Harbor关联k8s

1,  准备工作,事先准备https登录的Harbor,和k8s集群

2.  修改master节点hosts文件,添加Harbor的域名解析,不加后面会报错

192.168.169.133 harbor.solomon.com

3,修改master节点的docker启动配置文件

参考链接:
https://blog.csdn.net/u013201439/article/details/81271182
https://blog.csdn.net/weixin_45191791/article/details/109956983
因为节点上要以http的方式手动登录Harbor一次,所以,必须配置insecury-registry参数
vi /usr/lib/systemd/system/docker.service

#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecStart=/usr/bin/dockerd --insecure-registry=harbor.solomon.com

3. 修改master节点docker的仓库地址

vi /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": ["https://harbor.solomon.com"]
}

4. 重启docker服务

systemctl daemon-reload
systemctl restart docker

5. 手动登录harbor

docker login -u admin -p Harbor12345 192.168.169.133

6. 查看登录密钥数据

[root@k8s-node1 ~]# cat .docker/config.json 
{
	"auths": {
		"192.168.169.133": {
			"auth": "YWRtaW46SGFyYm9yMTIzNDU="
		}
	}

7. 对密钥数据进行加密

[root@k8s-master ~]# cat .docker/config.json |base64
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE2OS4xMzMiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2
U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9Cn0=

8. 在master节点创建secret资源

vim admin-secret.yml
apiVersion: v1
kind: Secret
metadata:
  name: registry-secret
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE2OS4xMzMiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9Cn0=

# 创建命令
kubectl apply -f admin-secret.yml

# 查看创建结果
kubectl get secret

 

9.  创建拉取镜像启动容器的yml文件,并用 imagePullsecrets参数制定拉取镜像的秘钥

root@master deployment]# cat test_nginx.yaml 
apiVersion: apps/v1
kind: Deployment
metadata: 
  name: test-nginx
  labels: 
    env: dev
    tiar: front
  namespace: default					#命名空间,要与secret的一致,不要找不到对应的secret
spec:
  replicas: 1
  selector:
     matchLabels:
         app: test-nginx
  template:
     metadata:
       labels:
         app: test-nginx
     spec:
         imagePullSecrets: 				#使用imagePullSecrets参数指定镜像拉取秘钥
         - name: harbor-registry		#使用我们的secret,即harbor-registry 
         containers:
         - image: 192.168.118.119:443/my_harbor/nginx:v1	#指定拉取的镜像,注意这里的镜像名称只需要写到ip地址,端口号,仓库名,镜像名,版本
           name: nginx-container
           imagePullPolicy: IfNotPresent
           ports:
           - name: http 
             containerPort: 80

  

10. 为了能让node节点也能从私有镜像仓库拉取镜像,需要修改下docker的daemon.json文件

[root@node1 ~]# cat /etc/docker/daemon.json 
{
    "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
    "exec-opts": ["native.cgroupdriver=systemd"],
    "insecure-registries": ["harbor.solomon.com"]		#添加这一句,不加的话docker login将会报错的
}

 

node节点也需要修改docker启动文件

参考链接:
https://blog.csdn.net/u013201439/article/details/81271182
https://blog.csdn.net/weixin_45191791/article/details/109956983
因为节点上要以http的方式手动登录Harbor一次,所以,必须配置insecury-registry参数
vi /usr/lib/systemd/system/docker.service

#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecStart=/usr/bin/dockerd --insecure-registry=harbor.solomon.com

  

 

[root@node1 ~]#  systemctl  daemon-reload		#重载
[root@node1 ~]#  systemctl  restart docker		#重启docker

  

 

 

 

 

 

 

 

  

  

posted @ 2022-08-11 11:49  solomon123  阅读(259)  评论(0编辑  收藏  举报