文章目录
- 一、下载所需软件包
- 1.docker-compose
- 2.harbor
- 二、安装docker-compose
- 1.安装docker
- 2.配置docker-compose
- 三、安装harbor
- 1.编辑harbor配置文件
- 2.加载harbor配置(重新加载配置文件,只要修改配置文件就需要执行)
- 3.开始安装harbor
- 4.docker-compose 命令启动/停止harbor
- 四、配置nginx代理harbor
- 五、kubernetes配置harbor镜像仓库
- 1.创建harbor的secrets用于拉取镜像的凭证
- 2.配置deployment拉取私有镜像时使用的secerts凭证
一、下载所需软件包
1.docker-compose
docker-compose地址:https://github.com/docker/compose/releases/
[root@iZbp135usqaei1stvsrzxoZ fands]# wget -c https://github.com/docker/compose/releases/download/v2.9.0/docker-compose-linux-x86_64
2.harbor
harbor官方地址:https://goharbor.io/
harbor github地址:https://github.com/goharbor/harbor
[root@iZbp135usqaei1stvsrzxoZ fands]# wget -c https://github.com/goharbor/harbor/releases/download/v2.4.2/harbor-offline-installer-v2.4.2.tgz
二、安装docker-compose
1.安装docker
[root@iZbp135usqaei1stvsrzxoZ ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
[root@iZbp135usqaei1stvsrzxoZ ~]# yum -y install docker-ce
[root@iZbp135usqaei1stvsrzxoZ ~]# systemctl enable docker && systemctl start docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@iZbp135usqaei1stvsrzxoZ ~]# systemctl status docker
2.配置docker-compose
[root@iZbp135usqaei1stvsrzxoZ fands]# mv docker-compose-linux-x86_64 /usr/bin/docker-compose
[root@iZbp135usqaei1stvsrzxoZ fands]# chmod +x /usr/bin/docker-compose
[root@iZbp135usqaei1stvsrzxoZ fands]# docker-compose -v
Docker Compose version v2.9.0
三、安装harbor
[root@iZbp135usqaei1stvsrzxoZ fands]# tar -zxvf harbor-offline-installer-v2.4.2.tgz -C /hqtbj/hqtwww/
[root@iZbp135usqaei1stvsrzxoZ fands]# cd /hqtbj/hqtwww/
[root@iZbp135usqaei1stvsrzxoZ hqtwww]# mv harbor harbor_workspace
[root@iZbp135usqaei1stvsrzxoZ hqtwww]# cd harbor_workspace/
[root@iZbp135usqaei1stvsrzxoZ harbor_workspace]# cp harbor.yml.tmpl harbor.yml
1.编辑harbor配置文件
[root@iZbp135usqaei1stvsrzxoZ harbor_workspace]# vim harbor.yml
#harbor的域名
hostname: registry.hqtong.com
#默认http
http:
port: 80
#开启https访问
https:
port: 443
certificate: /hqtbj/hqtwww/harbor_workspace/ssl/registry.hqtong.com.pem
private_key: /hqtbj/hqtwww/harbor_workspace/ssl/registry.hqtong.com.key
#数据存放目录(实际存放镜像的地方,需要备份好)
data_volume: /hqtbj/hqtwww/data/harbor
...
2.加载harbor配置(重新加载配置文件,只要修改配置文件就需要执行)
[root@iZbp135usqaei1stvsrzxoZ harbor_workspace]# ./prepare
3.开始安装harbor
只需要要在首次安装时执行,若重复执行则将丢失所有已有景象,慎重!!
[root@iZbp135usqaei1stvsrzxoZ harbor_workspace]# ./install.sh
安装完成后会在当前目录下出现一个docker-compose.yml文件,主要用于管理harbor这些容器的
4.docker-compose 命令启动/停止harbor
需要进入harbor工作目录下执行(含有docker-compose.yaml文件的目录)
#停止harbor所有容器
docker-compose stop
#启动harbor所有容器
docker-compose up -d
四、配置nginx代理harbor
server {
listen 80;
server_name registry.wonderlink.cc;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name registry.wonderlink.cc;
location / {
proxy_pass https://172.32.0.175:443;
}
ssl_certificate /etc/nginx/conf.d/cert/wonderlink.cc/master/*.wonderlink.cc.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/wonderlink.cc/master/*.wonderlink.cc.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
}
通过域名访问:
默认用户名admin
默认密码Harbor12345
创建项目空间存放镜像
五、kubernetes配置harbor镜像仓库
1.创建harbor的secrets用于拉取镜像的凭证
#这里生成的secrets是访问harbor的用户名密码
[root@k8s-master1 ~]# kubectl create secret docker-registry --help
[root@k8s-master1 ~]# kubectl create secret docker-registry fatall-registry-secret --docker-username=admin --docker-password=123456 --docker-server=https://registry.wonderlink.cc -n fat
[root@k8s-master1 ~]# kubectl get secrets -n fat
NAME TYPE DATA AGE
default-token-ktkdt kubernetes.io/tls 2 474d
fatall-registry-secret kubernetes.io/dockerconfigjson 1 12m
2.配置deployment拉取私有镜像时使用的secerts凭证
官网配置如下:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
主要是在下载镜像时添加如下内容:
apiVersion: apps/v1
kind: Deployment
...
spec:
#设置下载harbor私有镜像时用的凭证
imagePullSecrets:
- name: fatall-registry-secret
containers:
- name: energy-order-api
image: registry.wonderlink.cc/hqt-registry-fat/energy-order-api:F-2153-20240703-18.37.52
imagePullPolicy: IfNotPresent
