安装基础依赖:
yum -y install yum-utils device-mapper-persistent-data lvm2
安装docker:(yum)
## 使用阿里源
vim /etc/yum.repo.d/docker.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
## 安装
yum -y install docker-ce
## 启动
systemctl start docker
systemctl enable docker
## 添加docker国内镜像源
vim /etc/docker/daemon.json
{
"registry-mirrors": [
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn",
"https://registry.docker-cn.com",
"https://k1ktap5m.mirror.aliyuncs.com"
]
"insecure-registries": ["192.168.200.205"]
}
systemctl daemon-reload
systemctl restart docker
安装docker-compose:
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum -y install docker-compose
## 或者使用tar包安装
curl -L https://github.com/docker/compose/releases/download/1.27.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
## 将下载后的文件放到 /usr/local/bin 目录下,并添加执行权限
chmod +x /usr/local/bin/docker-compose
安装harbor:
## 下载安装包
wget https://github.com/goharbor/harbor/releases/download/v2.5.0/harbor-offline-installer-v2.5.0.tgz
## 解压
tar xf harbor-offline-installer-v2.5.0.tgz -C /usr/src
cd /usr/src/harbor
## 修改配置文件
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
.....
.....
hostname: 192.168.200.205
# http related config
#http:
# port for http, default is 80. If https enabled, this port will redirect to https port
# port: 80 :注释掉
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /usr/src/harbor/certs/harbor.crt
private_key: /usr/src/harbor/certs/harbor.key
.....
harbor_admin_password: 111 :用户登录密码
.....
data_volume: /usr/src/harbor/data
创建配置文件定义的目录:
mkdir -p /usr/src/harbor/certs
mkdir -p /usr/src/harbor/data
openssl生成自签证书:
# 生成证书,保存到指定目录
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /usr/src/harbor/certs/harbor.key -x509 -out /usr/src/harbor/certs/harbor.crt -subj /C=CN/ST=BJ/L=BJ/O=DEVOPS/CN=harbor.wangzy.com -days 3650
## req :产生证书签发申请命令
## newkey :生成新私钥
## rsa:4096 :生成秘钥位数
## nodes :表示私钥不加密
## sha256 :使用SHA-2哈希算法
## keyout :将新创建的私钥写入的文件名
## x509 :签发X.509格式证书命令。X.509是最通用的一种签名证书格式。
## out :指定要写入的输出文件名
## subj :指定用户信息
## days :有效期(3650表示十年)
## 查看证书是否生成
[root@localhost harbor]# ls certs/
harbor.crt harbor.key
启动harbor服务:
systemctl start docker
./install.sh
使用浏览器访问:192.168.200.205
将本地镜像上传到仓库:
## 登录
docker login 192.168.200.205
username: admin
password: 111
## 打标签
docker tag nginx:1.15 192.168.200.205/project/nginx:1.15
## 上传
docker push 192.168.200.205/project/nginx:1.15
k8s-master上拉取镜像:
[root@node-02 ~]# cat .docker/config.json | base64 -w 0
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIwMC4yMDUiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2TVRFeE1URXgiCgkJfQoJfQp9
编辑secret文件,创建secret资源的yaml:
vim harbor-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: harbor-secret
data:
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjIwMC4yMDUiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2TVRFeE1URXgiCgkJfQoJfQp9
type: kubernetes.io/dockerconfigjson
## 创建资源
kubectl create -f harbor-secret.yaml
## 查看secret资源
[root@master-01 yaml]# kubectl get secret
NAME TYPE DATA AGE
default-token-kx7jc kubernetes.io/service-account-token 3 45h
harbor-secret kubernetes.io/dockerconfigjson 1 26s
测试指定仓库拉去镜像:
vim nginx-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-deployment :自定义名称
labels:
app: nginx
spec:
replicas: 3 :创建3个
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
imagePullSecrets:
- name: harbor-secret :指定secret资源的名称
containers:
- name: nginx
image: 192.168.200.205/project/nginx:1.13
:指定仓库
ports:
- containerPort: 80
resources: :资源限制
limits:
cpu: 100m
memory: 10M
requests: :资源需求
cpu: 100m
memory: 10M
kubectl create -f nginx-deployment.yaml
发布:
vim nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
labels:
app: nginx
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
selector:
app: nginx
[root@k8s-master yaml]# kubectl create -f nginx-service.yaml
[root@k8s-master yaml]# kubectl get service nginx-service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-service NodePort 10.98.190.30 <none> 80:32019/TCP 54s
访问测试:
curl 10.98.190.30
## 浏览器访问
192.168.200.xxx:32019