                "https://docker.m.daocloud.io",
                "https://ghcr.io",
                "https://mirror.baidubce.com",
                "https://docker.nju.edu.cn"
   ]
}


[root@k8s4 ~]# systemctl daemon-reload 
[root@k8s4 ~]# systemctl restart docker
[root@k8s4 ~]# systemctl enable docker
-------------------------------------------------

-----------------安装docker-compose、harbor-offline-installer-------------------------
[root@k8s4 ~]# cd /opt/
[root@k8s4 opt]# rz -E
rz waiting to receive.
[root@k8s4 opt]# rz -E
rz waiting to receive.
[root@k8s4 opt]# ls
containerd                   harbor-offline-installer-v2.8.1.tgz  test
docker-compose-linux-x86_64  jenkins-2.396-1.1.noarch.rpm
[root@k8s4 opt]#  mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
[root@k8s4 opt]# chmod +x /usr/local/bin/docker-compose
[root@k8s4 opt]# tar zxvf harbor-offline-installer-v2.8.1.tgz
harbor/harbor.v2.8.1.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
--------------------安装完成---------------------


------------------制作https-------------------
[root@k8s4 harbor]# cp harbor.yml.tmpl harbor.yml
[root@k8s4 harbor]# mkdir -p /data/cert
[root@k8s4 harbor]# cd /data/cert/
[root@k8s4 cert]# ls
[root@k8s4 cert]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
................................................................+++
...............................................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:123456
Verifying - Enter pass phrase for server.key:123456


解释:
openssl genrsa -des3 -out server.key 2048

openssl :生成RSA的密钥

genrsa 生成RSA的密钥

-des3 :DES的加密算法对私钥进程加密

-out server.key :私钥文件的文件名

2048:指定 RSA 密钥的位数为 2048 位


根据私钥文件按签发请求文件:
[root@k8s4 cert]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:123456
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:JS
Locality Name (eg, city) [Default City]:NJ
Organization Name (eg, company) [Default Company Ltd]:XY
Organizational Unit Name (eg, section) []:XY
Common Name (eg, your name or your server's hostname) []:hub.dn.com
Email Address []:admin@qq.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@k8s4 cert]# ls
server.csr  server.key
[root@k8s4 cert]# cp server.key server.key.org
[root@k8s4 cert]# ls
server.csr  server.key  server.key.org
[root@k8s4 cert]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:123456
writing RSA key
[root@k8s4 cert]# openssl x509 -req -days 1000 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=JS/L=NJ/O=XY/OU=XY/CN=hub.dn.com/emailAddress=admin@qq.com
Getting Private key

解释:
openssl x509 -req -days 1000 -in server.csr -signkey server.key -out server.crt

对证书进行签名:

x509:x509证书是openssl常用的公钥证书的标准

-req:输入的文件内置一个证书签名请求,CSR来对CRT文件进行签名证书

-days 1000:证书的有效期是1000天

-in server.csr指定证书签名请求文件.csr

-signkey server.key :用私钥文件对生成的证书进行私自签名,私钥CSR中的公钥是匹配的

-out server.crt:生成自签名证书文件

[root@k8s4 cert]# chmod 777 /data/cert/*
[root@k8s4 cert]# ls
server.crt  server.csr  server.key  server.key.org
[root@k8s4 cert]# cd /opt/harbor/
[root@k8s4 harbor]# ls
common.sh             harbor.yml       install.sh  prepare
harbor.v2.8.1.tar.gz  harbor.yml.tmpl  LICENSE
[root@k8s4 harbor]# vim harbor.yml
harbor.yml       harbor.yml.tmpl  
[root@k8s4 harbor]# vim harbor.yml

  5 hostname: hub.test.com
 17   certificate: /data/cert/server.crt
 18   private_key: /data/cert/server.key
 34 harbor_admin_password: 123456
[root@k8s4 harbor]# ./prepare 
[root@k8s4 harbor]# ./install.sh 
[root@k8s4 /]# scp -r /data root@192.168.168.81:/
[root@k8s4 /]# scp -r /data root@192.168.168.82:/
[root@k8s4 /]# scp -r /data root@192.168.168.83:/
------------------https完成-----------------------


------------三台k8s一起操作-----------------------
[root@master01 k8s-yaml]# mkdir -p /etc/docker/certs.d/hub.test.com
[root@master01 k8s-yaml]# cd /data/cert/
[root@master01 cert]# ls
server.crt  server.csr  server.key  server.key.org
[root@master01 cert]# cp server.crt server.csr server.key /etc/docker/certs.d/hub.test.com/
[root@master01 cert]# cd /etc/docker/certs.d/hub.test.com/
[root@master01 hub.test.com]# ls
server.crt  server.csr  server.key
[root@master01 hub.test.com]# vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.168.81 master01
192.168.168.82 node01
192.168.168.83 node02
192.168.168.84 hub.test.com
[root@master01 hub.test.com]# vim /lib/systemd/system/docker.service

前面已经做好映射,指定镜像仓库
 13 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry=hub.test.com
[root@master01 hub.test.com]# systemctl daemon-reload 
[root@master01 hub.test.com]# systemctl restart docker

