一、部署docker-compose
#安装pip CentOS: yum install epel-release -y yum install python-pip -y Ubuntu: apt-get install python-pip -y
2、安装docker-compose
# curl -L https://mirrors.aliyun.com/docker-toolbox/linux/compose/1.21.2/docker-compose-Linux-x86_64 -o /usr/local/bin/docker-compose # chmod a+x /usr/local/bin/docker-compose
3、配置阿里云镜像加速器
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://f9dk003m.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
二、部署harbor
harbor提供在线安装和离线安装两种方式,官方提供的安装包地址在https://github.com/goharbor/harbor/releases,在线安装包下载Harbor online installer,离线安装下载Harbor offline installer。
1、解压
tar zxvf harbor-offline-installer-v1.7.1.tgz
2、修改的地方,https部分注销
hostname: 192.168.48.250 //harbor机器的ip地址 # https related config #https: # https port for harbor, default is 443 # port: 443 # The path of cert and key files for nginx # certificate: /your/certificate/path # private_key: /your/private/key/path harbor_admin_password: Wu0201 //harbor镜像仓库密码
3、一些其他参数的设置
#访问协议,默认是http,也可以设置https,如果设置https ui_url_protocol = http #证书相关配置 customize_crt = on ssl_cert = /data/cert/server.crt ssl_cert_key = /data/cert/server.key secretkey_path = /data admiral_url = NA # 认证方式,这里支持多种认证方式,如LADP、数据库认证,也可以在web控制台修改 auth_mode = db_auth # 是否开启自注册 self_registration = on # Token有效时间,默认30分钟 token_expiration = 30 # 用户创建项目权限控制,默认是everyone(所有人),也可以设置为adminonly(只能管理员) project_creation_restriction = everyone #更多参考:https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
4、./install.sh安装
[root@master harbor]# ./install.sh [Step 0]: checking installation environment ... Note: docker version: 18.09.1 /usr/lib/python2.7/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.24.1) or chardet (2.2.1) doesn't match a supported version! RequestsDependencyWarning) Note: docker-compose version: 1.23.2
5、如果出现如下错误,则再执行./install.sh一遍
Docker下搭建Harbor。容器内登陆报错:Error response from daemon: Get https://192.168.2.101/v2/: dial tcp 192.168.
6、查看其他组件
[root@master harbor]# docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up (healthy)
harbor-core /harbor/start.sh Up (healthy)
harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy) 80/tcp
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp
registryctl /harbor/start.sh Up (healthy)三
三、上传镜像
1、docker1.3.2版本开始默认docker registry使用的是https,我们设置Harbor默认http方式,所以当执行用docker login、pull、push等命令操作非https的docker regsitry的都会报错
修改daemon.json
[root@localhost ~]# cat /etc/docker/daemon.json
{"registry-mirrors": ["http://a58c8480.m.daocloud.io"],
"insecure-registries": ["192.168.48.250"]}
systemctl restart docker
2、新建项目,
3、上传镜像 ,上传镜像之前需要登陆认证,使用docker login
[root@localhost harbor]# docker login 192.168.48.250 Username: admin //输入账号 Password: //密码是配置的 WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store
4、给镜像打标签,并且push上传
[root@localhost harbor]# docker pull nginx Using default tag: latest latest: Pulling from library/nginx 852e50cd189d: Pull complete 571d7e852307: Pull complete addb10abd9cb: Pull complete d20aa7ccdb77: Pull complete 8b03f1e11359: Pull complete Digest: sha256:6b1daa9462046581ac15be20277a7c75476283f969cb3a61c8725ec38d3b01c3 Status: Downloaded newer image for nginx:latest
[root@localhost harbor]# docker tag nginx:latest 192.168.48.250/project1/nginx:latest
[root@localhost harbor]# docker push 192.168.48.250/project1/nginx:latest The push refers to repository [192.168.48.250/project1/nginx] 7e914612e366: Pushed f790aed835ee: Pushed 850c2400ea4d: Pushed 7ccabd267c9f: Pushed f5600c6330da: Pushed latest: digest: sha256:99d0a53e3718cef59443558607d1e100b325d6a2b678cd2a48b05e5e22ffeb49 size: 1362
5、查看镜像仓库,成功
四、在k8s中使用harbor仓库
1、修改每个node上的docker认证仓库
vi /etc/docker/daemon.json
[root@k8s-node1 containers]# vim /etc/docker/daemon.json
{"registry-mirrors": ["http://a58c8480.m.daocloud.io"],
"insecure-registries": ["192.168.48.250"]}
2、创建认证secret
由于harbor采用了用户名密码认证,所以在镜像下载时需要配置sercet,在master机器上创建secrets
kubectl create secret docker-registry registry-secret --namespace=default --docker-server=192.168.48.250 --docker-username=admin --docker-password=Wu0201 [root@k8s-master Python-3.7.2]# kubectl get secret NAME TYPE DATA AGE default-token-xhz2c kubernetes.io/service-account-token 3 47h registry-secret kubernetes.io/dockerconfigjson 1 41s
3、测试挂载nginx
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
appname: nginx
spec:
replicas: 3
selector:
matchLabels:
appname: nginx
template:
metadata:
labels:
appname: nginx
spec:
containers:
- name: nginx
image: 192.168.48.250/project1/nginx:latest #镜像地址
ports:
- containerPort: 80
imagePullSecrets: #使用的secret
- name: registry-secret
kubectl create deploy.yaml