Harbor单点仓库部署
前言:
部署harbor作为k8s镜像仓库
部署k8s私有镜像仓库harbor
把demo小项目需要的镜像上传到harbor上
修改demo项目的资源配置清单,镜像地址修改为harbord的地址
前面讲k8s集群部署完成
如果将Django项目部署到k8s中,需要镜像,将Django项目打包成镜像推到镜像仓库中
k8s创建pod或者deployment拉取镜像直接指定镜像仓库地址拉取相应的Django镜像
一、环境准备
软件 | 版本 |
---|---|
操作系统 | CentOS7.5_x64 |
Docker | 18-ce |
harbor | 1.10.2 |
角色 | IP | 组件 |
---|---|---|
Harbor仓库 | 10.60.128.219 | docker,docker-compose,harbor |
二、安装Docker
[root@10-60-128-219 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 [root@10-60-128-219 ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo [root@10-60-128-219 ~]# yum install docker-ce-18.06.3.ce-3.el7 [root@10-60-128-219 ~]# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://bc437cce.m.daocloud.io [root@10-60-128-219 ~]# systemctl start docker [root@10-60-128-219 ~]# systemctl enable docker ### 开启ipv4地址转发 vim /etc/sysctl.conf net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 vm.swappiness=0 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 ### 使文件生效 sysctl -p
二进制包下载地址:https://github.com/goharbor/harbor/releases/download/v1.10.2/harbor-offline-installer-v1.10.2.tgz
3.1解压安装包
[root@10-60-128-219 ~]# cd /data/src/ [root@10-60-128-219 src]# wget https://github.com/goharbor/harbor/releases/download/v1.10.2/harbor-offline-installer-v1.10.2.tgz [root@10-60-128-219 src]# tar zxf harbor-offline-installer-v1.10.2.tgz [root@10-60-128-219 src]#cd harbor
3.2 编辑harbor配置文件
[root@10-60-128-219 src]#scp harbor.yml harbor.yml.bak [root@10-60-128-219 src]#grep -Ev "#|^$" harbor.yml.bak >harbor.yml [root@10-60-128-219 harbor]# cat harbor.yml hostname: 10.60.128.219 http: port: 888 #https: # port: 443 # certificate: /your/certificate/path # private_key: /your/private/key/path harbor_admin_password: Harbor12345 database: password: root123 max_idle_conns: 50 max_open_conns: 100 data_volume: /data/harbor clair: updaters_interval: 12 jobservice: max_job_workers: 10 notification: webhook_job_max_retry: 10 chart: absolute_url: disabled log: level: info local: rotate_count: 50 rotate_size: 200M location: /var/log/harbor _version: 1.10.0 proxy: http_proxy: https_proxy: no_proxy: components: - core - jobservice - clair [root@10-60-128-219 harbor]#
需要更改的地方
#需要更改的地方 hostname: ip port: 8888 harbor_admin_password: 123456 data_volume: /data/harbor
3.3 执行安装
#在安装harbor是许诺先安装docker-compose,否则报错 [root@10-60-128-219 harbor]# yum install docker-compose -y #安装harbor(注意命令执行的所在目录) [root@10-60-128-219 harbor]# ./install.sh
3.4 浏览器访问
http://10.60.128.219:888
用户:admin
密码:Harbor
四、 建立镜像仓库
这里有2种访问级别: 公开:任何人都可以直接访问并下载镜像 私有:登陆授权后才允许下载镜像 #注意 如果创建私有仓库,k8s是不能直接下载的,需要配置安全文件
4.1 创建仓库cloudops
4.2 所有K8S Node节点建立信任
所有节点都配置docker信任harbor仓库并重启docker 注意:所有节点
harbor仓库节点
#配置信任仓库 [root@10-60-128-219 ~]# cat /etc/docker/daemon.json {"insecure-registries":["10.60.128.219:888"] } #重启docker [root@10-60-128-219 ~]# systemctl restart docker 在node1上重启docker后,如果harbor不正常了,重启harbor即可 [root@10-60-128-219~]# cd /data/src/harbor [root@10-60-128-219 harbor]# docker-compose restart Restarting harbor-jobservice ... done Restarting nginx ... done Restarting harbor-core ... done Restarting registryctl ... done Restarting registry ... done Restarting harbor-portal ... done Restarting harbor-db ... done Restarting redis ... done Restarting harbor-log ... done
K8S Master 节点
[root@vm-k8s-master ~]# cat /etc/docker/daemon.json { "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, "registry-mirrors": ["http://bc437cce.m.daocloud.io"], "storage-driver": "overlay2", "storage-opts": ["overlay2.override_kernel_check=true"], "insecure-registries":["10.60.128.219:888"], "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "3" } } [root@vm-k8s-master ~]# systemctl restart dockcer
K8S Node节点
[root@vm-k8s-node01~]# cat /etc/docker/daemon.json { "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, "registry-mirrors": ["http://bc437cce.m.daocloud.io"], "storage-driver": "overlay2", "storage-opts": ["overlay2.override_kernel_check=true"], "insecure-registries":["10.60.128.219:888"], "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "3" } } [root@vm-k8s-node01~]# systemctl restart dockcer [root@vm-k8s-node02~]# cat /etc/docker/daemon.json { "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, "registry-mirrors": ["http://bc437cce.m.daocloud.io"], "storage-driver": "overlay2", "storage-opts": ["overlay2.override_kernel_check=true"], "insecure-registries":["10.60.128.219:888"], "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "3" } } [root@vm-k8s-node02~]# systemctl restart dockcer
4.3 docker登陆harbor ( 所有节点 都执行 )
Harbor节点 [root@10-60-128-219 ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345 WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@10-60-128-219 ~]# [root@vm-k8s-master ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345 [root@vm-k8s-node01 ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345 [root@vm-k8s-node02 ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345