devops-harbor & nexus

安装条件

最少4核4G

安装docker,docker-compose

Harbor

# 下载harbor安装包 解压
tar -zxvf harbor-offline-installer-v2.4.1.tgz -C /usr/local/
cd /usr/local/harbor/
cp harbor.yml.tmpl harbor.yml

vim harbor.yml
修改hostname改成IP地址 注释https部分 修改密码
安装
./install.sh

机器重启后操作
先停止Harbor
docker-compose down -v
在重启Harbor
docker-compose up -d

客户端连接前准备

vim /etc/docker/daemon.json
{
   "insecure-registries" : ["192.168.44.22"]
}

重启docker
systemctl restart docker

登录Harbor
docker login 192.168.44.22 -u admin -p Harbor12345

配置k8s 访问docker私库

• https://kubernetes.io/zh/docs/tasks/configure-pod-container/pull-image-private-registry/
• https://kubernetes.io/zh/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
• https://kubernetes.io/zh/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account

1. 先登录一次，产生对应的config.json文件
docker login 192.168.44.22 -u test -p 123456

[root@k8s-master ~]# cat ~/.docker/config.json
{
  "auths": {
    "192.168.44.22": {
      "auth": "dGVzdDoxMjM0NTY="
    }
  }
}
1. 命令行创建
kubectl create secret docker-registry docker-registry-secret --namespace=default --docker-server=192.168.44.22 --docker-username=test --docker-password=123456 --docker-email=test@qq.com

registry-secret: secret的名称
docker-server: 登陆harbor页面的ip
docker-username:为harbor中的username
docker-password:为harbor中用户对应的password
docker-email：为harbor中用户对应的email地址

kubectl get secret
kubectl delete secret docker-registry-secret

# 检查清单
kubectl get secret docker-registry-secret --output=yaml

#  将 ImagePullSecrets 添加到服务账号
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "docker-registry-secret"}]}'


# 使用
apiVersion: v1
kind: Pod
metadata:
  name: private-reg
spec:
  containers:
  - name: private-reg-container
    image: <your-private-image>
  imagePullSecrets:
  - name: docker-registry-secret

Nexus3

安装说明

mkdir -p ~/nexus-data
chmod -R 777 ~/nexus-data

// 8081是maven仓库 8082是docker私库
docker run -d -p 8081:8081 -80:8082 --restart always --name nexus -v ~/nexus-data:/nexus-data sonatype/nexus3

默认密码位置
cat ~/nexus-data/admin.password

Nexu3-Maven私库

• 配置阿里云proxy
  http://maven.aliyun.com/nexus/content/groups/public

• 配置 maven-public
  

• 配置 maven-release，允许上传Jar包
  

• 创建用户
  

maven settings

<?xml version="1.0" encoding="UTF-8"?>

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<localRepository>D:/develop/maven-nexus-lib</localRepository>
  <pluginGroups>
  </pluginGroups>

  <proxies>
  </proxies>

  <servers>
    <server>
		<id>maven-releases</id>
		<username>test</username>
		<password>123456</password>
	  </server>
	  <server>
		<id>maven-snapshots</id>
		<username>test</username>
		<password>123456</password>
	  </server>
  </servers>
  <mirrors>
	<mirror>
        <id>nexus</id>
        <mirrorOf>*</mirrorOf>
        <url>http://192.168.44.22:8081/repository/maven-public/</url>
    </mirror>
  </mirrors>

  <profiles>
  </profiles>
  <activeProfiles>
  </activeProfiles>
</settings>

• pom发布

<distributionManagement>
    <repository>
        <id>maven-releases</id>
        <name>maven-releases</name>
        <url>http://192.168.44.22:8081/repository/maven-releases/</url>
    </repository>
    <snapshotRepository>
        <id>maven-snapshots</id>
        <name>maven-snapshots</name>
        <url>http://192.168.44.22:8081/repository/maven-snapshots/</url>
    </snapshotRepository>
</distributionManagement>


----默认地，maven编译打包不会下载SNAPSHOT版本的jar包，所以还需要在pom.xml文件中配置支持下载snapshot版本jar包。
<repositories>
        <repository>
            <id>maven-snapshots</id>
            <url>http://192.168.44.22:8081/repository/smart_group/</url>
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
        </repository>
    </repositories>

问题

1. harbor镜像越来越多占满磁盘，影响正常运行，暴力清理

# 停止 Harbor 服务
[root@harbor harbor]# docker-compose down
# 进入 sha256 目录
[root@harbor ~]# cd /data/registry/docker/registry/v2/blobs/sha256/
# 查看大小
[root@harbor sha256]# du -h --max-depth=1 .
# 删除 sha256 目录下所有文件
[root@harbor sha256]# rm -rf  ./*
# 重启 Harbor 服务
[root@harbor harbor]# cd -
[root@harbor harbor]# docker-compose -d

去管理后台执行 垃圾清理
因为是粗暴清理，所以还会存在一些关系依赖，从而会导致镜像拉不下来，
所以立即清理垃圾，清理完成即可正常上传下载。