当前位置：首页 > news >正文

茂名建设中专学校网站网站部署域名

news 2025/11/14 14:29:37

茂名建设中专学校网站,网站部署域名,自媒体135网站,上海住房城乡建设网站证件查询基于containerd容器运行时测试pod从harbor拉取镜像 1、安装高版本containerd2、安装docker3、登录harbor上传镜像4、从harbor拉取镜像 1、安装高版本containerd 集群中各个节点都要操作 yum remove containerd.io -y yum install containerd.io-1.6.22* -y cd /etc/containe… 基于containerd容器运行时测试pod从harbor拉取镜像 1、安装高版本containerd2、安装docker3、登录harbor上传镜像4、从harbor拉取镜像 1、安装高版本containerd 集群中各个节点都要操作 yum remove containerd.io -y yum install containerd.io-1.6.22* -y cd /etc/containerd/ rm -rf *把资料里提供的config.toml文件传到 /etc/containerd/目录下修改config.toml配置文件里的harbor的ip地址变成自己真实环境的harbor的ip [rootmaster containerd]# cat config.toml disabled_plugins [] imports [] oom_score 0 plugin_dir required_plugins [] root /var/lib/containerd state /run/containerd temp version 2[cgroup]path [debug]address format gid 0level uid 0[grpc]address /run/containerd/containerd.sockgid 0max_recv_message_size 16777216max_send_message_size 16777216tcp_address tcp_tls_ca tcp_tls_cert tcp_tls_key uid 0[metrics]address grpc_histogram false[plugins][plugins.io.containerd.gc.v1.scheduler]deletion_threshold 0mutation_threshold 100pause_threshold 0.02schedule_delay 0sstartup_delay 100ms[plugins.io.containerd.grpc.v1.cri]device_ownership_from_security_context falsedisable_apparmor falsedisable_cgroup falsedisable_hugetlb_controller truedisable_proc_mount falsedisable_tcp_service trueenable_selinux falseenable_tls_streaming falseenable_unprivileged_icmp falseenable_unprivileged_ports falseignore_image_defined_volumes falsemax_concurrent_downloads 3max_container_log_line_size 16384netns_mounts_under_state_dir falserestrict_oom_score_adj falsesandbox_image registry.aliyuncs.com/google_containers/pause:3.7selinux_category_range 1024stats_collect_period 10stream_idle_timeout 4h0m0sstream_server_address 127.0.0.1stream_server_port 0systemd_cgroup falsetolerate_missing_hugetlb_controller trueunset_seccomp_profile [plugins.io.containerd.grpc.v1.cri.cni]bin_dir /opt/cni/binconf_dir /etc/cni/net.dconf_template ip_pref max_conf_num 1[plugins.io.containerd.grpc.v1.cri.containerd]default_runtime_name runcdisable_snapshot_annotations truediscard_unpacked_layers falseignore_rdt_not_enabled_errors falseno_pivot falsesnapshotter overlayfs[plugins.io.containerd.grpc.v1.cri.containerd.default_runtime]base_runtime_spec cni_conf_dir cni_max_conf_num 0container_annotations []pod_annotations []privileged_without_host_devices falseruntime_engine runtime_path runtime_root runtime_type [plugins.io.containerd.grpc.v1.cri.containerd.default_runtime.options][plugins.io.containerd.grpc.v1.cri.containerd.runtimes][plugins.io.containerd.grpc.v1.cri.containerd.runtimes.runc]base_runtime_spec cni_conf_dir cni_max_conf_num 0container_annotations []pod_annotations []privileged_without_host_devices falseruntime_engine runtime_path runtime_root runtime_type io.containerd.runc.v2[plugins.io.containerd.grpc.v1.cri.containerd.runtimes.runc.options]BinaryName CriuImagePath CriuPath CriuWorkPath IoGid 0IoUid 0NoNewKeyring falseNoPivotRoot falseRoot ShimCgroup SystemdCgroup true[plugins.io.containerd.grpc.v1.cri.containerd.untrusted_workload_runtime]base_runtime_spec cni_conf_dir cni_max_conf_num 0container_annotations []pod_annotations []privileged_without_host_devices falseruntime_engine runtime_path runtime_root runtime_type [plugins.io.containerd.grpc.v1.cri.containerd.untrusted_workload_runtime.options][plugins.io.containerd.grpc.v1.cri.image_decryption]key_model node[plugins.io.containerd.grpc.v1.cri.registry]config_path [plugins.io.containerd.grpc.v1.cri.registry.auths][plugins.io.containerd.grpc.v1.cri.registry.configs][plugins.io.containerd.grpc.v1.cri.registry.configs.10.32.1.147.tls] # 修改insecure_skip_verify true[plugins.io.containerd.grpc.v1.cri.registry.configs.10.32.1.147.auth] # 