一、环境准备
二、下载harbor及docker-compose
三、配置SSL证书
四、配置harbor
五、启动harbor
六、配置k8s集群node节点连接harbor
一、环境准备
1.1 整体架构
1 通过kubectl 命令工具 发起 资源创建kubectl create -f [资源文件名].yaml
2 k8s 处理相关请求后 kube-scheduler 服务 为pod 寻找一个合适的 “家” node2 并创建pod。
3 node2 上的kubelet 处理相关资源,使用docker 拉取 相关镜像 并run 。
注意:这里只说明了整个流程的工作流转情况,请勿深究!
1.2 服务器环境准备
# 关闭防火墙
systemctl stop firewalld
# 关闭selinux
setenforce 0
# 设置域名映射
cat etc/hosts
10.20.17.27 harbor.lijie.com
#添加系统参数配置
vim etc/sysctl.conf
添加以下内容
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1
# 生效系统配置
sysctl -p
# 安装docker
步骤省略
二、下载harbor及docker-compose
2.1 下载harbor
2.1.1 下载harbor二进制安装包
mkdir opt/tools
cd opt/tools/
wget https://github.com/goharbor/harbor/releases/download/v2.0.0/harbor-offline-installer-v2.0.0.tgz
2.2.2 解压harbor压缩包
tar zxvf harbor-offline-installer-v2.0.0.tgz
2.2.3 放到安装目录下
将解压后的harbor包放到规划的服务安装目录下
cp /opt/tools/harbor opt/app/ -rf
2.2 安装docker-compose
注:因为harbor需要使用到docker-compose进行容器编排,所以必须安装docker-compose
2.2.1 下载docker-compose
curl -L https://github.com/docker/compose/releases/download/1.26.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
或
https://github.com/docker/compose/releases/download/1.26.0/docker-compose-Linux-x86_64
2.2.2 为docker-compose赋权
mv docker-compose-Linux-x86_64 docker-compose
chmod +x docker-compose
2.2.3 检查docker-compose是否安装成功
查看docker-compose版本号
# docker-compose --version
docker-compose version 1.26.0, build d4451659
三、配置SSL证书
注:若使用域名自带ssl证书,可忽略此步骤,因为本次实验为虚拟机环境,所以需要自己生成SSL证书
3.1 获得证书授权
创建证书目录
mkdir opt/tools/ssl
cd opt/tools/ssl/
# openssl genrsa -out ca.key 4096
# openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=cn/ST=BeiJing/L=BeiJing/O=ph/OU=basis/CN=harbor.lijie.com" \
-key ca.key \
-out ca.crt
# ls
ca.crt ca.key
3.2 获得服务器证书
3.2.1 创建自己的私钥
# openssl genrsa -out harbor.lijie.com.key 4096
# ls harbor.lijie.com.key
harbor.lijie.com.key
3.2.2 生成证书签名请求
# openssl req -sha512 -new \
-subj "/C=cn/ST=BeiJing/L=BeiJing/O=ph/OU=basis/CN=harbor.lijie.com" \
-key harbor.lijie.com.key \
-out harbor.lijie.com.csr
# ls harbor.lijie.com.*
harbor.lijie.com.csr harbor.lijie.com.key
3.2.3 生成注册表主机的证书
# vim v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.lijie.com
DNS.2=harbor.lijie
DNS.3=localhost
# ls v3.ext
v3.ext
# openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in harbor.lijie.com.csr \
-out harbor.lijie.com.crt
# ls harbor.lijie.com.*
harbor.lijie.com.crt harbor.lijie.com.csr harbor.lijie.com.key
3.2.3 配置服务器证书
获取harbor.lijie.com.crt和harbor.lijie.com.key文件后,可以将它们复制到某个目录下,修改harbor配置文件时需要指定它们的路径
mkdir /opt/app/harbor/cert
cp /opt/tools/ssl/harbor.lijie.com.crt /opt/app/harbor/cert/
cp /opt/tools/ssl/harbor.lijie.com.key /opt/app/harbor/cert/
四、配置harbor
4.1 配置docker-registry信任
注:此文件没有就创建,所有节点都配置
# vim etc/docker/daemon.json
{
"registry-mirrors": ["https://zn14eon5.mirror.aliyuncs.com"],
"insecure-registries": ["https://harbor.lijie.com"]
}
重启docker
systemctl restart docker
4.2 配置harbor.cfg文件
# cd opt/app/harbor/
# cp harbor.yml.tmpl harbor.yml
# 创建harbor数据目录
# mkdir opt/app/harbor/data
# vim harbor.yml
hostname: harbor.lijie.com harbor域名
certificate: /opt/app/harbor/cert/harbor.lijie.com.crt 域名ssl正式文件路径
private_key: /opt/app/harbor/cert/harbor.lijie.com.key 域名ssl正式文件路径
harbor_admin_password: Harbor12345 harbor管理员密码
data_volume: /opt/app/harbor/data harbor数据目录路径
五、启动harbor
5.1 使用docker-compose启动harbor
# cd opt/app/harbor/
./install.sh
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dc71ae4b4786 goharbor/nginx-photon:v2.0.0 "nginx -g 'daemon of…" 16 seconds ago Up 13 seconds (health: starting) 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp nginx
f1a8e92312dd goharbor/harbor-jobservice:v2.0.0 "/harbor/entrypoint.…" 16 seconds ago Up 13 seconds (health: starting) harbor-jobservice
549e725cd538 goharbor/harbor-core:v2.0.0 "/harbor/entrypoint.…" 17 seconds ago Up 16 seconds (health: starting) harbor-core
c278254ff662 goharbor/harbor-registryctl:v2.0.0 "/home/harbor/start.…" 20 seconds ago Up 16 seconds (health: starting) registryctl
