mirror of https://github.com/easzlab/kubeasz.git
add local insecure registry
jin.gjm
parent
77c5e58a53
commit
c248b34dc8
|
|
@ -48,7 +48,7 @@ ETCD_WAL_DIR: ""
|
|||
ENABLE_MIRROR_REGISTRY: true
|
||||
|
||||
# [containerd]基础容器镜像
|
||||
SANDBOX_IMAGE: "easzlab/pause:__pause__"
|
||||
SANDBOX_IMAGE: "easzlab.io.local:5000/easzlab/pause:__pause__"
|
||||
|
||||
# [containerd]容器持久化存储目录
|
||||
CONTAINERD_STORAGE_DIR: "/var/lib/containerd"
|
||||
|
|
@ -61,7 +61,7 @@ DOCKER_STORAGE_DIR: "/var/lib/docker"
|
|||
ENABLE_REMOTE_API: false
|
||||
|
||||
# [docker]信任的HTTP仓库
|
||||
INSECURE_REG: '["127.0.0.1/8"]'
|
||||
INSECURE_REG: '["http://easzlab.io.local:5000"]'
|
||||
|
||||
|
||||
############################
|
||||
|
|
@ -70,7 +70,7 @@ INSECURE_REG: '["127.0.0.1/8"]'
|
|||
# k8s 集群 master 节点证书配置,可以添加多个ip和域名(比如增加公网ip和域名)
|
||||
MASTER_CERT_HOSTS:
|
||||
- "10.1.1.1"
|
||||
- "k8s.test.io"
|
||||
- "k8s.easzlab.io"
|
||||
#- "www.test.com"
|
||||
|
||||
# node 节点上 pod 网段掩码长度(决定每个节点最多能分配的pod ip地址)
|
||||
|
|
@ -112,7 +112,7 @@ DIRECT_ROUTING: false
|
|||
|
||||
# [flannel] flanneld_image: "quay.io/coreos/flannel:v0.10.0-amd64"
|
||||
flannelVer: "__flannel__"
|
||||
flanneld_image: "easzlab/flannel:{{ flannelVer }}"
|
||||
flanneld_image: "easzlab.io.local:5000/easzlab/flannel:{{ flannelVer }}"
|
||||
|
||||
# [flannel]离线镜像tar包
|
||||
flannel_offline: "flannel_{{ flannelVer }}.tar"
|
||||
|
|
@ -208,7 +208,7 @@ nfs_path: "/data/nfs"
|
|||
############################
|
||||
# harbor version,完整版本号
|
||||
HARBOR_VER: "__harbor__"
|
||||
HARBOR_DOMAIN: "harbor.yourdomain.com"
|
||||
HARBOR_DOMAIN: "harbor.easzlab.io.local"
|
||||
HARBOR_TLS_PORT: 8443
|
||||
|
||||
# if set 'false', you need to put certs named harbor.pem and harbor-key.pem in directory 'down'
|
||||
|
|
|
|||
97
ezdown
97
ezdown
|
|
@ -139,6 +139,7 @@ EOF
|
|||
"https://docker.mirrors.ustc.edu.cn",
|
||||
"http://hub-mirror.c.163.com"
|
||||
],
|
||||
"insecure-registries": ["http://easzlab.io.local:5000"],
|
||||
"max-concurrent-downloads": 10,
|
||||
"log-driver": "json-file",
|
||||
"log-level": "warn",
|
||||
|
|
@ -154,6 +155,7 @@ EOF
|
|||
cat > /etc/docker/daemon.json << EOF
|
||||
{
|
||||
"exec-opts": ["native.cgroupdriver=$CGROUP_DRIVER"],
|
||||
"insecure-registries": ["http://easzlab.io.local:5000"],
|
||||
"max-concurrent-downloads": 10,
|
||||
"log-driver": "json-file",
|
||||
"log-level": "warn",
|
||||
|
|
@ -287,52 +289,114 @@ function get_harbor_offline_pkg() {
|
|||
}
|
||||
|
||||
function get_offline_image() {
|
||||
imageDir="$BASE/down"
|
||||
logger info "downloading offline images"
|
||||
logger info "download offline images, then upload to the local registry"
|
||||
|
||||
# calico
|
||||
if [[ ! -f "$imageDir/calico_$calicoVer.tar" ]];then
|
||||
docker pull "calico/cni:$calicoVer" && \
|
||||
docker pull "calico/pod2daemon-flexvol:$calicoVer" && \
|
||||
docker pull "calico/kube-controllers:$calicoVer" && \
|
||||
docker pull "calico/node:$calicoVer" && \
|
||||
docker save -o "$imageDir/calico_$calicoVer.tar" "calico/cni:$calicoVer" "calico/kube-controllers:$calicoVer" "calico/node:$calicoVer" "calico/pod2daemon-flexvol:$calicoVer"
