欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

安装私有仓库 Harbor

程序员文章站 2024-03-12 10:30:50
...

系统:CentOS 7

安装 Docker

# 依赖
$ yum install -y yum-utils device-mapper-persistent-data lvm2
# 导入阿里云的镜像仓库
$ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装 Docker
$ yum install -y docker-ce

# 启动 Docker 并设为开机自启
$ systemctl start docker
$ systemctl enable docker

# 配置 daemon
# 使用阿里云镜像加速器,需要注册账号使用
# 增加对不安全域名的信任
$ cat > /etc/docker/daemon.json << EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "registry-mirrors": ["https://p02s6s7i.mirror.aliyuncs.com"],
  "insecure-registries": ["https://hub.yuchunyu.me"]
}
EOF
$ mkdir -p /etc/systemd/system/docker.service.d
# 重启 Docker 服务
$ systemctl daemon-reload && systemctl restart docker && systemctl enable docker

同时,需要在其他使用该仓库的节点的 Docker 配置文件中加入 "insecure-registries": ["https://hub.yuchunyu.me"]

# master01 node01 node02
$ vim /etc/docker/daemon.json
$ systemctl restart docker

安装 docker-compose

$ sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
# 查看是否安装成功
$ docker-compose -v

下载 Harbor 离线安装包,并安装

https://github.com/goharbor/harbor/releases 到 Github 下载离线安装包,并传到机器上。

# 解压文件
$ tar -zxvf harbor-offline-installer-v1.9.1.tgz
# 将文件拷贝到 /usr/local/ 目录下
$ mv harbor /usr/local/
$ cd /usr/local/harbor/

# 修改配置文件
$ vim harbor.yml
# 修改如下几行:
hostname: hub.yuchunyu.me
...
https:
 port: 443
 certificate: /opt/harbor/ssl/harbor.crt
 private_key: /opt/harbor/ssl/harbor-key.pem
# 保存并退出

# 创建**目录
$ mkdir -p /opt/harbor/ssl/
$ cd /opt/harbor/ssl/

# 创建 https 证书以及配置相关目录权限
# 创建私钥,输入密码:Harbor12345
$ openssl genrsa -des3 -out harbor-key.pem 2048
# 创建证书请求 CSR,输入密码:Harbor12345
# 并输入信息:CN BJ BJ yuchunyu yuchunyu hub.yuchunyu.me [email protected] 空 空
$ openssl req -new -key harbor-key.pem -out harbor.csr
# 备份私钥
$ cp harbor-key.pem harbor-key.pem.origin
# 清除密码,输入密码:Harbor12345
$ openssl rsa -in harbor-key.pem.origin -out harbor-key.pem
# 签名
$ openssl x509 -req -days 365 -in harbor.csr -signkey harbor-key.pem -out harbor.crt
# 赋予权限
$ chmod a+x *

# 回到之前的目录,进行安装
$ cd /usr/local/harbor
$ ./install.sh

配置 Host 文件

# master01 node01 node02 以及 宿主机
# 添加 192.168.159.30 hub.yuchunyu.me
# 三个节点执行命令
$ echo "192.168.159.30 hub.yuchunyu.me" >> /etc/hosts

# Windows 修改完 host 之后在 CMD 中执行命令刷新 DNS
> ipconfig/flushdns

还要在 Harbor 的机器中修改一下 hosts 如下:

$ vim /etc/hosts
# 如下
192.168.159.10 k8s-master01
192.168.159.20 k8s-node01
192.168.159.21 k8s-node02
192.168.159.30 hub.yuchunyu.me

访问 Harbor

通过 https://hub.yuchunyu.me/ 访问

  • 默认用户名:admin
  • 默认密码:Harbor12345

在 K8S 集群中 master01 节点测试

测试 Harbor

# 登录
$ docker login https://hub.yuchunyu.me
# username: admin
# password: Harbor12345

# 拉取镜像
$ docker pull wangyanglinux/myapp:v1
# 改名
$ docker tag wangyanglinux/myapp:v1 hub.yuchunyu.me/library/myapp:v1
# 推送
$ docker push hub.yuchunyu.me/library/myapp:v1
# 如果成功,即可在网页端查看到新推送的镜像