[root@master01 hub.test.com]# docker login -u admin -p 123456 https://hub.test.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
--------------------结束同步操作---------------------
[root@node02 hub.test.com]# docker images
[root@node02 hub.test.com]# docker tag nginx:1.22 hub.test.com/test1/nginx:v1
[root@node02 hub.test.com]# docker push hub.test.com/test1/nginx:v1


##此处删除标签镜像,是为了从远程仓库中拉取
[root@node02 hub.test.com]# docker rmi -f hub.test.com/test1/nginx:v1
Untagged: hub.test.com/test1/nginx:v1
Untagged: hub.test.com/test1/nginx@sha256:9081064712674ffcff7b7bdf874c75bcb8e5fb933b65527026090dacda36ea8b

[root@master01 k8s-yaml]# vim init1.yml 

apiVersion: v1
kind: Pod
metadata:
  name: init1-pod
  labels:
    app: test1
spec:
  containers:
  - name: nginx1
    image: hub.test.com/test1/nginx:v1
[root@master01 k8s-yaml]# kubectl apply -f init1.yml
[root@master01 k8s-yaml]# kubectl get pod
[root@master01 k8s-yaml]# kubectl describe pod init1-pod 


Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  10s   default-scheduler  Successfully assigned default/init1-pod to node02
  Normal  Pulling    10s   kubelet            Pulling image "hub.test.com/test1/nginx:v1"
  Normal  Pulled     10s   kubelet            Successfully pulled image "hub.test.com/test1/nginx:v1" in 84.327079ms
  Normal  Created    10s   kubelet            Created container nginx1
  Normal  Started    10s   kubelet            Started container nginx1

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

在这里插入图片描述

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/2090277.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

基于Android+SQLite数据库开发Java考试App

项目简介 Java课程考试App是基于AndroidStudio和SQLite数据库开发的一款App可以实现教师考生双端登录并使用相应功能。以Java课程作为设计主题&#xff0c;针对它们设计、实现一个考试APP。满足教师用户通过APP进行考生管理&#xff08;考生信息的增删改查&#xff09;、试题管…

Python 项目及依赖管理工具技术选型

Python 项目及依赖管理工具&#xff0c;类似于 Java 中的 Maven 与 Node 中的 npm webpack&#xff0c;在开发和维护项目时起着重要的作用。使用适当的依赖管理工具可以显著提高开发效率&#xff0c;减少依赖冲突&#xff0c;确保项目的稳定性、可靠性和安全性。 一、常见项目…

怎样把图片转换成pdf文件?分享图片转PDF的九个转换方法(新)

图片转为pdf怎么弄&#xff1f;图片和pdf是两种完全不同的文件类型&#xff0c;图片转pdf的是一个比较常见的格式转换需求&#xff0c;尤其是需要分享图片合集时。 图片转换成pdf文件可以借助专业的pdf转换器实现&#xff0c;只需要简单几个步骤就能轻松搞定。无论是图片转pdf&…

北斗系统助力低空经济腾飞:未来发展无限可能

近年来&#xff0c;随着科技的飞速发展&#xff0c;北斗卫星导航系统&#xff08;Beidou Satellite Navigation System, BDS&#xff09;在我国乃至全球范围内的应用日益广泛。尤其在低空经济领域&#xff0c;北斗系统作为新基建的重要组成部分&#xff0c;正在发挥着不可替代的…

JMeter之上传文件同时带有参数

文章目录 业务场景使用坑 业务场景 针对下述接口构建jmeter测试&#xff0c;这是个post接口&#xff0c;在上传文件file的同时指定变量groupId的值 PostMapping("/importExcel")public ApiResultDto<String> importExcel(TagChildrenImportDto importDto) {Sec…

Python中对象操作函数

Python中的对象操作函数包括help()、dir()、type()、ascii()等。 1 help()函数 help()函数可以查看指定函数的帮助信息&#xff0c;使用方法如图1所示。 图1 help()函数的使用方法 图1中所示的代码查看了“sorted”函数的帮助信息&#xff0c;包括该函数的作用、参数以及返回…

x264 编码器 AArch64汇编系列:DCT 变换相关汇编函数

DCT变换 在x264_dct_init函数中初始化具体的 dct 实现函数。 4x4 块DCT 变换 c 语言版本实现 4x4DCT 变换函数:sub4x4_dct。pixel_sub_wxh 函数: 这个函数的作用是从两个像素块中减去一个像素块,得到差分值,这些差分值将用于DCT变换。参数: diff:指向存储结果差分值的数组…

高标准城市照明智能化应用,创新城市节能之光

项目背景 在国家推动节约型、智慧化发展的背景下&#xff0c;该城市照明系统亟需智能化升级&#xff0c;以解决现有依赖传统时控器的局限性、能源浪费与照明不足的矛盾&#xff0c;以及依赖人工巡查和市民反馈的低效率、高成本维护等问题。通过引入智能控制系统&#xff0c;实现…

