- 1、Docker 官方提供了 Registry 镜像,我们这里就用该方式来自建仓库;
下面是部署的
.yml
文件
启动容器前需要配置持久化存储,否则推送到仓库的镜像都会丢失,无法持久化!
如果是Kind部署的K8s,需要注意Kind容器中是否存在/data/docker
,不存在则新建docker exec -it dbe0bb145add mkdir -p /data/docker
apiVersion: v1
kind: PersistentVolume
metadata:
name: docker-pv-volume
labels:
type: local
spec:
storageClassName: standard
claimRef:
name: docker-pv-claim
namespace: devops-tools
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
local:
path: /data/docker
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- spiders-control-plane
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: docker-pv-claim
namespace: devops-tools
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
apiVersion: apps/v1
kind: Deployment
metadata:
name: docker-registry
spec:
replicas: 1
selector:
matchLabels:
app: docker-registry
template:
metadata:
labels:
app: docker-registry
spec:
containers:
- name: registry
image: registry
env:
- name: bitget_logs_spider
value: "stdout"
resources:
limits:
memory: "3000Mi"
requests:
memory: "3000Mi"
volumeMounts:
- name: registry-storage
mountPath: /var/lib/registry
volumes:
- name: registry-storage
persistentVolumeClaim:
claimName: docker-pv-claim
---
apiVersion: v1
kind: Service
metadata:
name: docker-registry-service
labels:
app: docker-registry
spec:
selector:
app: docker-registry
ports:
- name: registry
protocol: TCP
port: 5000
targetPort: 5000
在内网访问该地址
http://docker-registry-service.devops-tools.svc.cluster.local:5000/v2/_catalog
测试仓库是否部署成功
root@spiders-988547f75-8442p:/spider# curl http://docker-registry-service.devops-tools.svc.cluster.local:5000/v2/_catalog
{"repositories":["spider"]}
- 2、创建 Docker in Docker
需要注意一定要加
"--insecure-registry=http://docker-registry-service.devops-tools.svc.cluster.local:5000"
这个参数,这个参数是K8s的内网地址,因为走http协议,必须在这里对该地址做信任,相当于在/etc/docker/dame.json做了配置;若是没有该配置,Docker push
默认不信任该地址,所以无法推送成功
apiVersion: v1
kind: Pod
metadata:
name: docker-in-docker-pod2
labels:
app: docker-in-docker-pod2
spec:
containers:
- name: docker
image: docker:dind
securityContext:
privileged: true
env:
- name: DOCKER_TLS_CERTDIR
value: ""
args: ["--host=tcp://0.0.0.0:2376", "--storage-driver=overlay2", "--insecure-registry=http://docker-registry-service.devops-tools.svc.cluster.local:5000"]
ports:
- containerPort: 2376
resources:
limits:
memory: "500Mi"
requests:
memory: "500Mi"
---
apiVersion: v1
kind: Service
metadata:
name: docker-in-docker-service2
labels:
app: docker-in-docker-pod2
spec:
ports:
- port: 2376
targetPort: 2376
selector:
app: docker-in-docker-pod2
- 3、将Docker in Docker 配置到K8s集群内的Jenkins,使其具备Docker引擎的能力;详情参考
- 4、Jenkins内新建流水线任务
- 5、配置流水线,并且测试
Docker push
是否能够将镜像推送到第一步
中建立的镜像仓库
内网访问该地址:
http://docker-registry-service.devops-tools.svc.cluster.local:5000/v2/spider/tags/list
查看spider
仓库中所有的tag,看看基础镜像有没有推送到自建的镜像仓库
root@spiders-988547f75-8442p:/spider# curl http://docker-registry-service.devops-tools.svc.cluster.local:5000/v2/spider/tags/list
{"name":"spider","tags":["minibase"]}
将基础镜像从外网迁移到内网
Dockerfile
FROM uhub.service.ucloud.cn/drakespider/spider:minibase
ENV TZ=Asia/Shanghai
# 确保基础镜像不含有代码,否则无法更新
COPY requirements.txt /spider/requirements.txt
WORKDIR /spider
RUN pip install --upgrade pip && pip install -r requirements.txt && pip install --upgrade httpx && pip install --upgrade ccxt && rm requirements.txt
- 6、推送成功,将基础镜像转移到内网
root@spiders-74759c58c7-llghm:/spider# curl http://docker-registry-service.devops-tools.svc.cluster.local:5000/v2/spider/tags/list
{"name":"spider","tags":["dappradar8","minibase"]}
- 7、利用内网基础镜像构建新的镜像并推送到仓库,且部署到K8s
成功构建,成功推送,成功部署
Top comments (0)