zoukankan      html  css  js  c++  java
  • harbor仓库安装

    https://6xyun.cn/article/50
    

    环境:

    192.168.0.65 harbor 、docker
    一、安装相关依赖
    1、安装Docker Docker 使用离线版docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm下载地址:https://download.docker.com/linux/centos/7/x86_64/stable/Packages/ wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm # 将安装 Docker 和依赖包 yum install -y docker-ce-*.rpm 启动docker systemctl enable docker systemctl restart docker 查看docker版本 [root@bogon harbor]# docker version Client: Version: 17.03.2-ce API version: 1.27 Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Server: Version: 17.03.2-ce API version: 1.27 (minimum version 1.12) Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 Experimental: false 2、安装docker-compose 直接下载 curl -L https://github.com/docker/compose/releases/download/1.8.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose 方式一:python-pip安装 # 安装python-pip yum -y install epel-release yum -y install python-pip # 安装docker-compose pip install docker-compose pip install --upgrade pip 方式二:源码安装 wget https://github.com/docker/compose/archive/master.zip unzip master.zip compose-master python setup.py install 查看docker-compose版本 [root@bogon harbor]# docker-compose version docker-compose version 1.13.0dev, build unknown docker-py version: 2.2.1 CPython version: 2.7.5 OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013 二、部署镜像私服Harbor Harbor官方网址:https://github.com/vmware/harbor 1、下载Harbor离线安装包 wget https://storage.googleapis.com/harbor-releases/release-1.4.0/harbor-offline-installer-v1.4.0.tgz 官方镜像站:http://harbor.orientsoft.cn/ 2、解压 tar zxvf harbor-offline-installer-v1.4.0.tgz 3、修改配置文件 cd harbor vi harbor.cfg 注意:此处我们只修改 hostname=192.168.0.65:5000(私有仓库主机ip) 配置文件参数说明(转自:http://www.cnblogs.com/jicki/p/5737369.html) ## Configuration file of Harbor # hostname 设置访问地址,支持IP,域名,主机名,禁止设置127.0.0.1 hostname = reg.mydomain.com # 访问协议,可设置 http,https ui_url_protocol = http # 邮件通知, 配置邮件通知。 email_server = smtp.mydomain.com email_server_port = 25 email_username = sample_admin@mydomain.com email_password = abc email_from = admin <sample_admin@mydomain.com> email_ssl = false # harbor WEB UI登陆使用的密码 harbor_admin_password = Harbor12345 # 认证方式,这里支持多种认证方式,默认是 db_auth ,既mysql数据库存储认证。 # 这里还支持 ldap 以及 本地文件存储方式。 auth_mode = db_auth # ldap 服务器访问地址。 ldap_url = ldaps://ldap.mydomain.com ldap_basedn = uid=%s,ou=people,dc=mydomain,dc=com # mysql root 账户的 密码 db_password = root123 self_registration = on use_compressed_js = on max_job_workers = 3 verify_remote_cert = on customize_crt = on # 一些显示的设置. crt_country = CN crt_state = State crt_location = CN crt_organization = organization crt_organizationalunit = organizational unit crt_commonname = example.com crt_email = example@example.com 此处我们只修改 hostname=192.168.0.65:5000(私有仓库主机ip) 修改端口: 需要修改web访问端口的话,先在harbor.cfg中hostname=192.168.0.65:5000,再把docker-compose.yml中的80端口改为5000,如下(只贴修改部分) [root@bogon harbor]# vi harbor.cfg hostname=192.168.0.65:5000 [root@bogon harbor]# vi docker-compose.yml proxy: image: vmware/nginx:1.11.5-patched container_name: nginx restart: always volumes: - ./common/config/nginx:/etc/nginx:z networks: - harbor ports: - 5000:80 - 443:443 - 4443:4443 4.1、配置docker加速拉取官方镜像、同时配置docker可以上传镜像到私有仓库 [root@bogon harbor]# vi /etc/docker/daemon.json { "registry-mirrors": ["https://wb2g6zxl.mirror.aliyuncs.com"],"insecure-registries":["192.168.43.65:5000"]} [root@bogon harbor]# systemctl restart docker 说明:哪台主机需要上传镜像到刚搭建的私有仓库,就需要更改docker进程启动的相关参数
    以上参数说明如下: A、修改docker守护进程启动参数 注意:
    --registry-mirror=https://olzwzeg2.mirror.aliyuncs.com 是用于docker镜像下载加速的,

    如何设置镜像加速请参照如下链接:
    https://www.cnblogs.com/effortsing/p/10060610.html


    B、
    insecure-registries":["192.168.43.65:5000"] 这句话的意思是可以把本地的镜像上传到192.168.43.65这台上的harbor仓库上

    哪台主机的docker需要上传镜像到harbor仓库,就需要修改那一台的docker启动参数为 insecure-registries":["192.168.43.65:5000"]

