harbor安装
介绍
Harbor是VMware公司开源的企业级DockerRegistry项目,
项目地址为https://github.com/vmware/harbor。
其目标是帮助用户迅速搭建一个企业级的Dockerregistry服务。
它以Docker公司开源的registry为基础,,
提供了管理UI,
基于角色的访问控制(Role BasedAccess Control),
AD/LDAP集成、、
以及审计日志(Auditlogging) 等企业用户需求的功能,
同时还原生支持中文。
Harbor的每个组件都是以Docker容器的形式构建的,
使用DockerCompose来对它进行部署。
用于部署Harbor的DockerCompose模板位于 /Deployer/docker-compose.yml,
由5个个容器组成,,这几个容器通过 Dockerlink的形式连接在一起,
在容器之间通过容器名字互相访问。
对终端用户而言,
只需要暴露 proxy ( 即 Nginx))的服务端口
安装
1.harbor服务器安装docker
安装 Docker 软件
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum update -y && yum install -y docker-ce
reboot
设置开机默认启动
systemctl start docker
systemctl enable docker
## 创建 /etc/docker 目录
mkdir /etc/docker
# 配置 daemon.
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": { "max-size": "100m" }
}
EOF
mkdir -p /etc/systemd/system/docker.service.d
# 重启docker服务
systemctl daemon-reload && systemctl restart docker && systemctl enable docker
指定镜像仓库地址(所有服务器,k8s节点)
vim/etc/docker/daemon.json
{"insecure-registries": ["serverip"] }
安装docker-compose
下载docker-compose二进制包,放到/user/local/bin目录下
下载地址:https://github.com/docker/compose/releases
mv docker-compose /usr/local/bin
chmod a+x /usr/local/bin/docker-compose
上传harbor-offline-installer并安装
tar -zxvf harbor-offline-installer-v1.2.0.tgz
把harbor移动的/user/local
mv harbor /usr/local/
配置harbor信息
cd /usr/local/harbor/
vim harbor.cfg
需要修改的参数是
hostname = hub.txbaiyun.com #改成自己的,5行
ui_url_protocol = https #改成https协议,9
ssl_cert = /data/cert/server.crt #创建目录,24行
创建证书
创建 https 证书以及配置相关目录权限
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
cd /data/cert
chmod -R 777 /data/cert
openssl req -new -key server.key -out server.csr 输入参考
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:txbaiyun
Organizational Unit Name (eg, section) []:txbaiyun
Common Name (eg, your name or your server's hostname) []:www.txbaiyun.com
Email Address []:785945659@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
回到harbor目录进行安装
cd /usr/local/harbor
./install.sh
集群内的节点添加域名解析
echo "192.168.0.155 hub.txbaiyun.com" >> /etc/hosts
安装后测试
使用浏览器打开测试
https://hub.txbaiyun.com
默认账号是admin,默认密码是Harbor123,可以在harbor配置文档查看
使用docker测试
登录试一下
docker login hub.txbaiyun.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
推一个镜像看看
docker pull nginx
# 在项目中标记镜像:
docker tag nginx:latest hub.txbaiyun.com/library/nginx:v1
# 推送镜像到当前项目:
docker push hub.txbaiyun.com/library/nginx:v1
使用集群
创建一个pod运行
kubectl run nginx-deployment --image=hub.txbaiyun.com/library/nginx:v1 --port=80 --namespace=kube-system --replicas=1
查看运行情况,可以看到他运行在node2节点
kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-deployment 1/1 Running 0 8m51s 10.244.2.2 k8s-node02 <none> <none>
切到node2节点查看,可以看到hub.txbaiyun.com/library/nginx被使用了,并启动了pause容器
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5f6aed1f3550 hub.txbaiyun.com/library/nginx "nginx -g 'daemon of…" 10 minutes ago Up 10 minutes k8s_nginx-deployment_nginx-deployment_default_e2ad3676-4528-404e-9453-bf9e8fbdf231_0
2824cb52997c registry.aliyuncs.com/google_containers/pause:3.2 "/pause" 10 minutes ago Up 10 minutes k8s_POD_nginx-deployment_default_e2ad3676-4528-404e-9453-bf9e8fbdf231_0
43b7d0ed23b3 4e9f801d2217 "/opt/bin/flanneld -…" 45 minutes ago Up 45 minutes k8s_kube-flannel_kube-flannel-ds-amd64-d2nzx_kube-system_c780c418-abea-438e-91a3-6c6ebdcf9b70_4
3bee19475967 43940c34f24f "/usr/local/bin/kube…" 45 minutes ago Up 45 minutes k8s_kube-proxy_kube-proxy-rwv76_kube-system_60c609e6-6cef-40d7-bc90-3ee6cb1e5282_3
ad1b97b80e13 registry.aliyuncs.com/google_containers/pause:3.2 "/pause" 45 minutes ago Up 45 minutes k8s_POD_kube-flannel-ds-amd64-d2nzx_kube-system_c780c418-abea-438e-91a3-6c6ebdcf9b70_3
f594d1ba3225 registry.aliyuncs.com/google_containers/pause:3.2 "/pause" 45 minutes ago Up 45 minutes k8s_POD_kube-proxy-rwv76_kube-system_60c609e6-6cef-40d7-bc90-3ee6cb1e5282_5
删除一个pod
kubectl delete nginx-deployment
扩容
kubectl scale --replicas=3 /deployment/nginx-deployment