Kubernetes 镜像制作
官网centos:latest镜像
从官网拉取的centos:latest镜像,启动容器后,容器内部没有进程,导致容器启动成功后就退出了(类似没有nginx、httpd等),所以pod状态是CrashLoopBackOff
[zhangpeng@27ops ~]$ kubectl create deployment webtest2 --image=centos
deployment.apps/webtest2 created
[zhangpeng@27ops ~]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
webtest-65fdf7d97d-xvptx 1/1 Running 0 4h44m
webtest2-68cc967494-cxj94 0/1 CrashLoopBackOff 1 25s
webtest3-789c5b5cbf-kzwdn 1/1 Running 0 41m
[zhangpeng@27ops ~]$ kubectl describe pod webtest2-68cc967494-cxj94
Name: webtest2-68cc967494-cxj94
Namespace: default
Priority: 0
Node: 27ops.com/10.0.20.7
Start Time: Mon, 04 Apr 2022 23:57:19 +0800
Labels: app=webtest2
pod-template-hash=68cc967494
Annotations: <none>
Status: Running
IP: 10.244.0.18
IPs:
IP: 10.244.0.18
Controlled By: ReplicaSet/webtest2-68cc967494
Containers:
centos:
Container ID: docker://ad604a5c4812729502bcfa40c4376f7cd3f1d86772e123ddd61fe30d987e6428
Image: centos
Image ID: docker-pullable://centos@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Port: <none>
Host Port: <none>
State: Terminated
Reason: Completed
Exit Code: 0
Started: Mon, 04 Apr 2022 23:57:48 +0800
Finished: Mon, 04 Apr 2022 23:57:48 +0800
Last State: Terminated
Reason: Completed
Exit Code: 0
Started: Mon, 04 Apr 2022 23:57:29 +0800
Finished: Mon, 04 Apr 2022 23:57:29 +0800
Ready: False
Restart Count: 2
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-xzbvm (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-xzbvm:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 39s default-scheduler Successfully assigned default/webtest2-68cc967494-cxj94 to 27ops.com
Normal Pulled 34s kubelet Successfully pulled image "centos" in 4.548623818s
Normal Pulled 29s kubelet Successfully pulled image "centos" in 4.558372712s
Normal Pulling 15s (x3 over 39s) kubelet Pulling image "centos"
Normal Created 10s (x3 over 34s) kubelet Created container centos
Normal Started 10s (x3 over 34s) kubelet Started container centos
Normal Pulled 10s kubelet Successfully pulled image "centos" in 5.355925936s
Warning BackOff 9s (x3 over 29s) kubelet Back-off restarting failed container
[zhangpeng@27ops ~]$
创建Dockerfile
[root@27ops zhangpeng]# cat Dockerfile
FROM centos:latest
MAINTAINER Mars
LABEL build-date="2021-04-04" \
name="27ops Base Image" \
vendor="Mars"
# 最新centos8 yum源有问题。自己需要配置一份
ADD ./yum.repos.d /root/yum.repos.d
# 个人网站文件
ADD ./27ops /root/27ops
RUN mkdir /data && cp -r /root/27ops /data/27ops && rm -rf /etc/yum.repos.d && cp -r /root/yum.repos.d /etc && rm -f /etc/localtime && ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && yum -y install python3-pip && pip3 install mkdocs && yum clean all
RUN cp /root/base.html /usr/local/lib/python3.6/site-packages/mkdocs/themes/mkdocs/base.html && yum clean all
EXPOSE 8000
CMD ["mkdocs","serve","-a","0.0.0.0:8000","-f","/data/27ops/mkdocs.yml"]
[root@27ops zhangpeng]#
构建镜像
docker build --rm --tag mkdocs:v1.1 .
启动Pod
kubectl create deployment webtest3 --image=mkdocs:1.1
创建SvC
kubectl expose deployment webtest3 --port=8000 --target-port=8000 --name=webtest3 --type=NodePort
[zhangpeng@27ops zhangpeng]$ kg svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 192.168.2.1 <none> 443/TCP 150d
webtest3 NodePort 192.168.2.1 <none> 8000:31756/TCP 31m
[zhangpeng@27ops zhangpeng]$
[zhangpeng@27ops ~]$ curl -v http://127.0.0.1:31756
* Rebuilt URL to: http://127.0.0.1:31756/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 31756 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:31756
> User-Agent: curl/7.61.1
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Date: Mon, 04 Apr 2022 16:04:29 GMT
< Server: WSGIServer/0.2 CPython/3.6.8
< Content-Type: text/html
< Content-Length: 19633
<
<!DOCTYPE html>
构建镜像相关报错及解决
问题一
CentOS-8 - AppStream 46 B/s | 38 B 00:00
Error: Failed to download metadata for repo 'AppStream': Cannot prepare internal mirrorlist: No URLs in mirrorlist
解决方法
自2022年1月31日起,CentOS团队从官方镜像中移除CentOS 8的所有包,但软件包仍在官方镜像上保留一段时间。现在被转移到https://vault.centos.org。如需继续运行旧CentOS 8,可以在/etc/yum.repos中更新repos.d,使用vault.centos.org代替mirror.centos.org
sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
问题二
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
privateged 使container内的root拥有真正的root权限,不进行降权处理。否则,容器内的用户只是外部的一个普通用户,普通用户还想访问内核?让systemctl管理系统? 而且默认情况下,在第一步执行的是 /bin/bash 所以我们使用了 /usr/sbin/init覆盖/bin/bash
同时 只能使用 docker exec -it systemctl5 /bin/bash 因为 exec 可以让我们执行被覆盖掉的默认命令 /bin/bash 同时 -it 也是必须的。
解决方法一 检查启动命令 加参数 -itd --privileged 如果dockerfile中CMD中没有执行 要在后面命令加/usr/sbin/init
docke run --privileged -itd --name systemctl3 -v /sys/fs/cgroup:/sys/fs/cgroup:ro centos:latest
解决方法二 重启一个docker在后台运行 执行上面的命令 dockerun --privileged -itd --name systemctl3 -v /sys/fs/cgroup:/sys/fs/cgroup:ro systemctl:test