linux系统相关

为k8s搭建harbor镜像仓库

2020-09-10  本文已影响0人  肉包君

2020-09-09

为k8s搭建harbor镜像仓库

准备:

  1. 操作系统:Centos7.6
    k8s-harbor(服务端):192.168.191.134
    k8s-node2(客户端):192.168.191.135
  2. 安装docker
curl -o /etc/yum.repos.d/docker-ce.repo  https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://bc437cce.m.daocloud.io      #配置镜像下载加速地址
  1. docker管理工具(应用程序):docker-compose
下载途径一:GitHub:docker-compose1.22
curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod a+x /usr/local/bin/docker-compose

下载途径二:aliyun:docker-compose1.21
curl -L https://mirrors.aliyun.com/docker-toolbox/linux/compose/1.21.2/docker-compose-Linux-x86_64 -o /usr/local/bin/docker-compose
chmod a+x /usr/local/bin/docker-compose
  1. harbor离线安装包,里面包含所需镜像:harbor-offline-installer-v1.5.3.tgz
    https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.3.tgz

方案一:不需要证书

[root@k8s-harbor ~]# tar xf harbor-offline-installer-v1.5.3.tgz
[root@k8s-harbor ~]# cd harbor
[root@k8s-harbor ~]# vim harbor.cfg    #只改两个地方,其他的不要改
 hostname = 主机域名或IP
 customize_crt = false
[root@k8s-harbor ~]# ./prepare
[root@k8s-harbor ~]# ./install.sh     #加载离线安装包里的镜像,并启动harbor
(如果重新安装,需要删除/data,删除已经load的docker镜像,然后重启docker)
[root@k8s-harbor ~]# docker-compose ps    #查看harbor是否启动成功
(看到 harbor-adminserver、harbor-db、harbor-jobservice、harbor-log、harbor-ui、nginx、redis、registry都启动起来了就代表成功了)

客户端测试(k8s-node2):

[root@k8s-node2 ~]# docker login 192.168.191.134
Username: admin
Password: Harbor12345
Error response from daemon: Get https://192.168.191.134/v2/: dial tcp 192.168.191.134:443: connect: connection refused
(客户端登录失败,因为harbor底层依赖于registry,registry版本更新后默认https方式登录)

# 解决以上问题:
在客户端k8s-node2上操作
[root@k8s-node2 ~]# vim /etc/docker/daemon.conf
{
"insecure-registries": ["http://192.168.191.134"]
}

[root@k8s-node2 ~]# vim /usr/lib/systemd/system/docker.service
#找到ExecStart=这一行,在后面加一些内容
ExecStart=/usr/bin/dockerd --insecure-registry=192.168.191.134
[root@k8s-node2 ~]# systemctl daemon-reload
[root@k8s-node2 ~]# systemctl restart docker

在服务端k8s-harbor上操作
[root@k8s-harbor ~]# vim /etc/docker/daemon.conf
{
"insecure-registries": ["http://192.168.191.134"]
}
[root@k8s-harbor ~]# vim /usr/lib/systemd/system/docker.service   #修改这一行
ExecStart=/usr/bin/dockerd --insecure-registry=192.168.191.134:5000
[root@k8s-harbor ~]# systemctl daemon-reload
[root@k8s-harbor ~]# systemctl restart docker

重新启动docker-compose

[root@k8s-harbor ~]# cd harbor 
[root@k8s-harbor ~]# docker-compose down -v
[root@k8s-harbor ~]# docker-compose up -d
[root@k8s-harbor ~]# docker-compose ps    #确保所有服务都是健康的

再次docker login 尝试是否能成功登录

Harbor的使用

浏览器登录harbor:http://192.168.191.134
默认初始账号:admin 密码:Harbor12345


dd2.png

系统管理---用户管理---创建用户(填写相应信息,例如用户kk)
项目---library---成员---新建成员(姓名:kk 角色:开发人员)(开发人员拥有上传下载镜像的权限)

测试使用kk账号上传镜像
在客户端k8s-node2上操作

[root@k8s-node2 ~]# docker pull daocloud.io/library/nginx
[root@k8s-node2 ~]# docker tag daocloud.io/library/nginx:latest 192.168.191.134/library/nginx
[root@k8s-node2 ~]# docker logout 192.168.191.134
Removing login credentials for 192.168.191.134
[root@k8s-node2 ~]# docker login 192.168.191.134
Username: kk
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[root@k8s-node2 ~]# docker push 192.168.191.134/library/nginx
The push refers to repository [192.168.191.134/library/nginx]
550333325e31: Pushed 
22ea89b1a816: Pushed 
a4d893caa5c9: Pushed 
0338db614b95: Pushed 
d0f104dc0a1f: Pushed 
latest: digest: sha256:179412c42fe3336e7cdc253ad4a2e03d32f50e3037a860cf5edbeb1aaddb915c size: 1362

没有报错说明上传成功

在浏览器上查看到已有镜像上传


dd3.png

如果push镜像失败,则执行以下操作
在服务端k8s-harbor上操作

先检查/usr/lib/systemd/system/docker.service  和/etc/docker/daemon.conf 这两个文件是否配置正确
[root@k8s-harbor ~]# cd harbor
[root@k8s-harbor harbor]# systemctl daemon-reload
[root@k8s-harbor harbor]# systemctl restart docker
[root@k8s-harbor harbor]# docker-compose down -v
[root@k8s-harbor harbor]# docker-compose up -d     #确保所有镜像都是正常启动的健康状态

然后在客户端上重新docker logout 和 docker login,docker push

注:docker tag 的时候只能tag成 ip/镜像名 ,因为在服务端和客户端的/root/harbor/harbor.cfg(服务端) 、
usr/lib/systemd/system/docker.service 和/etc/docker/daemon.conf 文件中配置了ip,如果想在tag的时候用域名,在对应的配置文件里也要改成域名

上一篇下一篇

猜你喜欢

热点阅读