首页 > 其他分享 >containerd推送+kaniko build

containerd推送+kaniko build

时间:2024-08-11 11:15:56浏览次数:12  
标签:-- containerd elrepo kaniko yum build https

containerd推送+kaniko build配置简述
前置条件
设置清华yum源
https://mirrors.tuna.tsinghua.edu.cn/help/centos/

下载所有安装包

1.kubernetes1.25.+的二进制包
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.25.md
wget https://dl.k8s.io/v1.25.0/kubernetes-server-linux-amd64.tar.gz
2.下载etcdctl二进制包
https://github.com/etcd-io/etcd/releases
wget https://github.com/etcd-io/etcd/releases/download/v3.5.4/etcd-v3.5.4-linux-amd64.tar.gz
3.containerd二进制包
https://github.com/containerd/containerd/releases
4.containerd带cni插件的二进制包
wget https://github.com/containerd/containerd/releases/download/v1.6.8/cri-containerd-cni-1.6.8-linux-amd64.tar.gz
5.cfssl二进制包
https://github.com/cloudflare/cfssl/releases
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64
6.cni插件
https://github.com/containernetworking/plugins/releases
wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
7.crictl客户端二进制
https://github.com/kubernetes-sigs/cri-tools/releases
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.24.2/crictl-v1.24.2-linux-amd64.tar.gz

初始化

systemctl disable --now firewalld
setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
sed -ri 's/.swap./#&/' /etc/fstab
swapoff -a && sysctl -w vm.swappiness=0

# /dev/mapper/centos-swap swap                    swap    defaults        0 0

# systemctl disable --now NetworkManager
# systemctl start network && systemctl enable network

yum install chrony -y
cat > /etc/chrony.conf << EOF
pool ntp.aliyun.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow x.x.x.x/24
local stratum 10
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
EOF

systemctl restart chronyd ; systemctl enable chronyd

yum install chrony -y
cat > /etc/chrony.conf << EOF
pool 192.168.42.132 iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
EOF

systemctl restart chronyd ; systemctl enable chronyd

chronyc sources -v

ulimit -SHn 65535
cat >> /etc/security/limits.conf <<EOF

  • soft nofile 655360
  • hard nofile 131072
  • soft nproc 655350
  • hard nproc 655350
  • seft memlock unlimited
  • hard memlock unlimitedd
    EOF

yum install -y sshpass
ssh-keygen -f /root/.ssh/id_rsa -P ''
export IP="x.x.x.x j.j.j.j ...."
export SSHPASS=123123
for HOST in $IP;do
sshpass -e ssh-copy-id -o StrictHostKeyChecking=no $HOST
done

yum install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm -y
sed -i "s@mirrorlist@#mirrorlist@g" /etc/yum.repos.d/elrepo.repo
sed -i "[email protected]/[email protected]/elrepo@g" /etc/yum.repos.d/elrepo.repo

yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm -y
sed -i "s@mirrorlist@#mirrorlist@g" /etc/yum.repos.d/elrepo.repo
sed -i "[email protected]/[email protected]/elrepo@g" /etc/yum.repos.d/elrepo.repo

yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
升级内核至4.18版本以上
安装最新的内核
我这里选择的是稳定版kernel-ml 如需更新长期维护版本kernel-lt
yum --enablerepo=elrepo-kernel install kernel-ml

rpm -qa | grep kernel

grubby --default-kernel
/boot/vmlinuz-5.16.7-1.el8.elrepo.x86_64

grubby --set-default /boot/vmlinuz-「您的内核版本」.x86_64

reboot

安装一些工具
yum -y install wget jq psmisc vim net-tools nfs-utils telnet yum-utils device-mapper-persistent-data lvm2 git network-scripts tar curl -y
部署containerd
设置containerd配置文件中的下述部分
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = ""
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["http://registry-1.docker.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.42.132"]
endpoint = ["http://192.168.42.132"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.42.132".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.42.132".auths]
username="admin"
password="Harbor12345"

重启
systemctl restart containerd

部署完k8s系统
部署完Harbor仓库或者docker registry仓库
这里仓库是http协议未使用https
工作目录:/root/kaniko

为k8s添加镜像仓库认证
kubectl create secret docker-registry myregistrykey --docker-server=192.168.42.132 --docker-username=admin --docker-password=Harbor12345
查看
kubectl get secret

写文件
vim Dockerfile
FROM alpine
RUN echo "created from standard input"

设置为pod资源类型的
写文件
vim kaniko.yaml
apiVersion: v1
kind: Pod
metadata:
name: kaniko
spec:
containers:

  • name: kaniko
    image: 192.168.42.132/wxg/kaniko-project-executor:latest
    args: [ "--dockerfile=Dockerfile",
    "--context=/root/kaniko",
    "--destination=192.168.42.132/k8s/kaniko-project-executor:v12"]
    volumeMounts:
    • name: kaniko-secret
      mountPath: /root/.docker
    • name: project-volume
      mountPath: /root/kaniko
      restartPolicy: Never
      volumes:
    • name: kaniko-secret
      secret:
      secretName: myregistrykey
      items:
      - key: .dockerconfigjson
      path: config.json
    • name: project-volume
      hostPath:
      path: /root/kaniko

