基于k8s的DEVOPS Part2 ---- 创建 Harbor 镜像仓库

Harbor 概述

Harbor是由VMWare公司开源的容器镜像仓库。除了harbor vmware公司还开源了很多k8s周边产品(网络 备份 监控)确实是一个很理想的公司事实上,Harbor是在Docker Registry上进行了相应的企业级扩展,从而获得了更加广泛的应用,这些新的企业级特性包括:管理用户界面,基于角色的访问控制,AD/LDAP集成以及审计日志等,足以满足基本企业需求。

官方:https://goharbor.io/
Github:https://github.com/goharbor/harbor

Harbor 架构

TEB(比较简单就是存储镜像的地方就不介绍了)

Harbor 部署

安装dokcer 和docker-compose

https://github.com/docker/compose/releases

[root@k8s-harbor ~]# docker -v
Docker version 19.03.13, build 4484c46d9d

[root@k8s-harbor ~]# docker-compose -v
docker-compose version 1.27.3, build 4092ae5d

 

部署Harbor HTTP 

下载 harbor安装包 https://github.com/goharbor/harbor/releases

# tar zxvf harbor-offline-installer-v2.0.0.tgz
# cd harbor
# cp harbor.yml.tmpl harbor.yml
# vi harbor.yml

hostname: k8s-harbor.cds.local
https:
  # https port for harbor, default is 443
 port: 443
  # 证书可以使用cfssl工具生成
 certificate: /root/cert/www.pem
 private_key: /root/cert/www-key.pem
harbor_admin_password: VMware1!
harbor_admin_password: VMware1!

# Harbor DB configuration
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: root123

# ./prepare
# ./install.sh

浏览器登陆验证

 

 将harbor使用证书复制到k8s节点

### k8s节点上创建证书目录
mkdir -p /etc/docker/certs.d/harbor
### 复制证书
cd /etc/docker/certs.d/harbor
scp root@172.16.0.14:/root/cert/www.pem .

 

验证

### k8s 所有节点配置 harbor可信
# vi /etc/docker/daemon.json
{"insecure-registries":["k8s-harbor.cds.local"]}
### 重启dockers服务
# systemctl restart docker
###拉取镜像
[root@k8s-master03 harbor]# docker pull k8s-harbor.cds.local/library/centos:7
7: Pulling from library/centos
75f829a71a1c: Pull complete 
Digest: sha256:fe2347002c630d5d61bf2f28f21246ad1c21cc6fd343e70b4cf1e5102f8711a9
Status: Downloaded newer image for k8s-harbor.cds.local/library/centos:7
k8s-harbor.cds.local/library/centos:7

  

 

 

posted @ 2021-01-01 19:59  小兵黑尔  阅读(159)  评论(0编辑  收藏  举报