美文网首页linux系统相关
为k8s搭建harbor镜像仓库

为k8s搭建harbor镜像仓库

作者: 肉包君 | 来源:发表于2020-09-10 14:31 被阅读0次

    2020-09-09

    为k8s搭建harbor镜像仓库

    准备:

    1. 操作系统:Centos7.6
      k8s-harbor(服务端):192.168.191.134
      k8s-node2(客户端):192.168.191.135
    2. 安装docker
    curl -o /etc/yum.repos.d/docker-ce.repo  https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
    yum -y install docker-ce
    curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://bc437cce.m.daocloud.io      #配置镜像下载加速地址
    
    1. docker管理工具(应用程序):docker-compose
    下载途径一:GitHub:docker-compose1.22
    curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
    chmod a+x /usr/local/bin/docker-compose
    
    下载途径二:aliyun:docker-compose1.21
    curl -L https://mirrors.aliyun.com/docker-toolbox/linux/compose/1.21.2/docker-compose-Linux-x86_64 -o /usr/local/bin/docker-compose
    chmod a+x /usr/local/bin/docker-compose
    
    1. harbor离线安装包,里面包含所需镜像:harbor-offline-installer-v1.5.3.tgz
      https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.3.tgz

    方案一:不需要证书

    [root@k8s-harbor ~]# tar xf harbor-offline-installer-v1.5.3.tgz
    [root@k8s-harbor ~]# cd harbor
    [root@k8s-harbor ~]# vim harbor.cfg    #只改两个地方,其他的不要改
     hostname = 主机域名或IP
     customize_crt = false
    [root@k8s-harbor ~]# ./prepare
    [root@k8s-harbor ~]# ./install.sh     #加载离线安装包里的镜像,并启动harbor
    (如果重新安装,需要删除/data,删除已经load的docker镜像,然后重启docker)
    [root@k8s-harbor ~]# docker-compose ps    #查看harbor是否启动成功
    (看到 harbor-adminserver、harbor-db、harbor-jobservice、harbor-log、harbor-ui、nginx、redis、registry都启动起来了就代表成功了)
    

    客户端测试(k8s-node2):

    [root@k8s-node2 ~]# docker login 192.168.191.134
    Username: admin
    Password: Harbor12345
    Error response from daemon: Get https://192.168.191.134/v2/: dial tcp 192.168.191.134:443: connect: connection refused
    (客户端登录失败,因为harbor底层依赖于registry,registry版本更新后默认https方式登录)
    
    # 解决以上问题:
    在客户端k8s-node2上操作
    [root@k8s-node2 ~]# vim /etc/docker/daemon.conf
    {
    "insecure-registries": ["http://192.168.191.134"]
    }
    
    [root@k8s-node2 ~]# vim /usr/lib/systemd/system/docker.service
    #找到ExecStart=这一行,在后面加一些内容
    ExecStart=/usr/bin/dockerd --insecure-registry=192.168.191.134
    [root@k8s-node2 ~]# systemctl daemon-reload
    [root@k8s-node2 ~]# systemctl restart docker
    
    在服务端k8s-harbor上操作
    [root@k8s-harbor ~]# vim /etc/docker/daemon.conf
    {
    "insecure-registries": ["http://192.168.191.134"]
    }
    [root@k8s-harbor ~]# vim /usr/lib/systemd/system/docker.service   #修改这一行
    ExecStart=/usr/bin/dockerd --insecure-registry=192.168.191.134:5000
    [root@k8s-harbor ~]# systemctl daemon-reload
    [root@k8s-harbor ~]# systemctl restart docker
    

    重新启动docker-compose

    [root@k8s-harbor ~]# cd harbor 
    [root@k8s-harbor ~]# docker-compose down -v
    [root@k8s-harbor ~]# docker-compose up -d
    [root@k8s-harbor ~]# docker-compose ps    #确保所有服务都是健康的
    
    再次docker login 尝试是否能成功登录
    

    Harbor的使用

    浏览器登录harbor:http://192.168.191.134
    默认初始账号:admin 密码:Harbor12345


    dd2.png

    系统管理---用户管理---创建用户(填写相应信息,例如用户kk)
    项目---library---成员---新建成员(姓名:kk 角色:开发人员)(开发人员拥有上传下载镜像的权限)

    测试使用kk账号上传镜像
    在客户端k8s-node2上操作

    [root@k8s-node2 ~]# docker pull daocloud.io/library/nginx
    [root@k8s-node2 ~]# docker tag daocloud.io/library/nginx:latest 192.168.191.134/library/nginx
    [root@k8s-node2 ~]# docker logout 192.168.191.134
    Removing login credentials for 192.168.191.134
    [root@k8s-node2 ~]# docker login 192.168.191.134
    Username: kk
    Password: 
    WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credentials-store
    
    Login Succeeded
    
    [root@k8s-node2 ~]# docker push 192.168.191.134/library/nginx
    The push refers to repository [192.168.191.134/library/nginx]
    550333325e31: Pushed 
    22ea89b1a816: Pushed 
    a4d893caa5c9: Pushed 
    0338db614b95: Pushed 
    d0f104dc0a1f: Pushed 
    latest: digest: sha256:179412c42fe3336e7cdc253ad4a2e03d32f50e3037a860cf5edbeb1aaddb915c size: 1362
    
    没有报错说明上传成功
    

    在浏览器上查看到已有镜像上传


    dd3.png

    如果push镜像失败,则执行以下操作
    在服务端k8s-harbor上操作

    先检查/usr/lib/systemd/system/docker.service  和/etc/docker/daemon.conf 这两个文件是否配置正确
    [root@k8s-harbor ~]# cd harbor
    [root@k8s-harbor harbor]# systemctl daemon-reload
    [root@k8s-harbor harbor]# systemctl restart docker
    [root@k8s-harbor harbor]# docker-compose down -v
    [root@k8s-harbor harbor]# docker-compose up -d     #确保所有镜像都是正常启动的健康状态
    

    然后在客户端上重新docker logout 和 docker login,docker push

    注:docker tag 的时候只能tag成 ip/镜像名 ,因为在服务端和客户端的/root/harbor/harbor.cfg(服务端) 、
    usr/lib/systemd/system/docker.service 和/etc/docker/daemon.conf 文件中配置了ip,如果想在tag的时候用域名,在对应的配置文件里也要改成域名

    相关文章

      网友评论

        本文标题:为k8s搭建harbor镜像仓库

        本文链接:https://www.haomeiwen.com/subject/puceektx.html