DEV Community

drake
drake

Posted on • Edited on

在K8s内自建镜像仓库

  • 1、Docker 官方提供了 Registry 镜像,我们这里就用该方式来自建仓库; 下面是部署的.yml文件

启动容器前需要配置持久化存储,否则推送到仓库的镜像都会丢失,无法持久化!
如果是Kind部署的K8s,需要注意Kind容器中是否存在/data/docker,不存在则新建 docker exec -it dbe0bb145add mkdir -p /data/docker

apiVersion: v1
kind: PersistentVolume
metadata:
  name: docker-pv-volume
  labels:
    type: local
spec:
  storageClassName: standard
  claimRef:
    name: docker-pv-claim
    namespace: devops-tools
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteOnce
  local:
    path: /data/docker
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - spiders-control-plane
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: docker-pv-claim
  namespace: devops-tools
spec:
  storageClassName: standard
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi
Enter fullscreen mode Exit fullscreen mode
apiVersion: apps/v1
kind: Deployment
metadata:
  name: docker-registry
spec:
  replicas: 1
  selector:
    matchLabels:
      app: docker-registry
  template:
    metadata:
      labels:
        app: docker-registry
    spec:
      containers:
        - name: registry
          image: registry
          env:
            - name: bitget_logs_spider
              value: "stdout"
          resources:
            limits:
              memory: "3000Mi"
            requests:
              memory: "3000Mi"
          volumeMounts:
            - name: registry-storage
              mountPath: /var/lib/registry
      volumes:
        - name: registry-storage
          persistentVolumeClaim:
              claimName: docker-pv-claim
---
apiVersion: v1
kind: Service
metadata:
  name: docker-registry-service
  labels:
    app: docker-registry
spec:
  selector:
    app: docker-registry
  ports:
    - name: registry
      protocol: TCP
      port: 5000
      targetPort: 5000
Enter fullscreen mode Exit fullscreen mode

在内网访问该地址http://docker-registry-service.devops-tools.svc.cluster.local:5000/v2/_catalog测试仓库是否部署成功

root@spiders-988547f75-8442p:/spider# curl http://docker-registry-service.devops-tools.svc.cluster.local:5000/v2/_catalog
{"repositories":["spider"]}
Enter fullscreen mode Exit fullscreen mode
  • 2、创建 Docker in Docker

需要注意一定要加"--insecure-registry=http://docker-registry-service.devops-tools.svc.cluster.local:5000"这个参数,这个参数是K8s的内网地址,因为走http协议,必须在这里对该地址做信任,相当于在/etc/docker/dame.json做了配置;若是没有该配置,Docker push默认不信任该地址,所以无法推送成功

apiVersion: v1
kind: Pod
metadata:
  name: docker-in-docker-pod2
  labels:
    app: docker-in-docker-pod2
spec:
  containers:
  - name: docker
    image: docker:dind
    securityContext:
      privileged: true
    env:
      - name: DOCKER_TLS_CERTDIR
        value: ""
    args: ["--host=tcp://0.0.0.0:2376", "--storage-driver=overlay2", "--insecure-registry=http://docker-registry-service.devops-tools.svc.cluster.local:5000"]
    ports:
      - containerPort: 2376
    resources:
      limits:
        memory: "500Mi"
      requests:
        memory: "500Mi"

---
apiVersion: v1
kind: Service
metadata:
  name: docker-in-docker-service2
  labels:
    app: docker-in-docker-pod2
spec:
  ports:
    - port: 2376
      targetPort: 2376
  selector:
    app: docker-in-docker-pod2
Enter fullscreen mode Exit fullscreen mode
  • 3、将Docker in Docker 配置到K8s集群内的Jenkins,使其具备Docker引擎的能力;详情参考
  • 4、Jenkins内新建流水线任务

点击新建

Image description

  • 5、配置流水线,并且测试Docker push是否能够将镜像推送到第一步中建立的镜像仓库

内网访问该地址:http://docker-registry-service.devops-tools.svc.cluster.local:5000/v2/spider/tags/list查看spider仓库中所有的tag,看看基础镜像有没有推送到自建的镜像仓库

root@spiders-988547f75-8442p:/spider# curl http://docker-registry-service.devops-tools.svc.cluster.local:5000/v2/spider/tags/list
{"name":"spider","tags":["minibase"]}
Enter fullscreen mode Exit fullscreen mode

将基础镜像从外网迁移到内网Dockerfile

FROM uhub.service.ucloud.cn/drakespider/spider:minibase
ENV TZ=Asia/Shanghai
# 确保基础镜像不含有代码,否则无法更新
COPY requirements.txt /spider/requirements.txt
WORKDIR /spider
RUN pip install --upgrade pip && pip install -r requirements.txt && pip install --upgrade httpx && pip install --upgrade ccxt && rm requirements.txt
Enter fullscreen mode Exit fullscreen mode

Image description

Image description

  • 6、推送成功,将基础镜像转移到内网

Image description

root@spiders-74759c58c7-llghm:/spider# curl http://docker-registry-service.devops-tools.svc.cluster.local:5000/v2/spider/tags/list
{"name":"spider","tags":["dappradar8","minibase"]}
Enter fullscreen mode Exit fullscreen mode
  • 7、利用内网基础镜像构建新的镜像并推送到仓库,且部署到K8s

成功构建,成功推送,成功部署

Image description

Image description

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read full post →

Top comments (0)

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up