1.构建docker镜像,k8s拉取镜像运行
docker自己安装
[root@master1 ~]# docker pull nginx:1.24.0
[root@master1 ~]# mkdir k8s-nginx
[root@master1 ~]# cd k8s-nginx
[root@master1 k8s-nginx]# vim nginx.conf
server_tokens off;server {listen 8010; #web访问端口server_name localhost;keepalive_timeout 65;proxy_connect_timeout 300;proxy_send_timeout 300;proxy_read_timeout 300;location / {root /etc/nginx/dist; #web代码路径index index.html index.htm;}#后端代码接口配置#location /api {# proxy_pass http://127.0.0.1:8001;# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;#}error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}}
[root@master1 k8s-nginx]# mkdir dist #这个dist是前端包目录,我这里只做个测试
[root@master1 k8s-nginx]# cd dist
[root@master1 dist]# vim index.html
this is a test!
写Dockerfile:
[root@master1 k8s-nginx]# vim Dockerfile
FROM nginx:1.24.0COPY nginx.conf /etc/nginx/conf.d/web.confCOPY dist /etc/nginx/dist
构建镜像:
[root@master1 k8s-nginx]# docker build -t nginx:v1 .
Sending build context to Docker daemon 5.12 kB
Step 1/3 : FROM nginx:1.24.0---> 6b753f58c54e
Step 2/3 : COPY nginx.conf /etc/nginx/conf.d/web.conf---> Using cache---> c67c98f8e802
Step 3/3 : COPY dist /etc/nginx/dist---> 546db553f62a
Removing intermediate container d9a8e88cb4da
Successfully built 546db553f62a
将镜像上传到镜像仓库,我这里是上传到阿里云的镜像仓库
仓库地址:
https://cr.console.aliyun.com/cn-zhangjiakou/instance/credentials登录镜像仓库:
docker login --username=asula registry.cn-zhangjiakou.aliyuncs.com推送镜像:
docker tag nginx:v1 registry.cn-zhangjiakou.aliyuncs.com/ymku/nginx:v1
docker push registry.cn-zhangjiakou.aliyuncs.com/ymku/nginx:v1
k8s拉取私有仓库需要登录,有时候不可能为每个k8s节点登录
我们就需要为创建k8s集群的secret,设置秘钥配置imagePullSecrets
1.创建secret
kubectl create secret docker-registry secret名 --docker-server=仓库地址 --docker-username=用户名 --docker-password=密码
例如:
kubectl create secret docker-registry secret-key --docker-server=registry.cn-zhangjiakou.aliyuncs.com --docker-username=ABCD --docker-password=QWER!@
--docker-server=registry.cn-zhangjiakou.aliyuncs.com #阿里云仓库地址
--docker-username=ABCD #阿里云仓库登录的用户名
--docker-password=QWER!@#$ #阿里云仓库的登录密码
2.删除secret
kubectl delete secret secret-key
编写k8s的yaml文件:
[root@master1 k8s-nginx]# vim nginx-test.yaml
apiVersion: v1
kind: Service
metadata:labels:app: nginx-serviename: nginx-servicenamespace: default
spec:ports:#对外暴露端口30003- nodePort: 30003port: 8010protocol: TCPtargetPort: 8010selector:app: nginx-web#NodePort对外暴露端口type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: nginx-webname: nginx-webnamespace: default
spec:replicas: 1selector:matchLabels:app: nginx-webtemplate:metadata:labels:app: nginx-webnamespace: defaultspec:imagePullSecrets:- name: secret-keycontainers:- image: registry.cn-zhangjiakou.aliyuncs.com/ymku/nginx:v1name: nginximagePullPolicy: Alwaysports:- containerPort: 80resources:requests:cpu: 100mmemory: 1Gilimits:cpu: 100mmemory: 1Gi
[root@master1 k8s-nginx]# kubectl apply -f nginx-test.yaml
service/nginx-service configured
deployment.apps/nginx-web created
[root@master1 k8s-nginx]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-web-9f5fbbb7b-bjwvg 1/1 Running 0 3s
验证:http://10.10.10.10:30003/index.html