    C、然后重启docker进程 重启进程前应先停掉所有在运行的容器
    4.2、更新生成相关配置文件 [root@bogon harbor]#./prepare #报错不用管,直接下一步 5、安装 # 启动 Docker [root@bogon harbor]#systemctl restart docker # 执行安装脚本 [root@bogon harbor]#./install.sh 完成完成之后就可以在浏览器中输入:http://192.168.0.65::5000 进入Harbor的Web管理后台(5000是docker-compose.yml配置文件中nginx容器的默认端口), 默认的帐号密码是admin,Harbor12345(如果你没有修改harbor.cfg中的harbor_admin_password)
    查看compose状态

    [root@bogon harbor]# cd harbor      (必须先进到harbor仓库里里面,否则无法查看状态)
    
    [root@bogon harbor]# docker-compose ps
           Name                     Command               State                                 Ports                                
    --------------------------------------------------------------------------------------------------------------------------------
    harbor-adminserver   /harbor/start.sh                 Up                                                                         
    harbor-db            /usr/local/bin/docker-entr ...   Up      3306/tcp                                                           
    harbor-jobservice    /harbor/start.sh                 Up                                                                         
    harbor-log           /bin/sh -c /usr/local/bin/ ...   Up      127.0.0.1:1514->10514/tcp                                          
    harbor-ui            /harbor/start.sh                 Up                                                                         
    nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:5000->80/tcp 
    registry             /entrypoint.sh serve /etc/ ...   Up      5000/tcp                                   
    
    
    
    
    停止harbor

    (必须进到harbor目录下执行,否则报错) [root@bogon harbor]# cd harbor [root@bogon harbor]# docker
    -compose stop 启动harbor

    (必须进到harbor目录下执行,否则报错) [root@bogon harbor]# cd harbor [root@bogon harbor]# docker
    -compose start 6、上传镜像到私有仓库 修改docker镜像tag标签 (注意标签的规范格式) 注意;下面的tag标签是按照修改harbor的端口后上传的,需要tag镜像带上端口,否则无法上传,报错 格式为:ip:端口/项目名/image名字:版本号(项目名为harbor中的项目名) [root@bogon harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest c82521676580 2 weeks a [root@bogon harbor]# docker tag nginx:latest 192.168.43.65:5000/library/nginx/latest [root@bogon harbor]# docker images 192.168.43.65:5000/library/nginx/latest latest c82521676580 2 weeks ago 109 MB
    登陆并push

    账号密码: admin/Harbor12345
    [root@bogon harbor]# docker
    login 192.168.43.65:5000 Username (admin): Password: Login Succeeded [root@bogon harbor]# docker push 192.168.43.65:5000/library/nginx/latest The push refers to a repository [192.168.43.65:5000/library/nginx/latest] 08d25fa0442e: Pushed a8c4aeeaa045: Pushed cdb3f9544e4c: Pushed latest: digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f size: 948 退出登录: docker logout 报错: [root@bogon harbor]# docker login 192.168.43.65:5000 Username (admin): admin Password: Harbor12345 Login Succeeded [root@bogon harbor]# docker push 192.168.43.65/library/nginx:latest The push refers to a repository [192.168.43.65/library/nginx] Get https://192.168.43.65/v1/_ping: dial tcp 192.168.43.65:443: getsockopt: connection refused 解决: 能登录成功但是无法上传镜像, 是因为harbor的端口是5000, 没有用原来的80端口,所以需要tag镜像的时候加上5000端口再push [root@bogon harbor]# docker tag 192.168.43.65/library/nginx:latest 192.168.43.65:5000/library/nginx/latest [root@bogon harbor]# docker login 192.168.43.65:5000 Username (admin): Password: Login Succeeded [root@bogon harbor]# docker push 192.168.43.65:5000/library/nginx/latest The push refers to a repository [192.168.43.65:5000/library/nginx/latest] 08d25fa0442e: Pushed a8c4aeeaa045: Pushed cdb3f9544e4c: Pushed latest: digest: sha256:2de9d5fc6585b3f330ff5f2c323d2a4006a49a476729bbc0910b695771526e3f size: 948 7、k8s中使用harbor
    7.1、在harbor的ui界面上注册一个账号 姓名:zihao 全名:zhuzihao 密码:Zihao@5tgb 邮箱:15613691030@163.com 7.2、在需要从harbor仓库中拉取镜像的主机上,同样必须要修改docker进程参数(没有这一步,以后会出现各种错误) 在node节点配置: [root@reg harbor]# vi /etc/docker/daemon.json { "registry-mirrors": ["https://wb2g6zxl.mirror.aliyuncs.com"],"insecure-registries": ["192.168.43.65:5000"]} 重启docker

