```bash
ip:192.168.0.145
环境设置
防火墙,selinux等,可以使用本章开头的那个shell脚本
其他主机的hosts文件也都添加上
ip hub.aaa.com
windows系统的hosts也修改
安装docker,启动,开机启动
其他主机也都加上这个
vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"insecure-registries": ["https://hub.aaa.com"] # 仓库地址
}
添加后重启docker
下载配置docker-compose
官方地址:https://docs.docker.com/compose/install/
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose docker-compose --version
下载harbor软件
官方地址:https://github.com/goharbor/harbor/releases
官方说明文档:https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
证书文档:https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.0.tgz
tar -zxv -f harbor-offline-installer-v1.9.0.tgz -C /usr/local/
cd /usr/local/harbor
vim harbor.yml
# 可以使用80端口或443端口
hostname: hub.aaa.com
https:
port: 443
certificate: /usr/local/harbor/cert
private_key: /usr/local/harbor/cert
# 其余保持默认
# 创建上述俩目录
mkdir -p /usr/local/harbor/cert/
# 创建整数
cd /usr/local/harbor/cert
openssl genrsa -out ca.key 4096
# 这一步注意域名,其他信息比如地区城市等可以酌情修改
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=hub.aaa.com" \
-key ca.key \
-out ca.crt
openssl genrsa -out hub.aaa.com.key 4096
openssl req -sha512 -new \
-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=hub.aaa.com" \
-key hub.aaa.com.key \
-out hub.aaa.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=hub.aaa.com
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in hub.aaa.com.csr \
-out hub.aaa.com.crt
chmod a+x *
# 再次编辑配置文件,配置上证书
vim /usr/local/harbor/harbor.yml
certificate: /usr/local/harbor/cert/hub.aaa.com.crt
private_key: /usr/local/harbor/cert/hub.aaa.com.key
# 校验
cd /usr/local/harbo
./prepare
# 安装
./install.sh
# 安装之后的提示
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis ... done
Creating registry ... done
Creating harbor-portal ... done
Creating harbor-db ... done
Creating registryctl ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://hub.aaa.com.
For more details, please visit https://github.com/goharbor/harbor .
# 查看
docker ps -a
# 打开浏览器访问https://hub.aaa.com
# 用户名:admin
# 密码:Harbor12345
# 可以在harbor.yml文件中查看修改
# 其他K8S节点登陆验证
docker login https://hub.aaa.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
# 退出登陆
docker logout https://hub.aaa.com
测试
# 其他节点主机下载镜像推送到仓库,使用的是一个测试的镜像 docker pull wangyanglinux/myapp:v1 # web页面,项目,library,镜像仓库,右上角有一个推送镜像: # 在项目中标记镜像:docker tag SOURCE_IMAGE[:TAG] hub.aaa.com/library/IMAGE[:TAG] # 推送镜像到当前项目:docker push hub.aaa.com/library/IMAGE[:TAG] # 给镜像重新打标签 docker tag wangyanglinux/myapp:v1 hub.aaa.com/library/myapp:v1 # 需要先登陆,然后才能push docker push hub.aaa.com/library/myapp:v1 # 此时在web界面就可以查看到推送过来的镜像 # 节点删除镜像 docker rmi -f hub.aaa.com/library/myapp:v1 docker rmi -f wangyanglinux/myapp:v1 # master主机从仓库拉取镜像,创建pod run nginx-deployment --image=hub.aaa.com/library/myapp:v1 --port=80 --replicas=1 kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead. deployment.apps/nginx-deployment created