RKNPU2从入门到实践 --- 【10】RKNPU2零拷贝API实现RKNN模型在RK3588开发板上的部署

目录 一、为什么叫零拷贝API&#xff1f; 二、零拷贝API执行流程&#xff08;代码解读&#xff09; 2.1 前奏工作 2.2 main.cc文件的编写&#xff08;代码的编写&#xff09; 2.2.1 第一步&#xff1a;rknn_init接口创建rknn_context对象、加载RKNN模型 2.2.2 第二步…

产品概述Tektronix泰克TCP0030A电流探头TCP0030原装二手

产品概述 Tekronix TCP0030 AC/DC 电流探头是一款高性能且易于使用的探头&#xff0c;它通过可选测量范围增强了带宽&#xff0c;同时还提供了低电流测量能力和精度。Tektronix TCP0030 探头专为具有 TekVPI 探头接口的示波器而设计。 Tektronix TCP0030 AC/DC 电流探头的功能…

浏览器播放RTSP流,支持H264、H265等格式,支持IE、Chrome等浏览器

目录 背景 解决方案 效果 代码 前端代码 后端代码 下载 背景 项目中需要在浏览器中播放RTSP流&#xff0c;实在是不想折腾ActiveX控件 1、麻烦&#xff08;开发麻烦、使用时设置也麻烦&#xff09; 2、非IE浏览器不兼容 解决方案 使用OpenCvSharpNancy写一个解码服…

uniapp秋云图表报错json underfind的原因

如果在使用秋云图表 出现报错 以及只有第一次能够渲染正确的图表 后续刷新都不显示 那么大概率都是因为在刷新页面数据的时候 图标组件自己先执行了一遍&#xff0c;导致在第一遍的时候找不到值而报错 如图所示 只需要在加载数据的时候 加个延时 就可以很好的解决这个问题

记录一下腾讯云即时通信IM(无UI集成)、TRTC做文字、语音、图片、实时音视频聊天遇到的问题

文章目录 简单记录一下通讯IM和TRTC的一些坑&#xff1a;&#xff08;有其他坑再补充......&#xff09;isReady() 一直返回falseSDK_READY监听有时候会不触发getConversationList拉取会话&#xff0c;消息数据里的cloudCustomData经常会丢移动端发图片消息总是卡顿im里的信令消…

SpringBoot+redis+aop处理黑白名单

提示&#xff1a;SpringBootredisaop处理黑白名单 文章目录 目录 文章目录 1.导包 2.配置文件 3.代码 1.返回类型 2.redis 3.redisUtils 4.controller 5.AOP 6.具体实现 4.APIFox压力测试 1.导包 <dependencies><dependency><groupId>org.springf…

Mybatis基础操作学习

文章目录 实施前的准备工作&#xff1a;基础操作演示删除新增修改&#xff08;更新&#xff09;查询条件查询 实施前的准备工作&#xff1a; 准备数据库表创建一个新的springboot工程&#xff0c;选择引入对应的起步依赖&#xff08;mybatis、mysql驱动、lombok&#xff09;ap…

C语言初阶 --- 数据在内存中的存储

&#x1f388; 个人主页&#x1f449;&#xff1a;tbRNA-CSDN博客 &#x1f4af; 个人简介&#xff1a;在校大学生一枚&#x1f48b;. &#x1f60d; 希望我的文章对大家有着不一样的帮助&#xff0c;欢迎大家关注我&#xff0c;感谢大家的多多支持&#xff01; &#x1f389; …

chapter09-OOP高级部分——(final关键字)——day12

目录 394-final基本使用 395-final使用细节1 396-final使用细节2 397-final课堂练习 394-final基本使用 395-final使用细节1 396-final使用细节2 397-final课堂练习 一、 二、 x&#xff1b;相当于修改final x的值&#xff0c;不可以 return x1&#xff1b;这里是可以的

【红队技巧】.Net免杀 绕过主流杀软

【技巧】.Net免杀 绕过主流杀软 前言 最近执行任务时&#xff0c;需要动用自己的免杀知识却发现它们不再生效&#xff0c;于是就有了本文。这次对windows api和C#又有了比在thm​学习时更深的认识和了解。 C#动态加载LoadLinrary受限绕过EnumWindows函数执行shellcode C#动…

Theadlocal是什么?有哪些使用场景?底层实现是什么?

首先在线程里有一个ThreadlocalMap这个变量&#xff0c;在我们调用threadlocal.set&#xff08;&#xff09;方法的时候其实就是操作当前线程的ThreadlocalMap&#xff0c;将threadlocal放到key上将threadlocal的值存入value中。 这是set方法的具体实现。 需要注意的是&#x…

普元Devops-在云主机上拉取harbor的docker镜像并部署

1 前言 本文讲解如何从普元Devops配置构建&#xff0c;从而实现在云主机上拉取Docker镜像&#xff0c;然后运行Docker容器&#xff0c;实现云主机的Docker部署。 2 主要步骤说明 首先&#xff0c;我们有一个Devops服务器&#xff0c;还有一个云主机服务器&#xff0c;还有一个…