    7.3、在node节点验证登录harbor主机 [root@lab2 ~]# docker login 192.168.43.65:5000 Username (zihao): zihao Password: Login Succeeded [root@lab2 ~]# docker logout Not logged in to https://index.docker.io/v1/ 7.4、配置私有仓库harbor的secret 在harbor这台上先登录,输入docker login登陆成功后,会在 /root/.docker/ 目标下生成一个 config.json 文件 [root@reg harbor]# docker login 192.168.43.65:5000 Username (admin): admin Password: Login Succeeded [root@reg harbor]# ls /root/.docker/ config.json [root@reg harbor]# cat /root/.docker/config.json { "auths": { "192.168.43.65:5000": { "auth": "YWRtaW46SGFyYm9yMTIzNDU=" }, "wb2g6zxl.mirror.aliyuncs.com": { "auth": "YWRtaW46SGFyYm9yMTIzNDU=" } } } 创建secret 准备: kubectl create secret docker-registry registry-secret --namespace=default --docker-server=192.168.43.65:5000 --docker-username=zihao --docker-password=Zihao@5tgb --docker-email=15613691030@163.com 创建: [root@lab2 nginx-harbor]# kubectl create secret docker-registry registry-secret --namespace=default > --docker-server=192.168.43.65:5000 --docker-username=zihao > --docker-password=Zihao@5tgb --docker-email=15613691030@163.com 查看secret [root@lab2 nginx-harbor]# kubectl get secret NAME TYPE DATA AGE default-token-czfbg kubernetes.io/service-account-token 3 21d registry-secret kubernetes.io/dockerconfigjson 1 1h 删除secret [root@lab2 nginx-harbor]# kubectl delete secret registry-secret secret "registry-secret" deleted 7.5、在k8s的node节点中使用yaml拉取镜像 注意: image不要写成 http:// 这样无法拉取镜像 下面两句不写也可以 imagePullSecrets: - name: registry-secret spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: http-test-con image: 192.168.43.65:5000/library/nginx/latest:latest imagePullPolicy: Always ports: - containerPort: 80 imagePullSecrets: - name: registry-secret 测试: [root@lab2 nginx-harbor]# vi http-test.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: http-test-dm2 spec: replicas: 1 template: metadata: labels: name: http-test-dm2 spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: http-test-con image: 192.168.43.65:5000/library/nginx/latest:latest imagePullPolicy: Always ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: http-nginx-ser spec: type: NodePort ports: - port: 80 nodePort: 30000 targetPort: 80 selector: name: http-test-dm2 --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: grafana spec: rules: - host: www.nginx2.com http: paths: - path: / backend: serviceName: http-nginx-ser servicePort: 80 [root@lab2 nginx-harbor]# kubectl create -f http-test.yaml [root@lab2 nginx-harbor]# kubectl get po NAME READY STATUS RESTARTS AGE http-test-dm2-7f9c4fd896-jkkrx 1/1 Running 0 8m 8、其他主机从私有仓库下载镜像 在需要下载镜像的机器上,需要修改docker进程参数(跟上传镜像到私有仓库一样操作进行修改) docker pull 192.168.0.65/library/busybox:latest 9、管理 9.1、修改端口号 对于http发布方式,Harbor默认使用80端口,需要修改端口按照如下方法: 修改docker-compose.yml中nginx的配置,将80:80的第一个80改为自定义的端口号。 修改common/templates/registry/config.yml,在auth部分[root@bogon harbor]#ui_url后面加上自定义的端口号 修改完成后,运行下面的命令重新配置Harbor docker-compose down ./install.sh 对于第一次安装,直接修改完所有配置文件后执行install.sh就可以。 9.2、停止/启动Harbor docker-compose stop docker-compose start 9.3、卸载Harbor 执行如下步骤彻底删除Harbor,以便重新安装: sudo docker-compose down rm -rf /data/database rm -rf /data/registry 9.4、修改Harbor配置 首先删除container,修改配置,然后运行install.sh重新启动container,命令如下: docker-compose down vim harbor.cfg ./install.sh 三、部署镜像服Registry 由于Harbor已经包含了registry的镜像,这里就将就使用这个镜像来部署。 配置 创建一个存储registery配置的文件夹: mkdir registry 拷贝harbor内registry的配置文件 cp harbor/common/config/registry/* registry/ 向config.yml追加代理配置 cat>>registry/config.yml<<'EOF' proxy: remoteurl: https://registry-1.docker.io EOF 创建一个docker-compose.yml文件,内容如下: version: '2' services: registry: image: vmware/registry-photon:v2.6.2-v1.4.0 container_name: registry-mirror restart: always volumes: - /data/registry:/storage:z - ../registry/:/etc/registry/:z networks: - harbor ports: - '5000:5000' environment: - GODEBUG=netdns=cgo command: ["serve", "/etc/registry/config.yml"] networks: harbor: external: false 管理 # 启动cd registry && docker-compose start# 停止cd registry && docker-compose stop 使用 同阿里云设置,地址改一下就可以。 这里地址根据配置文件是: http://192.168.0.65:5000
  • 相关阅读:
    Xshell连接阿里云Centos6.8
    vsftpd文件服务器安装与配置
    JDK安装(linux系统)
    网站架构
    linux软件源配置
    java 调用静态方法和构造函数和静态块执行的先后顺序
    Mybatis的WHERE和IF动态
    MAVEN项目(仓库中没有jar包)
    Shiro
    MVC系列学习(六)-Razor语法
  • 原文地址:https://www.cnblogs.com/effortsing/p/10061096.html
Copyright © 2011-2022 走看看