安装Harbor并与K8S集成
安装Harbor
更改主机名
# vim /etc/hostname
# cd /usr/local/src/
# yum install lrzsz
上传harbor安装压缩包
/usr/local/src# ls
harbor-offline-installer-v1.7.5.tgz
解压
# tar -xvf harbor-offline-installer-v1.7.5.tgz
创建证书目录
# cd harbor/
root@iZ8vb4v74i80396clnpsenZ:/usr/local/src/harbor# mkdir certs
创建证书
# cd certs/
创建私钥
# openssl genrsa -out harbor-ca.key
创建自签证书
# openssl req -x509 -new -nodes -key /usr/local/src/harbor/certs/harbor-ca.key -subj "/CN=harbor.edward.net" -days 365 -out /usr/local/src/harbor/certs/harborca.crt
# ls
harborca.crt harbor-ca.key
编辑配置文件
# vim /usr/local/src/harbor/harbor.cfg
hostname = harbor.edward.net #The protocol for accessing the UI and token/notification service, by default it is http. #It can be set to https if ssl is enabled on nginx. ui_url_protocol = https #The path of cert and key files for nginx, they are applied only the protocol is set to https ssl_cert =/usr/local/src/harbor/certs/harborca.crt ssl_cert_key =/usr/local/src/harbor/certs/harbor-ca.key email_server = smtp.163.com email_server_port = 25 email_username = hanyang_mailbox@163.com email_password = "123456" email_from = hanyang <hanyang_mailbox@163.com> email_ssl = false email_insecure = false #Change the admin password from UI after launching Harbor. harbor_admin_password = 123456
利用阿里云镜像,外网环境安装docker
# curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
安装docker compose
# apt-get install docker-compose
安装haobor
# cd /usr/local/src/harbor
# systemctl daemon-reload
# systemctl restart docker
# ./install.sh
添加A记录
192.168.101.131 harbor.edward.net
访问一下harbor地址,并登录,查看证书
在harbor中新建公开项目baseimages
K8S与Harbor集成
在master上添加A记录
# vim /etc/hosts
172.26.161.39 harbor.edward.net
# ping harbor.edward.net
在master1上创建路径
# mkdir /etc/docker/certs.d/harbor.edward.net -p
将harbor上创建的证书拷贝至master1
# scp /usr/local/src/harbor/certs/harborca.crt 192.168.101.100:/etc/docker/certs.d/harbor.edward.net/
将master1的docker服务重启
# systemctl restart docker
master1登录harbor
# docker login harbor.edward.net
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
此时,master1可向harbor上传下载镜像了
测试master1向harbor上传镜像是否成功
# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
c9b1b535fdd9: Pull complete
Digest: sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
root@master1:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest e7d92cdc71fe 2 weeks ago 5.59MB
root@master1:~# docker tag alpine:latest harbor.edward.net/baseimages/alpine:latest
root@master1:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest e7d92cdc71fe 2 weeks ago 5.59MB
harbor.edward.net/baseimages/alpine latest e7d92cdc71fe 2 weeks ago 5.59MB
root@master1:~# docker push harbor.edward.net/baseimages/alpine:latest
The push refers to repository [harbor.edward.net/baseimages/alpine]
5216338b40a7: Pushed
latest: digest: sha256:ddba4d27a7ffc3f86dd6c2f92041af252a1f23a8e742c90e6e1297bfa1bc0c45 size: 528
测试成功!
