利用Harbor搭建私有镜像仓库和Mirror服务器,可以让K8S节点通过Mirror服务器获取公网镜像,通过私有镜像仓库获取本地产品镜像,大大的方便了镜像的获取和管理。
一、环境准备
| HostName | OS | IP | CPU | Memory |
|---|---|---|---|---|
| k8s.master | CentOS Linux release 7.3.1611 (Core) | 192.168.130.247 | 2C | 2048MB |
| k8s.node1 | CentOS Linux release 7.3.1611 (Core) | 192.168.130.249 | 2C | 2048MB |
| harbor | CentOS Linux release 7.3.1611 (Core) | 192.168.120.164 | 4C | 2048MB |
| harbor-mirror | CentOS Linux release 7.3.1611 (Core) | 192.168.130.248 | 1C | 2048MB |
二、Harbor安装
安装方法可参考使用vmware Harbor搭建Private Registry这篇文章,在此就不在赘述了。我们使用harbor做为私有镜像库,harbor-mirror做为mirror服务器。
1.修改harbor.cfg:
- harbor服务器
~]# vi harbor.cfg
...
hostname = webber.harbor.com
...
ssl_cert = /root/cert/webber.harbor.com.crt
ssl_cert_key = /root/cert/webber.harbor.com.key
...
- harbor-mirror服务器
~]# vi harbor.cfg
...
hostname = harbor.mirror.com
...
ssl_cert = /root/cert/webber.harbor.com.crt
ssl_cert_key = /root/cert/webber.harbor.com.key
...
2.修改config.yml
- harbor-mirror(Configuring Harbor as a local registry mirror)
~]# vim common/config/registry/config.yml
...
notifications:
endpoints:
- name: harbor
disabled: false
url: http://core:8080/service/notifications
timeout: 3000ms
threshold: 5
backoff: 1s
proxy:
remoteurl: https://registry-1.docker.io
3.启动服务
-
harbor
harbor.png
-
harbor-mirror
harbor-mirror.png
三、配置客户端(K8S.node1)
1. 添加私钥证书
==============添加harbor服务器私钥==============
~]# mkdir -p /etc/docker/certs.d/webber.harbor.com
~]# scp root@192.168.120.164:/root/cert/ca.crt /etc/docker/certs.d/webber.harbor.com/
============添加harbor-mirror服务器私钥=========
~]# mkdir -p /etc/docker/certs.d/harbor.mirror.com
~]# scp root@192.168.130.248:/root/cert/ca.crt /etc/docker/certs.d/harbor.mirror.com/
2. 添加registry-mirrors
~]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://harbor.mirror.com","https://webber.harbor.com"]
}
3.重启服务
~]# systemctl restart docker
4.登录harbor和harbor-mirror
~]# docerk login webber.harbor.com
~]# docerk login harbor.mirror.com
~]# cat /root/.docker/config.json //登录成功后,config.json内容如下
{
"auths": {
"harbor.mirror.com": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
},
"webber.harbor.com": {
"auth": "YW5kcmV3OldlYmJlcjEyMw=="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.06.3-ce (linux)"
}
四、验证
1.harbor-mirror验证
- 拉取busybox镜像
~]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
Digest: sha256:954e1f01e80ce09d0887ff6ea10b13a812cb01932a0781d6b0cc23f743a874fd
Status: Downloaded newer image for busybox:latest
image.png
docker客户端会通过harbor-mirror拉取公网镜像,如果已存在,就获取缓存镜像。
2.harbor验证
- 拉取simp_ser镜像
~]# docker pull webber.harbor.com/simp/simp_ser:0.1.3
0.1.3: Pulling from simp/simp_ser
af4b0a2388c6: Pull complete
7af5e2bf94ec: Pull complete
b36ca92263b4: Pull complete
557542eef516: Pull complete
125ad61a5181: Pull complete
Digest: sha256:0c6c07d6eccc48795c365f087b4398a8b8ac86587af4a72fb7b2aa3423e017de
Status: Downloaded newer image for webber.harbor.com/simp/simp_ser:0.1.3
- 推送busybox镜像
~]# docker tag busybox:latest webber.harbor.com/library/busybox:latest
~]# docker push webber.harbor.com/library/busybox:latest
The push refers to repository [webber.harbor.com/library/busybox]
0b97b1c81a32: Pushed
latest: digest: sha256:f79f7a10302c402c052973e3fa42be0344ae6453245669783a9e16da3d56d5b4 size: 527
image.png
网友评论