一、docker批量导入镜像,修改harbor仓库标签,并推送到harbor仓库
#!/bin/bash
# 192.168.10.85是harbor地址,lllygam是harbor项目
#/root/images/为镜像存储目录
images=`ls /root/images/`
for a in $images; do
docker load -i /root/images/$a
done
new_repository=(`docker images | grep -v 'harbor' | awk -F '/' '{print $NF}' | awk '{print $1}' | grep -v 'REPOSITORY'`)
new_tag=(`docker images | grep -v 'harbor' | awk '{print $2}' | grep -v 'TAG'`)
old_repository=(`docker images | grep -v 'harbor' | awk '{print $1}' | grep -v 'REPOSITORY'`)
old_tag=(`docker images | grep -v 'harbor' | awk '{print $2}' | grep -v 'TAG'`)
a=`docker images | grep -v 'harbor' | grep -v 'REPOSITORY' | wc -l`
for (( i=0; i<$a; i++ ))
do
docker tag ${old_repository[$i]}:${old_tag[$i]} 192.168.10.85/lllygam/${new_repository[$i]}:${new_tag[$i]}
docker push 192.168.10.85/lllygam/${new_repository[$i]}:${new_tag[$i]}
done
delete_repository=(`docker images | grep -v harbor | grep -v 192.168.10.85 | grep -v REPOSITORY | awk '{print $1}'`)
delete_tag=(`docker images | grep -v harbor | grep -v 192.168.10.85 | grep -v REPOSITORY | awk '{print $2}'`)
b=`docker images | grep -v harbor | grep -v 192.168.10.85 | grep -v REPOSITORY |wc -l`
for (( j=0; j<$b; j++ ))
do
docker rmi ${delete_repository[$j]}:${delete_tag[$j]}
done
二、k8s创建secret
- 使用k8s中一个节点登录harbor
docker login 192.168.10.85
注意:如果harbor无法登录,提示Error response from daemon: Get https://192.168.10.85/v2/: x509: cannot validate certificate for 。。。。。。则进行一下操作:
- 修改/etc/docker/daemon.json
vim /etc/docker/daemon.json
{
“registry-mirrors”:[“https://6oem16bw.mirror.aliyuncs.com”],
“exec-opts”: [“native.cgroupdriver=systemd”],
“insecure-registries”:[“192.168.10.85”,“harbor”]
}
systemctl daemon-reload
systemctl restart docker
-
/etc/hosts增加harbor解析。此步骤非常重要,不添加解析登录harbor可能会失败。
2、创建secret资源清单
cat /root/.docker/config.json | base64 -w 0
复制以上结果到secrt资源清单
vim harbor-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: harbor-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjEwLjg1IjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfSwKCQkiaGFyYm9yIjogewoJCQkiYXV0aCI6ICJZV1J0YVc0NlNHRnlZbTl5TVRJek5EVT0iCgkJfQoJfQp9
type: kubernetes.io/dockerconfigjson
更新资源清单
kubectl apply -f harbor-secret.yaml
三、创建pod
vim nginx-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
run: my-nginx
spec:
nodeName: node2
imagePullSecrets:
- name: harbor-secret
containers:
- name: my-nginx
image: 192.168.10.85/lllygam/nginx:1.9.1
ports:
- containerPort: 80
更新资源清单kubectl apply -f nginx-pod.yaml
可以看到,pod已经在节点上运行。