设置为Job资源类型,100s后销毁Pod
apiVersion: batch/v1
kind: Job
metadata:
name: kaniko
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- name: kaniko
image: 192.168.42.132/wxg/kaniko-project-executor:latest
args: [ "--dockerfile=Dockerfile",
"--context=/tmp",
"--destination=192.168.42.132/k8s/kaniko-project-executor:v14"]
volumeMounts:
- name: kaniko-secret
mountPath: /root/.docker/
- name: project-volume
mountPath: /tmp
restartPolicy: Never
volumes:
- name: kaniko-secret
secret:
secretName: myregistrykey
items:
- key: .dockerconfigjson
path: config.json
- name: project-volume
hostPath:
path: /tmp

标签:--,containerd,elrepo,kaniko,yum,build,https
From: https://www.cnblogs.com/virmpre/p/18353187

相关文章

  • make menuconfig配置buildroot报错
    命令行键入makemenuconfig配置buildroot失败,提示如下ad@ad-vm:~/data/tool/buildroot-2024.02.4$makemenuconfig mkdir-p/home/ad/data/tool/buildroot-2024.02.4/output/build/buildroot-config/lxdialogPKG_CONFIG_PATH=""makeCC="/usr/bin/gcc"HOSTCC=......
  • 配置 Containerd 在 harbor 私有仓库拉取镜像
    unexpectedstatuscode[manifests1.28]:401Unauthorized【问题描述】下载Harbor中的私有镜像时报错:[root@lidabaiapp]#ctr-nharbor.lidabaiimagespull192.168.2.22:443/lidabai/busybox:1.28-kctr:failedtoresolvereference"192.168.2.22:443/lidabai/busyb......
  • 前端HBuilderX HTML5模版,打包成dist 部署
    首先需要修改utils中appConfig.js的ip+路径+域名,使用服务器部署,那么就用服务器的ip,prod-api可以自定义,根据自己的需求起别名找打HBuilderX最上方发行,然后点击找到自己需要的发版,我使用的是网站-PC手机H5找到manifest.json,如果没有域名,点击重新获取即可将获取到的域名......
  • Java包装类;字符串处理类:String;StringBuffer;StringBuilder;字符串处理类的常用方法;异常
    一,包装类      什么是包装类:         包装类是对于八种基本数据类型而言的,八种数据类型都有其对应的包装类。         以前定义变量,经常使用基本数据类型,对于基本数据类型来说,它就是一个数,加点属性,加点方法,加点构造器。  ......
  • StringBuffer和StringBuilder
    StringBuffer和StringBuilder在Java中,StringBuffer和StringBuilder是两个用于字符串操作的类,它们都继承自AbstractStringBuilder类。这两个类提供了一种可变的字符序列,可以用来构建和修改字符串。StringBuffer和StringBuilder的共同点:两者都可以用来创建一个可变的字......
  • String,StringBuilder,StringBuffer
    目录String类创建字符串字符串长度连接字符串创建格式化字符串字符串常量池常见方法charAt(intindex)startWith()endsWithsubstring()split()trim()concat()正则表达式正则表达式实例字符通配符次数通配符其他通配符java.util.regex包捕获组StringBuffer和StringBuilderStringBu......
  • StringBuffer 和 StringBuilder
    StringBuffer和StringBuilder目录StringBuffer和StringBuilderStringBuffer:StringBuilder常用方法StringBuffer:StringBuffer是线程安全的。这意味着它的方法是同步的,可以在多线程环境中使用而不会出现问题。由于同步,StringBuffer的性能比StringBuilder稍低,特别是......
  • VisionPro二次开发学习笔记1-创建基于QuickBuild的C#应用程序
    创建基于QuickBuild的C#应用程序使用的QuickBuild应用程序位于%VPRO_ROOT%/Samples/Programming/QuickBuild/advancedAppOne.vpp中。在继续之前,可以在QuickBuild中运行该应用程序。QuickBuild应用程序使用PatMax查找支架的“耳朵”之一,使用CogFixture工具设置图像的......
  • cartographer之MapBuilder类
    node_main.cc node_main.cc--->node.cc--->map_builder_bridge.cc--->map_builder.ccnode_main.cc:cartographer_ros/cartographer_ros/cartographer_ros/node_main.cc//MapBuilder类是完整的SLAM算法类,包含前端(TransformingTrajectoryBuilder,scantosubmap)、后端(用于......
  • iree 编译流程(2)——buildGlobalOptimizationPassPipeline
    buildGlobalOptimizationPassPipelineIREE::Util::createSimplifyGlobalAccessesPass这个pass主要做这几件事:将不可变globaltensor的load提前到了block的开头,将globaltensor的store安全地挪到block的结尾。进行以下化简:如果loadafterstore,则把load......