修改username adminpassword Harbor12345 # 修改[plugins.io.containerd.grpc.v1.cri.registry.headers][plugins.io.containerd.grpc.v1.cri.registry.mirrors][plugins.io.containerd.grpc.v1.cri.registry.mirrors.10.32.1.147] # 修改endpoint [https://192.168.154.247:443][plugins.io.containerd.grpc.v1.cri.registry.mirrors.docker.io]endpoint [https://vh3bm52y.mirror.aliyuncs.com,https://registry.docker-cn.com][plugins.io.containerd.grpc.v1.cri.x509_key_pair_streaming]tls_cert_file tls_key_file [plugins.io.containerd.internal.v1.opt]path /opt/containerd[plugins.io.containerd.internal.v1.restart]interval 10s[plugins.io.containerd.internal.v1.tracing]sampling_ratio 1.0service_name containerd[plugins.io.containerd.metadata.v1.bolt]content_sharing_policy shared[plugins.io.containerd.monitor.v1.cgroups]no_prometheus false[plugins.io.containerd.runtime.v1.linux]no_shim falseruntime runcruntime_root shim containerd-shimshim_debug false[plugins.io.containerd.runtime.v2.task]platforms [linux/amd64]sched_core false[plugins.io.containerd.service.v1.diff-service]default [walking][plugins.io.containerd.service.v1.tasks-service]rdt_config_file [plugins.io.containerd.snapshotter.v1.aufs]root_path [plugins.io.containerd.snapshotter.v1.btrfs]root_path [plugins.io.containerd.snapshotter.v1.devmapper]async_remove falsebase_image_size discard_blocks falsefs_options fs_type pool_name root_path [plugins.io.containerd.snapshotter.v1.native]root_path [plugins.io.containerd.snapshotter.v1.overlayfs]root_path upperdir_label false[plugins.io.containerd.snapshotter.v1.zfs]root_path [plugins.io.containerd.tracing.processor.v1.otlp]endpoint insecure falseprotocol [proxy_plugins][stream_processors][stream_processors.io.containerd.ocicrypt.decoder.v1.tar]accepts [application/vnd.oci.image.layer.v1.tarencrypted]args [--decryption-keys-path, /etc/containerd/ocicrypt/keys]env [OCICRYPT_KEYPROVIDER_CONFIG/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf]path ctd-decoderreturns application/vnd.oci.image.layer.v1.tar[stream_processors.io.containerd.ocicrypt.decoder.v1.tar.gzip]accepts [application/vnd.oci.image.layer.v1.targzipencrypted]args [--decryption-keys-path, /etc/containerd/ocicrypt/keys]env [OCICRYPT_KEYPROVIDER_CONFIG/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf]path ctd-decoderreturns application/vnd.oci.image.layer.v1.targzip[timeouts]io.containerd.timeout.bolt.open 0sio.containerd.timeout.shim.cleanup 5sio.containerd.timeout.shim.load 5sio.containerd.timeout.shim.shutdown 3sio.containerd.timeout.task.state 2s[ttrpc]address gid 0uid 02、安装docker 集群中各个节点都要操作 yum install docker-ce -y systemctl start docker在安装harbor的主机上vim /etc/docker/daemon.json [rootmaster ~]# cat /etc/docker/daemon.json {insecure-registries:[10.32.1.147], # 添加harbor ipregistry-mirrors:[https://vh3bm52y.mirror.aliyuncs.com,https://registry.docker-cn.com,https://docker.mirrors.ustc.edu.cn,https://dockerhub.azk8s.cn,http://hub-mirror.c.163.com],exec-opts: [native.cgroupdriversystemd]}3、登录harbor上传镜像 harbor安装参考 https://blog.csdn.net/wowenlong/article/details/127072657 [rootmaster ~]# systemctl restart docker [rootmaster ~]# docker login 10.32.1.147 Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeededdocker pull nginx docker tag nginx:latest 10.32.1.147/library/nginx:v1.0 docker push 10.32.1.147/library/nginx:v1.0访问harborhttps://10.32.1.147/ 账号admin密码Harbor12345查看 4、从harbor拉取镜像因为每个节点的docker都配置了herbor的仓库地址/etc/docker/daemon.json 中设置的所以运行pod的时候会去仓库拉取镜像 [rootmaster 20]# cat pod.yaml apiVersion: v1 kind: Pod metadata:name: nginxnamespace: default spec:containers:- name: nginximage: 10.32.1.147/library/nginx:v1.0imagePullPolicy: Always [rootmaster 20]# kubectl apply -f pod.yaml [rootmaster 20]# kubectl get pod|grep nginx nginx 1/1 Running 0 1m

查看全文

http://www.zqtcl.cn/news/954428/