一.安装docker
1.配置阿里源
cd /etc/yum.repos.d/
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
2.下载指定版本的docker
yum -y install docker-ce-18.09.9-3.el7 docker-ce-cli-18.09.9-3.el7
3.配置docker镜像加速
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
4.启动
systemctl enable docker && systemctl start docker
5.检查版本
docker -v
二.安装harbor
1.下载harbor
wget https://github.com/goharbor/harbor/releases/download/v1.9.3/harbor-offline-installer-v1.9.3.tgz
2.在node4上安装harbor
cd /opt/
tar zxf harbor-offline-installer-v1.9.0-rc1.tgz
cd harbor/
3.编辑harbor配置文件
vim harbor.yml
...
hostname: 10.0.0.14
harbor_admin_password: 123456
data_volume: /data/harbor
...
4.执行安装
yum install docker-compose -y
./install.sh
5.浏览器访问
http://10.0.0.14
admin
123456
6.建立镜像仓库
这里有2种访问级别:
公开:任何人都可以直接访问并下载镜像
私有:登陆授权后才允许下载镜像
三.使用harbor作为k8s私有仓库
1.创建镜像仓库
2.所有节点都配置docker信任harbor仓库并重启docker
cat >/etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://ig2l319y.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries" : ["http://10.0.0.14"]
}
EOF
systemctl restart docker
3.为镜像打标签
[root@node2 ~]# docker tag d5cea958d330 10.0.0.14/k8s/mysql:5.7
[root@node2 ~]# docker tag a29e200a18e9 10.0.0.14/k8s/tomcat-app:v1
4.登录harbor并推送镜像到harbor
[root@node2 ~]# docker login 10.0.0.14
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@node2 ~]# docker push 10.0.0.14/k8s/tomcat-app:v1
The push refers to repository [10.0.0.14/k8s/tomcat-app]
fe9a890c4f24: Pushed
5f70bf18a086: Pushed
a072f755a133: Pushed
6d0267f8a9fd: Pushed
7bb92eb08c02: Pushed
d8ba5f179687: Pushed
2275023dea33: Pushed
d490458a60cb: Pushed
bb3e02b5a488: Pushed
3b7a0c95e085: Pushed
02adacdfda2f: Pushed
d2c5e3a8d3d3: Pushed
4dcab49015d4: Pushed
v1: digest: sha256:565bb4e52ac67b4d37feed9ea4626b786f23e0871451587c7187683532a6188f size: 5719
[root@node2 ~]# docker push 10.0.0.14/k8s/mysql:5.7
The push refers to repository [10.0.0.14/k8s/mysql]
ef78375f166a: Pushed
549184ef4a0e: Pushed
3be346044c35: Pushed
c7c9b9502281: Pushed
80c697004ac9: Pushed
f24603cb3885: Pushed
cee57cdf5101: Pushed
1a527f11e03e: Pushed
4dac9b6b28ce: Pushed
605f8f2fe1e5: Pushed
e0db3ba0aaea: Pushed
5.7: digest: sha256:1be1f2cbd2c18563b167ffda45f67c5b0afb1bfe6a77cbc506306836fb1317b5 size: 2622
5.查看docker登陆的密码文件
[root@node1 ~]# cat /root/.docker/config.json
{
"auths": {
"10.0.0.14": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/18.09.7 (linux)"
}
}
6.将docker密码文件解码成base64编码
[root@node1 ~/demo]# cat /root/.docker/config.json|base64
ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTQiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVlt
OXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRv
Y2tlci1DbGllbnQvMTguMDkuNyAobGludXgpIgoJfQp9
7.创建并应用docker登陆的Secret资源
注意!!!
1.dockerconfigjson: xxx直接写base64的编码,不需要换行
2.base64编码是一整行,不是好几行
3.最后的type字段不能少
[root@node1 ~]# vim harbor-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: harbor-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTQiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVlt
OXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRv
Y2tlci1DbGllbnQvMTguMDkuNyAobGludXgpIgoJfQp9
type: kubernetes.io/dockerconfigjson
8.应用资源配置清单并查看
[root@node1 ~]# kubectl create -f harbor-secret.yaml
secret/harbor-secret created
[root@node1 ~]# kubectl get secrets
NAME TYPE DATA AGE
default-token-vz4d9 kubernetes.io/service-account-token 3 30h
harbor-secret kubernetes.io/dockerconfigjson 1 14s
网友评论