1、安装docker
###安装脚本###
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
yum makecache fast
yum -y install docker-ce
###配置镜像加速器###
mkdir /etc/docker/
vi /etc/docker/daemon.json
{
"live-restore": true,
"registry-mirrors": ["https://hub-mirror.c.163.com", "https://bmtrgdvx.mirror.aliyuncs.com", "http://f1361db2.m.daocloud.io"],
"log-driver": "json-file",
"log-opts": {"max-file": "3", "max-size": "10m"}
}
###重启服务###
systemctl enable docker
systemctl start docker
2、安装docker-compose
curl -L https://get.daocloud.io/docker/compose/releases/download/v2.1.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
3、配置harbor
###上传harbor安装包###
tar -zxvf harbor-offline-installer-v2.4.0.tgz
mv harbor /usr/local/
cd /usr/local/harbor/
###生成harbor的密钥###
openssl genrsa -out docker.com.key 2048
openssl req -new -key docker.com.key -out docker.com.csr -subj "/CN=192.168.20.72" ###此为harbor服务器的IP地址
openssl x509 -req -days 3650 -in docker.com.csr -signkey docker.com.key -out docker.com.crt
####创建日志目录###
mkdir -p /var/log/harbor
4、修改harbor配置文件
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
###只需要修改主机名字段对应的Ip地址,证书存放位置即可。
5、安装Harbor
执行./install.sh
安装完成如下图:
通过web登录:(默认账号密码:admin/Harbor12345)
6、docker客户端登录
vim /usr/lib/systemd/system/docker.service
注释ExecStart行,新增以下内容(地址为harbor地址):
ExecStart=/usr/bin/dockerd --insecure-registry 192.168.20.72
systemctl daemon-reload
systemctl restart docker
docker login https://192.168.20.72
7、创建项目
8、推送镜像
docker pull nginx:latest
docker image inspect nginx | grep -i version
docker tag nginx:latest 192.168.20.72/prod/nginx:v1.21.3
docker push 192.168.20.72/prod/nginx:v1.21.3
登录web进行查看:
9、K8S使用harbor
参考本文章第6部分内容,为每个master和woker节点修改配置文件,确保每个节点均能login。
# 以下命令在master节点执行
# 创建用于登陆harbor的secret
# 注意修改IP地址和用户/密码
kubectl create secret docker-registry harbor-secret \
--docker-server=192.168.20.72 --docker-username=admin \
--docker-password=P@ssw0rd
# 查看创建的secret
kubectl get secret
# 查看serviceaccount
kubectl get sa
# 指定serviceaccount的secret为harbor的secret
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "harbor-secret"}]}'
# 查看是否修改成功
kubectl describe sa default
10、创建yaml,从harbor拉取镜像
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
selector:
matchLabels:
app: nginx
replicas: 3
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: 192.168.20.72/prod/nginx:v1.21.3
ports:
- containerPort: 80