一.该节点上安装docker,安装docker-compose,解压harbor离线安装包
[root@server7 ~]# yum install -y *
[root@server7 ~]# ls
containerd.io-1.2.13-3.2.el7.x86_64.rpm docker-ce-cli-19.03.12-3.el7.x86_64.rpm
container-selinux-2.77-1.el7.noarch.rpm docker-compose-Linux-x86_64-1.27.0
docker-ce-19.03.12-3.el7.x86_64.rpm harbor-offline-installer-v1.10.1.tgz
[root@server7 ~]# tar zxf harbor-offline-installer-v1.10.1.tgz
[root@server7 ~]# mv docker-compose-Linux-x86_64-1.27.0 /usr/local/bin/docker-compose
[root@server7 docker-ce]# systemctl start docker
[root@server7 docker-ce]# systemctl enable --now docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@server7 docker-ce]# cd /etc/sysctl.d
[root@server7 sysctl.d]# vi k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@server7 sysctl.d]# sysctl --system
二.创建数据目录,创建证书和私钥
[root@server7 harbor]# mkdir /data
[root@server7 harbor]# cd /data/
[root@server7 data]# ls
[root@server7 data]# mkdir certs
[root@server7 data]# cd certs/
[root@server7 certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout reg.westos.org.key -x509 -days 365 -out reg.westos.org.crt
Generating a 4096 bit RSA private key
三.在harbor目录下执行install脚本,确保执行成功
[root@server7 harbor]# ./install.sh --with-chartmuseum
四.复制并重命名证书
[root@server7 harbor]# cd /etc/docker/
[root@server7 docker]# mkdir certs.d
[root@server7 docker]# cd certs.d/
[root@server7 certs.d]# mkdir reg.westos.org
[root@server7 certs.d]# cd reg.westos.org/
[root@server7 reg.westos.org]# cp /data/certs/reg.westos.org.crt ca.crt
[root@server7 reg.westos.org]# ls
ca.crt
五.拉取镜像,修改tag,登陆私有仓库并上传镜像
[root@server7 reg.westos.org]# cd /etc/docker/
[root@server7 docker]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
bf5952930446: Pull complete
cb9a6de05e5a: Pull complete
9513ea0afb93: Pull complete
b49ea07d2e93: Pull complete
a5e4a503d449: Pull complete
Digest: sha256:b0ad43f7ee5edbc0effbc14645ae7055e21bc1973aee5150745632a24a752661
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
[root@server7 docker]# docker tag nginx:latest reg.westos,org/library/nginx:latest
Error parsing reference: "reg.westos,org/library/nginx:latest" is not a valid repository/tag: invalid reference format
[root@server7 docker]# docker tag nginx:latest reg.westos.org/library/nginx:latest
[root@server7 docker]# docker login reg.westos.org
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server7 docker]# docker push reg.westos.org/library/nginx
The push refers to repository [reg.westos.org/library/nginx]
550333325e31: Pushed
22ea89b1a816: Pushed
a4d893caa5c9: Pushed
0338db614b95: Pushed
d0f104dc0a1f: Pushed
latest: digest: sha256:179412c42fe3336e7cdc253ad4a2e03d32f50e3037a860cf5edbeb1aaddb915c size: 1362
六.复制证书到其他节点的主机上
[root@server7 docker]# ls
certs.d daemon.json key.json
[root@server7 docker]# scp -r certs.d/ server4:/etc/docker/
[root@server4 docker]# ls
daemon.json key.json
[root@server4 docker]# vim daemon.json
[root@server4 docker]# systemctl daemon-reload
[root@server4 docker]# systemctl restart docker
[root@server4 docker]# scp -r certs.d/ server5:/etc/docker/
ca.crt 100% 2106 1.5MB/s 00:00
[root@server4 docker]# scp -r certs.d/ server6:/etc/docker/
ca.crt 100% 2106 1.5MB/s 00:00
七.拉取并上传1.18.0版本的nginx
[root@server7 docker]# docker pull nginx:1.18.0
1.18.0: Pulling from library/nginx
bf5952930446: Already exists
42d48e6a5bd5: Pull complete
3c559fefbe6a: Pull complete
586389d18d09: Pull complete
40b115ac927c: Pull complete
Digest: sha256:f05a6e50202cfae65d7a7da959e02c909e93ec47bc3b2c57755b76f583118e8d
Status: Downloaded newer image for nginx:1.18.0
docker.io/library/nginx:1.18.0
[root@server7 docker]# docker tag nginx:1.18.0 reg.westos.org/library/nginx:1.18.0
[root@server7 docker]# docker push reg.westos.org/library/nginx:1.18.0
The push refers to repository [reg.westos.org/library/nginx]
a5f9f505aede: Pushed
11bfb51390a5: Pushed
bf0ea8c01f3a: Pushed
c555e163f015: Pushed
d0f104dc0a1f: Layer already exists
1.18.0: digest: sha256:208b92da689dbbb8362618973e237840cfd5ad435232afeea26e3a1461410af9 size: 1362
八.用私有仓库的镜像创建pod应用
[root@server4 docker]# su - k8s
[k8s@server4 ~]$ kubectl create deployment nginx --image=nginx -r 2
deployment.apps/nginx created
[k8s@server4 ~]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-mm2w6 0/1 ContainerCreating 0 3s
nginx-6799fc88d8-vrp59 1/1 Running 0 3s
[k8s@server4 ~]$ kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-6799fc88d8-mm2w6 1/1 Running 0 9s
nginx-6799fc88d8-vrp59 1/1 Running 0 9s