|
||||
else
|
||||
docker load -i "$imageDir/calico_$calicoVer.tar"
|
||||
fi
|
||||
docker tag "calico/cni:$calicoVer" "easzlab.io.local:5000/calico/cni:$calicoVer"
|
||||
docker push "easzlab.io.local:5000/calico/cni:$calicoVer"
|
||||
docker tag "calico/pod2daemon-flexvol:$calicoVer" "easzlab.io.local:5000/calico/pod2daemon-flexvol:$calicoVer"
|
||||
docker push "easzlab.io.local:5000/calico/pod2daemon-flexvol:$calicoVer"
|
||||
docker tag "calico/kube-controllers:$calicoVer" "easzlab.io.local:5000/calico/kube-controllers:$calicoVer"
|
||||
docker push "easzlab.io.local:5000/calico/kube-controllers:$calicoVer"
|
||||
docker tag "calico/node:$calicoVer" "easzlab.io.local:5000/calico/node:$calicoVer"
|
||||
docker push "easzlab.io.local:5000/calico/node:$calicoVer"
|
||||
|
||||
# coredns
|
||||
if [[ ! -f "$imageDir/coredns_$corednsVer.tar" ]];then
|
||||
docker pull "coredns/coredns:$corednsVer" && \
|
||||
docker save -o "$imageDir/coredns_$corednsVer.tar" "coredns/coredns:$corednsVer"
|
||||
else
|
||||
docker load -i "$imageDir/coredns_$corednsVer.tar"
|
||||
fi
|
||||
docker tag "coredns/coredns:$corednsVer" "easzlab.io.local:5000/coredns/coredns:$corednsVer"
|
||||
docker push "easzlab.io.local:5000/coredns/coredns:$corednsVer"
|
||||
|
||||
# dns-node-cache
|
||||
if [[ ! -f "$imageDir/k8s-dns-node-cache_$dnsNodeCacheVer.tar" ]];then
|
||||
docker pull "easzlab/k8s-dns-node-cache:$dnsNodeCacheVer" && \
|
||||
docker save -o "$imageDir/k8s-dns-node-cache_$dnsNodeCacheVer.tar" "easzlab/k8s-dns-node-cache:$dnsNodeCacheVer"
|
||||
else
|
||||
docker load -i "$imageDir/k8s-dns-node-cache_$dnsNodeCacheVer.tar"
|
||||
fi
|
||||
docker tag "easzlab/k8s-dns-node-cache:$dnsNodeCacheVer" "easzlab.io.local:5000/easzlab/k8s-dns-node-cache:$dnsNodeCacheVer"
|
||||
docker push "easzlab.io.local:5000/easzlab/k8s-dns-node-cache:$dnsNodeCacheVer"
|
||||
|
||||
# dashboard
|
||||
if [[ ! -f "$imageDir/dashboard_$dashboardVer.tar" ]];then
|
||||
docker pull "kubernetesui/dashboard:$dashboardVer" && \
|
||||
docker save -o "$imageDir/dashboard_$dashboardVer.tar" "kubernetesui/dashboard:$dashboardVer"
|
||||
else
|
||||
docker load -i "$imageDir/dashboard_$dashboardVer.tar"
|
||||
fi
|
||||
docker tag "kubernetesui/dashboard:$dashboardVer" "easzlab.io.local:5000/kubernetesui/dashboard:$dashboardVer"
|
||||
docker push "easzlab.io.local:5000/kubernetesui/dashboard:$dashboardVer"
|
||||
|
||||
# flannel
|
||||
if [[ ! -f "$imageDir/flannel_$flannelVer.tar" ]];then
|
||||
docker pull "easzlab/flannel:$flannelVer" && \
|
||||
docker save -o "$imageDir/flannel_$flannelVer.tar" "easzlab/flannel:$flannelVer"
|
||||
else
|
||||
docker load -i "$imageDir/flannel_$flannelVer.tar"
|
||||
fi
|
||||
docker tag "easzlab/flannel:$flannelVer" "easzlab.io.local:5000/easzlab/flannel:$flannelVer"
|
||||
docker push "easzlab.io.local:5000/easzlab/flannel:$flannelVer"
|
||||
|
||||
# dashboard-metrics-scraper
|
||||
if [[ ! -f "$imageDir/metrics-scraper_$dashboardMetricsScraperVer.tar" ]];then
|
||||
docker pull "kubernetesui/metrics-scraper:$dashboardMetricsScraperVer" && \
|
||||