# 成功后,可以将这两个镜像删除
$ docker rmi wangyanglinux/myapp:v1
$ docker rmi hub.yuchunyu.me/library/myapp:v1

测试 K8S 集群

获取帮助命令:kubectl run --help

# 部署一个 Pod 并查看状态
$ kubectl run nginx-deployment --image=hub.yuchunyu.me/library/myapp:v1 --port=80 --replicas=1
$ kubectl get deployment
$ kubectl get rs
$ kubectl get pod -o wide
NAME                                READY   STATUS    RESTARTS   AGE   IP           NODE         NOMINATED NODE   READINESS GATES
nginx-deployment-54b6d968c4-fkj7w   1/1     Running   0          19s   10.244.1.2   k8s-node01   <none>           <none>

# 可以在集群内通过私有 IP 来进行访问
$ curl 10.244.1.2
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
$ curl 10.244.1.2/hostname.html
nginx-deployment-54b6d968c4-fkj7w

# 删除 Pod 后会自动重建
$ kubectl delete pod nginx-deployment-54b6d968c4-fkj7w
$ kubectl get pod -o wide
NAME                                READY   STATUS    RESTARTS   AGE   IP           NODE         NOMINATED NODE   READINESS GATES
nginx-deployment-54b6d968c4-vp2sq   1/1     Running   0          23s   10.244.2.2   k8s-node02   <none>           <none>

# 扩容
$ kubectl scale --replicas=3 deployment/nginx-deployment
$ kubectl get pod -o wide
NAME                                READY   STATUS    RESTARTS   AGE    IP           NODE         NOMINATED NODE   READINESS GATES
nginx-deployment-54b6d968c4-crltd   1/1     Running   0          6s     10.244.1.3   k8s-node01   <none>           <none>
nginx-deployment-54b6d968c4-js89b   1/1     Running   0          6s     10.244.2.3   k8s-node02   <none>           <none>
nginx-deployment-54b6d968c4-vp2sq   1/1     Running   0          2m2s   10.244.2.2   k8s-node02   <none>           <none>

# 通过 SVC 访问
$ kubectl expose deployment nginx-deployment --port=30000 --target-port=80
$ kubectl get svc
NAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)     AGE
kubernetes         ClusterIP   10.96.0.1        <none>        443/TCP     18h
nginx-deployment   ClusterIP   10.109.126.182   <none>        30000/TCP   5s
# 通过 curl 访问
$ curl 10.109.126.182:30000
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
# 而且会轮询访问三个 Pod
$ curl 10.109.126.182:30000/hostname.html
nginx-deployment-54b6d968c4-crltd
$ curl 10.109.126.182:30000/hostname.html
nginx-deployment-54b6d968c4-crltd
$ curl 10.109.126.182:30000/hostname.html
nginx-deployment-54b6d968c4-js89b
...

# 让外部可以访问
$ kubectl edit svc nginx-deployment
# 将 type 改为 NodePort,保存退出
$ kubectl get svc
NAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)           AGE
kubernetes         ClusterIP   10.96.0.1        <none>        443/TCP           18h
nginx-deployment   NodePort    10.109.126.182   <none>        30000:32195/TCP   8m46s
# 可以通过 192.168.159.10:32195
# 和 192.168.159.20:32195 和 192.168.159.21:32195 访问

最后,重启 Harbor

$ cd /usr/local/harbor/ && docker-compose up -d

设置开机自启

$ vim /usr/lib/systemd/system/harbor.service
# 内容如下
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor

[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose -f /usr/local/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /usr/local/harbor/docker-compose.yml down

[Install]
WantedBy=multi-user.target
# 保存并退出

$ sudo systemctl enable harbor
$ sudo systemctl start harbor
相关标签: Harbor