Harbor单点仓库部署
前言:
部署harbor作为k8s镜像仓库
部署k8s私有镜像仓库harbor 把demo小项目需要的镜像上传到harbor上 修改demo项目的资源配置清单,镜像地址修改为harbord的地址
前面讲k8s集群部署完成
如果将Django项目部署到k8s中,需要镜像,将Django项目打包成镜像推到镜像仓库中
k8s创建pod或者deployment拉取镜像直接指定镜像仓库地址拉取相应的Django镜像
一、环境准备
1.1 软件环境
| 软件 | 版本 |
|---|---|
| 操作系统 | CentOS7.5_x64 |
| Docker | 18-ce |
| harbor | 1.10.2 |
1.2 服务器角色
| 角色 | IP | 组件 |
|---|---|---|
| Harbor仓库 | 10.60.128.219 | docker,docker-compose,harbor |
二、安装Docker
[ ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 [ ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo [ ~]# yum install docker-ce-18.06.3.ce-3.el7 [ ~]# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://bc437cce.m.daocloud.io [ ~]# systemctl start docker [ ~]# systemctl enable docker ### 开启ipv4地址转发 vim /etc/sysctl.conf net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 vm.swappiness=0 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 ### 使文件生效 sysctl -p
三、部署Harbor
官网地址:https://github.com/goharbor/harbor/releases
二进制包下载地址:https://github.com/goharbor/harbor/releases/download/v1.10.2/harbor-offline-installer-v1.10.2.tgz
3.1解压安装包
[ ~]# cd /data/src/ [ src]# wget https://github.com/goharbor/harbor/releases/download/v1.10.2/harbor-offline-installer-v1.10.2.tgz [ src]# tar zxf harbor-offline-installer-v1.10.2.tgz [ src]#cd harbor
3.2 编辑harbor配置文件
[ src]#scp harbor.yml harbor.yml.bak
[ src]#grep -Ev "#|^$" harbor.yml.bak >harbor.yml
[ harbor]# cat harbor.yml
hostname: 10.60.128.219
http:
port: 888
#https:
# port: 443
# certificate: /your/certificate/path
# private_key: /your/private/key/path
harbor_admin_password: Harbor12345
database:
password: root123
max_idle_conns: 50
max_open_conns: 100
data_volume: /data/harbor
clair:
updaters_interval: 12
jobservice:
max_job_workers: 10
notification:
webhook_job_max_retry: 10
chart:
absolute_url: disabled
log:
level: info
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: 1.10.0
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- clair
[10-60-128-219 harbor]#需要更改的地方
#需要更改的地方 hostname: ip port: 8888 harbor_admin_password: 123456 data_volume: /data/harbor
3.3 执行安装
#在安装harbor是许诺先安装docker-compose,否则报错 [ harbor]# yum install docker-compose -y #安装harbor(注意命令执行的所在目录) [ harbor]# ./install.sh
3.4 浏览器访问
http://10.60.128.219:888 用户:admin 密码:Harbor
四、 建立镜像仓库
这里有2种访问级别: 公开:任何人都可以直接访问并下载镜像 私有:登陆授权后才允许下载镜像 #注意 如果创建私有仓库,k8s是不能直接下载的,需要配置安全文件
4.1 创建仓库cloudops
4.2 所有K8S Node节点建立信任
所有节点都配置docker信任harbor仓库并重启docker 注意:所有节点
harbor仓库节点
#配置信任仓库
[ ~]# cat /etc/docker/daemon.json
{"insecure-registries":["10.60.128.219:888"] }
#重启docker
[ ~]# systemctl restart docker
在node1上重启docker后,如果harbor不正常了,重启harbor即可
[10-60-128-219~]# cd /data/src/harbor
[ harbor]# docker-compose restart
Restarting harbor-jobservice ... done
Restarting nginx ... done
Restarting harbor-core ... done
Restarting registryctl ... done
Restarting registry ... done
Restarting harbor-portal ... done
Restarting harbor-db ... done
Restarting redis ... done
Restarting harbor-log ... doneK8S Master 节点
[ ~]# cat /etc/docker/daemon.json
{
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"registry-mirrors": ["http://bc437cce.m.daocloud.io"],
"storage-driver": "overlay2",
"storage-opts": ["overlay2.override_kernel_check=true"],
"insecure-registries":["10.60.128.219:888"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
[-k8s-master ~]# systemctl restart dockcerK8S Node节点
[~]# cat /etc/docker/daemon.json
{
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"registry-mirrors": ["http://bc437cce.m.daocloud.io"],
"storage-driver": "overlay2",
"storage-opts": ["overlay2.override_kernel_check=true"],
"insecure-registries":["10.60.128.219:888"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
[-k8s-node01~]# systemctl restart dockcer
[-k8s-node02~]# cat /etc/docker/daemon.json
{
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"registry-mirrors": ["http://bc437cce.m.daocloud.io"],
"storage-driver": "overlay2",
"storage-opts": ["overlay2.override_kernel_check=true"],
"insecure-registries":["10.60.128.219:888"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
[-k8s-node02~]# systemctl restart dockcer4.3 docker登陆harbor ( 所有节点 都执行 )
Harbor节点 [10-60-128-219 ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345 WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [10-60-128-219 ~]# [ ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345 [ ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345 [ ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345
五、打包镜像并推送
传送门:Django项目构建发布
相关推荐
lihongtai 2020-11-09
链块学院 2020-09-09
HemingwayM 2020-08-07
王道革 2020-11-25
魅惑青花瓷 2020-11-11
TaoTaoFu 2020-11-06
liaochaowu 2020-11-16
ChlatZed 2020-11-11
xysoul 2020-11-03
changecan 2020-09-22
newisI 2020-09-01
lihy0 2020-09-07
fearlessxjdx 2020-09-04
ChlatZed 2020-08-23
starinshy 2020-09-21
longjing 2020-09-18
gracecxj 2020-08-25
yss0 2020-08-19
willluckysmile 2020-08-18