docker save -o "$imageDir/metrics-scraper_$dashboardMetricsScraperVer.tar" "kubernetesui/metrics-scraper:$dashboardMetricsScraperVer"
|
||||
else
|
||||
docker load -i "$imageDir/metrics-scraper_$dashboardMetricsScraperVer.tar"
|
||||
fi
|
||||
docker tag "kubernetesui/metrics-scraper:$dashboardMetricsScraperVer" "easzlab.io.local:5000/kubernetesui/metrics-scraper:$dashboardMetricsScraperVer"
|
||||
docker push "easzlab.io.local:5000/kubernetesui/metrics-scraper:$dashboardMetricsScraperVer"
|
||||
|
||||
# metrics-server
|
||||
if [[ ! -f "$imageDir/metrics-server_$metricsVer.tar" ]];then
|
||||
docker pull "easzlab/metrics-server:$metricsVer" && \
|
||||
docker save -o "$imageDir/metrics-server_$metricsVer.tar" "easzlab/metrics-server:$metricsVer"
|
||||
else
|
||||
docker load -i "$imageDir/metrics-server_$metricsVer.tar"
|
||||
fi
|
||||
docker tag "easzlab/metrics-server:$metricsVer" "easzlab.io.local:5000/easzlab/metrics-server:$metricsVer"
|
||||
docker push "easzlab.io.local:5000/easzlab/metrics-server:$metricsVer"
|
||||
|
||||
# pause
|
||||
if [[ ! -f "$imageDir/pause_$pauseVer.tar" ]];then
|
||||
docker pull "easzlab/pause:$pauseVer" && \
|
||||
docker save -o "$imageDir/pause_$pauseVer.tar" "easzlab/pause:$pauseVer"
|
||||
/bin/cp -u "$imageDir/pause_$pauseVer.tar" "$imageDir/pause.tar"
|
||||
else
|
||||
docker load -i "$imageDir/pause_$pauseVer.tar"
|
||||
fi
|
||||
docker tag "easzlab/pause:$pauseVer" "easzlab.io.local:5000/easzlab/pause:$pauseVer"
|
||||
docker push "easzlab.io.local:5000/easzlab/pause:$pauseVer"
|
||||
|
||||
# nfs-provisioner
|
||||
if [[ ! -f "$imageDir/nfs-provisioner_$nfsProvisionerVer.tar" ]];then
|
||||
docker pull "easzlab/nfs-subdir-external-provisioner:$nfsProvisionerVer" && \
|
||||
docker save -o "$imageDir/nfs-provisioner_$nfsProvisionerVer.tar" "easzlab/nfs-subdir-external-provisioner:$nfsProvisionerVer"
|
||||
else
|
||||
docker load -i "$imageDir/nfs-provisioner_$nfsProvisionerVer.tar"
|
||||
fi
|
||||
docker tag "easzlab/nfs-subdir-external-provisioner:$nfsProvisionerVer" "easzlab.io.local:5000/easzlab/nfs-subdir-external-provisioner:$nfsProvisionerVer"
|
||||
docker push "easzlab.io.local:5000/easzlab/nfs-subdir-external-provisioner:$nfsProvisionerVer"
|
||||
|
||||
# kubeasz
|
||||
if [[ ! -f "$imageDir/kubeasz_$KUBEASZ_VER.tar" ]];then
|
||||
docker pull "easzlab/kubeasz:$KUBEASZ_VER" && \
|
||||
docker save -o "$imageDir/kubeasz_$KUBEASZ_VER.tar" "easzlab/kubeasz:$KUBEASZ_VER"
|
||||
else
|
||||
docker load -i "$imageDir/kubeasz_$KUBEASZ_VER.tar"
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -343,9 +407,34 @@ function download_all() {
|
|||
get_kubeasz && \
|
||||
get_k8s_bin && \
|
||||
get_ext_bin && \
|
||||
start_local_registry && \
|
||||
get_offline_image
|
||||
}
|
||||
|
||||
function start_local_registry() {
|
||||
docker ps -a --format="{{ .Names }}"|grep registry > /dev/null 2>&1 && \
|
||||
{ logger warn "registry is already running"; return 0; }
|
||||
|
||||
if [[ ! -f "$imageDir/registry-2.tar" ]];then
|
||||
docker pull "registry:2" && \
|
||||
docker save -o "$imageDir/registry-2.tar" "registry:2"
|
||||
fi
|
||||
|
||||
logger info "start local registry ..."
