一 habor 安装
1,先下载docker-compose
curl -SL https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
2 下载harbor镜像
wget https://github.com/goharbor/harbor/releases/download/v2.5.0/harbor-offline-installer-v2.5.0.tgz
tar xzvf ./harbor-offline-installer-v2.5.0.tgz
#新建挂载目录
mkdir -p /root/data/harbor
#配置参数修改命令:
vi /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
sysctl -p
3,设置一个域名,生成ssl证书
你的服务器IP地址 192.168.56.111 harbor.ly.cn
4, 生成证书,提示输入信息:Country Name填CN,Common Name填域名
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor.ly.cn.key -out harbor.ly.cn.csr
openssl x509 -req -days 365 -in harbor.ly.cn.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out harbor.ly.cn.crt
生成的证书目录
/usr/local/harbor/ca.key #CA私有证书
/usr/local/harbor/ca.crt #CA证书
/usr/local/harbor/harbor.ly.cn.key #服务器私有证书
/usr/local/harbor/harbor.ly.cn.csr #服务器证书请求文件
/usr/local/harbor/ca.srl #无用
/usr/local/harbor/harbor.ly.cn.crt #服务器证书
修改harbor 配置文件
cp ./harbor.yml.tmpl ./harbor.yml; #复制模板文件为正式的配置文件
配置文件入下
# harbor安装的ip地址或域名,用于访问harbor 管理界面和registry仓库服务。
# 不能设置为 localhost or 127.0.0.1,因为Harbor需要被外部客户端访问
hostname: 192.168.56.111
# http 相关的配置
http:
# http端口, 默认是80. 如果启用了https,访问这个端口将被转发请求到https 端口
# 这里尽量不要改,找一台80端口没被占用的服务器安装harbor,后续镜像上传打标签更加方便不用加端口(http服务默认就是80)
port: 80
# https 相关的配置
https:
# https port for harbor, default is 443
port: 443
# 配置服务端证书
certificate: /usr/local/harbor/harbor.ly.cn.crt
private_key: /usr/local/harbor/harbor.ly.cn.key
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# Harbor admin 管理员初始化密码
# 它仅仅用于第一次安装harbor初始化登录使用
# Harbor启动之后进入管理节面之后记得通过UI修改密码
harbor_admin_password: xxxxxx
# 安装数据库的配置
database:
# 数据库的root用户密码,用于生产环境必须修改为强度高的密码
password: harboradmin
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 100
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 1024 for postgres of harbor.
max_open_conns: 900
# harbor持久化数据保存目录,上文中新建的目录
data_volume: /root/data/harbor
执行安装脚本
# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.14
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.29.2
修改hosts 文件增加域名
192.168.56.111 harbor.ly.cn
可以把证书放在docker 目录下,进行访问harbor(非必要)
#所有节点创建目录
mkdir -p /etc/docker/certs.d/harbor.ly.cn;
cp ./ca.crt /etc/docker/certs.d/harbor.ly.cn/ca.crt;
for i in k8s-master02 k8s-master03 k8s-node01 k8s-master01;do scp ca.crt $i:/etc/docker/certs.d/harbor.ly.cn/; done
修改dockr daemon.json 文件
vim /etc/docker/daemon.json
{
"insecure-registries":["harbor.ly.cn","dev.xxxx.cn:20080"],
"live-restore": true,
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver":"json-file",
"log-opts":{
"max-size" :"100m","max-file":"6"
},
"storage-driver": "overlay2"
}
###########
cat > /etc/docker/daemon.json <<EOF
{
"insecure-registries":["harbor.ly.cn","dev.xxxx.cn:2080"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver":"json-file",
"log-opts":{
"max-size" :"100m","max-file":"6"
},
"storage-driver": "overlay2"
}
EOF
###########
systemctl daemon-reload && systemctl restart docker
#overlay2 驱动控制占用磁盘的大小
#/etc/docker/daemon.json配置文件如下,这里将每个容器可以使用的磁盘空间设置为1G:
{
"data-root": "/data/docker",
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true",
"overlay2.size=1G"
]
}
用docker-compose 重启harbor 镜像
docker-compose stop
docker-compose start
尝试docker login
docker login harbor.ly.cn
查看镜像
docker images
打标签
docker tag 镜像id harbor.ly.cn/xlk/xlk-auth:v1
登录harbor
docker login -u admin -p xxxxxx harbor.ly.cn
向harbor推送镜像
docker push harbor.ly.cn/xlk/xlk-auth:v1
二 安装docker swarm
1 管理节点执行命令
docker swarm init --advertise-addr 192.168.56.107
出现以下信息info
[root@k8s-master01 ~]# docker swarm init --advertise-addr 192.168.56.107
Swarm initialized: current node (ddeyl7kfsly77ane4xq7mihv5) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-1dujmqpw9kyfs3hzb0k7afb0vaqp3vr1s82cr3iq7fss91lptd-9szso56qov7sb1r56ixx2mcub 192.168.56.107:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
可以自动获取token 并加入到集群中
token=$(ssh -o StrictHostKeyChecking=no 192.168.56.107 "docker swarm join-token -q worker") && echo $token
docker swarm join 192.168.56.107:2377 --token $token
#当做管理节点加入
docker swarm join-token manager
管理节点查看节点设备
docker node ls
#离开集群
docker swarm leave
#添加标签
docker node update --label-add zone=master hrarchives1
卸载docker删除运行目录没办法删除解决方案:
cat /proc/mounts | grep 'docker'
umount xxxxxx
三 部署 Deploy Portainer
portainer 只在管理节点上运行,非优雅的方式
mkdir -p /root/host/data
docker service create --name portainer --publish 9000:9000 --constraint 'node.role==manager' --mount type=bind,src=/root/host/data,dst=/data --mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock portainer/portainer -H unix:///var/run/docker.sock
stack 部署portainer-ce,部署agent 与 portainer,优雅的方式
curl -L https://downloads.portainer.io/portainer-agent-stack.yml -o portainer-agent-stack.yml
docker stack deploy -c portainer-agent-stack.yml portaniers
#docker-compose
mv docker-compose /usr/local/bin/ && chmod 777 /usr/local/bin/docker-compose && ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
四 部署skywalking 服务
参考博客:
https://www.cnblogs.com/a120608yby/p/17168188.html
#源skywalking 文档
https://github.com/apache/skywalking/tree/master/docker