Harbor单点仓库部署

前言:

部署harbor作为k8s镜像仓库

部署k8s私有镜像仓库harbor
把demo小项目需要的镜像上传到harbor上
修改demo项目的资源配置清单,镜像地址修改为harbord的地址

前面讲k8s集群部署完成

如果将Django项目部署到k8s中,需要镜像,将Django项目打包成镜像推到镜像仓库中

k8s创建pod或者deployment拉取镜像直接指定镜像仓库地址拉取相应的Django镜像

一、环境准备

1.1 软件环境

软件版本
操作系统CentOS7.5_x64
Docker18-ce
harbor1.10.2

1.2 服务器角色

角色IP组件
Harbor仓库10.60.128.219docker,docker-compose,harbor

 

 

 二、安装Docker

[ ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[ ~]# yum-config-manager --add-repo  https://download.docker.com/linux/centos/docker-ce.repo
[ ~]# yum install docker-ce-18.06.3.ce-3.el7
[ ~]# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://bc437cce.m.daocloud.io
[ ~]# systemctl start docker
[ ~]# systemctl enable docker
### 开启ipv4地址转发
vim /etc/sysctl.conf 
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
### 使文件生效
sysctl -p

三、部署Harbor

官网地址:https://github.com/goharbor/harbor/releases

 二进制包下载地址:https://github.com/goharbor/harbor/releases/download/v1.10.2/harbor-offline-installer-v1.10.2.tgz

3.1解压安装包

[ ~]# cd /data/src/
[ src]# wget https://github.com/goharbor/harbor/releases/download/v1.10.2/harbor-offline-installer-v1.10.2.tgz
[ src]# tar zxf harbor-offline-installer-v1.10.2.tgz 
[ src]#cd harbor

3.2 编辑harbor配置文件

[ src]#scp harbor.yml harbor.yml.bak
[ src]#grep -Ev "#|^$" harbor.yml.bak >harbor.yml
[ harbor]# cat harbor.yml
hostname: 10.60.128.219
http:
  port: 888
#https:
#  port: 443
#  certificate: /your/certificate/path
#  private_key: /your/private/key/path
harbor_admin_password: Harbor12345
database:
  password: root123
  max_idle_conns: 50
  max_open_conns: 100
data_volume: /data/harbor
clair:
  updaters_interval: 12
jobservice:
  max_job_workers: 10
notification:
  webhook_job_max_retry: 10
chart:
  absolute_url: disabled
log:
  level: info
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /var/log/harbor
_version: 1.10.0
proxy:
  http_proxy:
  https_proxy:
  no_proxy:
  components:
    - core
    - jobservice
    - clair
[10-60-128-219 harbor]#

需要更改的地方

#需要更改的地方
hostname: ip
port: 8888
harbor_admin_password: 123456
data_volume: /data/harbor

3.3 执行安装

#在安装harbor是许诺先安装docker-compose,否则报错
[ harbor]# yum install docker-compose -y

#安装harbor(注意命令执行的所在目录)
[ harbor]# ./install.sh

Harbor单点仓库部署

 3.4 浏览器访问

http://10.60.128.219:888
用户:admin
密码:Harbor

Harbor单点仓库部署

Harbor单点仓库部署

四、 建立镜像仓库

这里有2种访问级别:
公开:任何人都可以直接访问并下载镜像
私有:登陆授权后才允许下载镜像

#注意
如果创建私有仓库,k8s是不能直接下载的,需要配置安全文件

4.1 创建仓库cloudops

Harbor单点仓库部署

Harbor单点仓库部署

 4.2 所有K8S Node节点建立信任

所有节点都配置docker信任harbor仓库并重启docker 注意:所有节点

harbor仓库节点

#配置信任仓库
[ ~]# cat /etc/docker/daemon.json
{"insecure-registries":["10.60.128.219:888"] }
#重启docker
[ ~]# systemctl restart docker

在node1上重启docker后,如果harbor不正常了,重启harbor即可
[10-60-128-219~]# cd /data/src/harbor
[ harbor]# docker-compose restart 
Restarting harbor-jobservice ... done
Restarting nginx             ... done
Restarting harbor-core       ... done
Restarting registryctl       ... done
Restarting registry          ... done
Restarting harbor-portal     ... done
Restarting harbor-db         ... done
Restarting redis             ... done
Restarting harbor-log        ... done

K8S  Master 节点

[ ~]# cat /etc/docker/daemon.json
{
        "max-concurrent-downloads": 3,
        "max-concurrent-uploads": 5,
        "registry-mirrors": ["http://bc437cce.m.daocloud.io"],
        "storage-driver": "overlay2",
        "storage-opts": ["overlay2.override_kernel_check=true"],
        "insecure-registries":["10.60.128.219:888"],
        "log-driver": "json-file",
        "log-opts": {
            "max-size": "100m",
            "max-file": "3"
        }
}
[-k8s-master ~]# systemctl restart dockcer

K8S Node节点

[~]# cat /etc/docker/daemon.json
{
        "max-concurrent-downloads": 3,
        "max-concurrent-uploads": 5,
        "registry-mirrors": ["http://bc437cce.m.daocloud.io"],
        "storage-driver": "overlay2",
        "storage-opts": ["overlay2.override_kernel_check=true"],
        "insecure-registries":["10.60.128.219:888"],
        "log-driver": "json-file",
        "log-opts": {
            "max-size": "100m",
            "max-file": "3"
        }
}
[-k8s-node01~]# systemctl restart dockcer 

[-k8s-node02~]# cat /etc/docker/daemon.json
{
        "max-concurrent-downloads": 3,
        "max-concurrent-uploads": 5,
        "registry-mirrors": ["http://bc437cce.m.daocloud.io"],
        "storage-driver": "overlay2",
        "storage-opts": ["overlay2.override_kernel_check=true"],
        "insecure-registries":["10.60.128.219:888"],
        "log-driver": "json-file",
        "log-opts": {
            "max-size": "100m",
            "max-file": "3"
        }
}
[-k8s-node02~]# systemctl restart dockcer

4.3 docker登陆harbor ( 所有节点 都执行 )

Harbor节点
[10-60-128-219 ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[10-60-128-219 ~]#
[ ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345
[ ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345
[ ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345

五、打包镜像并推送

传送门:Django项目构建发布

相关推荐