1871632e70c7 goharbor/harbor-db:v2.0.0 "/docker-entrypoint.…" 20 seconds ago Up 18 seconds (health: starting) 5432/tcp harbor-db
a43ed098862c goharbor/registry-photon:v2.0.0 "/home/harbor/entryp…" 20 seconds ago Up 18 seconds (health: starting) 5000/tcp registry
bb4761af527d goharbor/redis-photon:v2.0.0 "redis-server etc/r…" 20 seconds ago Up 17 seconds (health: starting) 6379/tcp redis
9124390d0090 goharbor/harbor-portal:v2.0.0 "nginx -g 'daemon of…" 20 seconds ago Up 17 seconds (health: starting) 8080/tcp harbor-portal
b2eb1bfe14fd goharbor/harbor-log:v2.0.0 "/bin/sh -c usr/loc…" 21 seconds ago Up 20 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log
5.2 harbor启停命令
关闭harbor所有容器
cd opt/app/harbor/
docker-compose stop
启动harbor所有容器
# cd opt/app/harbor/
# docker-compose start
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dc71ae4b4786 goharbor/nginx-photon:v2.0.0 "nginx -g 'daemon of…" 2 minutes ago Up 14 seconds (health: starting) 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp nginx
f1a8e92312dd goharbor/harbor-jobservice:v2.0.0 "/harbor/entrypoint.…" 2 minutes ago Up 15 seconds (health: starting) harbor-jobservice
549e725cd538 goharbor/harbor-core:v2.0.0 "/harbor/entrypoint.…" 2 minutes ago Up 15 seconds (health: starting) harbor-core
c278254ff662 goharbor/harbor-registryctl:v2.0.0 "/home/harbor/start.…" 2 minutes ago Up 16 seconds (health: starting) registryctl
1871632e70c7 goharbor/harbor-db:v2.0.0 "/docker-entrypoint.…" 2 minutes ago Up 16 seconds (health: starting) 5432/tcp harbor-db
a43ed098862c goharbor/registry-photon:v2.0.0 "/home/harbor/entryp…" 2 minutes ago Up 16 seconds (health: starting) 5000/tcp registry
bb4761af527d goharbor/redis-photon:v2.0.0 "redis-server etc/r…" 2 minutes ago Up 28 seconds (health: starting) 6379/tcp redis
9124390d0090 goharbor/harbor-portal:v2.0.0 "nginx -g 'daemon of…" 2 minutes ago Up 15 seconds (health: starting) 8080/tcp harbor-portal
b2eb1bfe14fd goharbor/harbor-log:v2.0.0 "/bin/sh -c usr/loc…" 2 minutes ago Up 29 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log
5.3 系统内登录harbor
# docker login https://harbor.lijie.com
Username: admin
Password: Harbor12345
WARNING! Your password will be stored unencrypted in root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
5.4 web页面登录harbor
URL: https://harbor.lijie.com
用户名: admin
密码: Harbor12345 #默认密码
六、配置k8s集群node节点连接harbor
6.1 配置docker-registry信任
设置域名域名
# vim etc/hosts
10.20.17.27 harbor.lijie.com
配置docker-registry信任
# vim etc/docker/daemon.json
{
"registry-mirrors": ["https://zn14eon5.mirror.aliyuncs.com"],
"insecure-registries": ["https://harbor.lijie.com"]
}
重启docker
systemctl restart docker
6.2 镜像上传下载测试
准备一个镜像
# docker images
harbor.lijie.com/test-sea/test-sea-pc-qianduan test01 53fc40728179 4 weeks ago 128MB
harbor中创建相应的 test-sea 目录
服务器登录harbor
# docker login https://harbor.lijie.com
Username: admin
Password: Harbor12345
WARNING! Your password will be stored unencrypted in root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
服务器上传镜像测试
# docker push harbor.lijie.com/test-sea/test-sea-pc-qianduan:test01
The push refers to repository [harbor.lijie.com/test-sea/test-sea-pc-qianduan]
517a6f7a179b: Pushed
1a37372c0b9a: Pushed
d9ecb47f8ce5: Pushed
b64e871cc780: Pushed
08d25fa0442e: Pushed
a8c4aeeaa045: Pushed
cdb3f9544e4c: Pushed
test01: digest: sha256:6b7b2af499c8debec8bb8adb3ac2a74293f3e8b194644344d8154f92f3e589c0 size: 1784
服务器下载镜像测试
# 服务器中删除镜像
docker rmi harbor.lijie.com/test-sea/test-sea-pc-qianduan:test01
# 下载镜像测试
# docker pull harbor.lijie.com/test-sea/test-sea-pc-qianduan:test01
test01: Pulling from test-sea/test-sea-pc-qianduan
Digest: sha256:6b7b2af499c8debec8bb8adb3ac2a74293f3e8b194644344d8154f92f3e589c0
Status: Downloaded newer image for harbor.lijie.com/test-sea/test-sea-pc-qianduan:test01
harbor.lijie.com/test-sea/test-sea-pc-qianduan:test01
# docker images
harbor.lijie.com/test-sea/test-sea-pc-qianduan test01 53fc40728179 4 weeks ago 128MB
注:k8s集群中其它node节点如上配置即可
文章转载自看见月亮的人,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