|
||||
docker load -i "$imageDir/registry-2.tar" > /dev/null
|
||||
mkdir -p /opt/kube/registry
|
||||
docker run -d \
|
||||
--name registry \
|
||||
--network host \
|
||||
--restart always \
|
||||
--volume /opt/kube/registry:/var/lib/registry \
|
||||
registry:2
|
||||
|
||||
sed -i "/easzlab.io.local/d" /etc/hosts
|
||||
echo "127.0.0.1 easzlab.io.local" >> /etc/hosts
|
||||
}
|
||||
|
||||
|
||||
function start_kubeasz_docker() {
|
||||
[[ -d "$BASE/roles/kube-node" ]] || { logger error "not initialized. try 'ezdown -D' first."; exit 1; }
|
||||
|
||||
|
|
@ -369,9 +458,6 @@ function start_kubeasz_docker() {
|
|||
ln -s /usr/bin/python3 /usr/bin/python
|
||||
fi
|
||||
|
||||
#
|
||||
docker load -i "$BASE/down/kubeasz_$KUBEASZ_VER.tar"
|
||||
|
||||
# run kubeasz docker container
|
||||
docker run --detach \
|
||||
--env HOST_IP="$host_ip" \
|
||||
|
|
@ -394,6 +480,7 @@ function clean_container() {
|
|||
### Main Lines ##################################################
|
||||
function main() {
|
||||
BASE="/etc/kubeasz"
|
||||
imageDir="$BASE/down"
|
||||
|
||||
# check if use bash shell
|
||||
readlink /proc/$$/exe|grep -q "bash" || { logger error "you should use bash shell, not sh"; exit 1; }
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ plugin_dir = ""
|
|||
required_plugins = []
|
||||
root = "{{ CONTAINERD_STORAGE_DIR }}"
|
||||
state = "/run/containerd"
|
||||
temp = ""
|
||||
version = 2
|
||||
|
||||
[cgroup]
|
||||
|
|
@ -23,6 +24,7 @@ version = 2
|
|||
max_recv_message_size = 16777216
|
||||
max_send_message_size = 16777216
|
||||
tcp_address = ""
|
||||
tcp_tls_ca = ""
|
||||
tcp_tls_cert = ""
|
||||
tcp_tls_key = ""
|
||||
uid = 0
|
||||
|
|
@ -41,6 +43,7 @@ version = 2
|
|||
startup_delay = "100ms"
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri"]
|
||||
device_ownership_from_security_context = false
|
||||
disable_apparmor = false
|
||||
disable_cgroup = false
|
||||
disable_hugetlb_controller = true
|
||||
|
|
@ -48,6 +51,8 @@ version = 2
|
|||
disable_tcp_service = true
|
||||
enable_selinux = false
|
||||
enable_tls_streaming = false
|
||||
enable_unprivileged_icmp = false
|
||||
enable_unprivileged_ports = false
|
||||
ignore_image_defined_volumes = false
|
||||
max_concurrent_downloads = 3
|
||||
max_container_log_line_size = 16384
|
||||
|
|
@ -73,6 +78,7 @@ version = 2
|
|||
default_runtime_name = "runc"
|
||||
disable_snapshot_annotations = true
|
||||
discard_unpacked_layers = false
|
||||
ignore_rdt_not_enabled_errors = false
|
||||
no_pivot = false
|
||||
snapshotter = "overlayfs"
|
||||
|
||||
|
|
@ -126,15 +132,18 @@ version = 2
|
|||
key_model = "node"
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry]
|
||||
config_path = ""
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.auths]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.configs]
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.configs."easzlab.io.local:5000".tls]
|
||||
insecure_skip_verify = true
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.headers]
|
||||
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."easzlab.io.local:5000"]
|
||||
endpoint = ["http://easzlab.io.local:5000"]
|
||||
{% if ENABLE_MIRROR_REGISTRY %}
|
||||
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
|
||||
endpoint = ["https://docker.mirrors.ustc.edu.cn", "http://hub-mirror.c.163.com"]
|
||||
|
|
|
|||
|
|
@ -39,6 +39,13 @@
|
|||
line: 'export PATH={{ bin_dir }}:$PATH # generated by kubeasz'
|
||||
|
||||
- block:
|
||||
- name: 添加 local registry hosts 解析
|
||||
lineinfile:
|
||||
dest: /etc/hosts
|
||||
state: present
|
||||
regexp: 'easzlab.io.local'
|
||||
line: "{{ ansible_env.SSH_CLIENT.split(' ')[0] }} easzlab.io.local"
|
||||
|
||||
- name: 添加 kubectl 命令自动补全
|
||||
lineinfile:
|
||||
dest: ~/.bashrc
|
||||
|
|
|
|||
Loading…
Reference in New Issue