安装harbor有两种模式:
harbor-online-installer-0.5.0.tgz: for
host that can connect directly to Internet.
harbor-offline-installer-0.5.0.tgz:
for host that does not have connectivity to Internet.
本文选用offline安装。
l安装前准备工作:
1.Python should be version 2.7 orhigher. Note that you may have to install Python on Linux distributions(Gentoo, Arch) that do not come with a Python interpreter installed by default
2.Docker engine should be version1.10 or higher. For installation instructions, please refer to:https://docs.docker.com/engine/installation/
3.Docker Compose needs to beversion 1.6.0 or higher. For installation instructions, please refer to:https://docs.docker.com/compose/install/
l安装harbor步骤:
1、下载最新安装包
wgethttps://github.com/vmware/harbor/releases/download/0.5.0/harbor-offline-installer-0.5.0.tgz
解压安装包:
$ tar xvf
harbor-offline-installer-.tgz
2、配置harbor
需要仔细查看配置,配成自己需要的模式。可参考如下配置:
3、进入harbor文件目录,执行./install.sh
4、打开http://10.142.21.113网址即可登录harbor界面
l配置harbor作为k8s私有镜像仓库
1.在harbor上创建用户,项目,将用户添加到对应项目中,并赋予用户项目管理者或者开发人员权限,使其对镜像仓库有读写权限。
本次部署创建用户cm-test,密码Dcos1234,邮箱chenmiao@cmss.chinamobile.com,项目library
2.创建secret
使用命令行:
kubectl create secret docker-registryharbortest--namespace=kube-system\
--docker-server=10.142.21.113--docker-username=cm-test\
--docker-password=Dcos1234--docker-email=chenmiao@cmss.chinamobile.com
注意:
此处关键信息为标红,用户信息为对应haobor中创建的用户信息。
3.查看secret内容
kubectl get secret harbortest--namespace=kube-system -o yaml
输出:
apiVersion: v1
data:
.dockercfg: eyIxMC4xNDIuMjEuMTEzIjp7InVzZXJuYW1lIjoiY20tdGVzdCIsInBhc3N3b3JkIjoiRGNvczEyMzQiLCJlbWFpbCI6ImNoZW5taWFvQGNtc3MuY2hpbmFtb2JpbGUuY29tIiwiYXV0aCI6IlkyMHRkR1Z6ZERwRVkyOXpNVEl6TkE9PSJ9fQ==
kind: Secret
metadata:
creationTimestamp: 2017-02-07T03:30:59Z
name: harbortest
namespace: kube-system
resourceVersion: "682020"
selfLink: /api/v1/namespaces/kube-system/secrets/harbortest
uid: d82774f6-ece5-11e6-b231-005056943bc9
type: kubernetes.io/dockercfg
4.关联serviceAccount
4.1使用kubectl get
serviceaccounts defult –o yaml查看默认serviceaccount信息。
4.2kubectl get serviceaccounts defult –o yaml > service.yaml
4.3 vim service.yaml修改如下信息,主要将imagePullSecrets:字段加入配置文件,使得前面创建的secret生效,从而能从harbor上面对应权限用户的项目中pull镜像创建pod
修改为如下:
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: 2017-01-18T05:02:19Z
name: default
namespace: default
selfLink: /api/v1/namespaces/default/serviceaccounts/default
uid: 49eb802c-dd3b-11e6-b735-005056943bc9
secrets:
- name: default-token-wl2bb
imagePullSecrets:
- name: harbortest
注意:要去掉resourcesVersion:那一行
4.4kubectl replace serviceaccount default -f ./sa.yaml
新的serviceaccount创建成功
l是否可用,部署一个k8s-dashboard的pod
在pod的yaml文件中增加如下字段即可完成harbor作为k8s私有镜像仓库。
spec:
imagePullSecrets:
- name:harbortest
containers:
- name: kubernetes-dashboard
image:
10.142.21.113/library/kubernetes-dashboard-amd64
详细yaml文件如下:
kind:Deployment
apiVersion:extensions/v1beta1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: kubernetes-dashboard
template:
metadata:
labels:
app: kubernetes-dashboard
# Comment the following annotation ifDashboard must not be deployed on master
annotations:
scheduler.alpha.kubernetes.io/tolerations: |
[
{
"key":"dedicated",
"operator":"Equal",
"value":"master",
"effect":"NoSchedule"
}
]
spec:
imagePullSecrets:
- name:harbortest
containers:
- name: kubernetes-dashboard
image:
10.142.21.113/library/kubernetes-dashboard-amd64#gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1
imagePullPolicy: Always
ports:
- containerPort: 9090
protocol: TCP
args:
# Uncomment the following line tomanually specify Kubernetes API server Host
# If not specified, Dashboard will attemptto auto discover the API server and connect
# to it. Uncomment only if thedefault does not work.
---apiserver-host=http://10.142.21.110:8080
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
---
kind:Service
apiVersion:v1
metadata:
labels:
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 80
targetPort: 9090
selector:
app: kubernetes-dashboard
l部署过程中可能遇到的问题:
私有镜像仓库信任问题:
vi /usr/lib/systemd/system/docker.service
以上是直接修改每个节点上deamon启动配置
docker -d --insecure-registry 10.142.21.113-H fd:// $OPTIONS $DOCKER_STORAGE_OPTIONS
LimitNOFILE=1048576
LimitNPROC=1048576
�j���v
网友评论