前言:
部署harbor作為k8s鏡像倉庫
部署k8s私有鏡像倉庫harbor
把demo小項目需要的鏡像上傳到harbor上
修改demo項目的資源配置清單,鏡像地址修改為harbord的地址
前面講k8s集群部署完成
如果將Django項目部署到k8s中,需要鏡像,將Django項目打包成鏡像推到鏡像倉庫中
k8s創建pod或者deployment拉取鏡像直接指定鏡像倉庫地址拉取相應的Django鏡像
一、環境准備
| 軟件 | 版本 |
|---|---|
| 操作系統 | CentOS7.5_x64 |
| Docker | 18-ce |
| harbor | 1.10.2 |
| 角色 | IP | 組件 |
|---|---|---|
| Harbor倉庫 | 10.60.128.219 | docker,docker-compose,harbor |
二、安裝Docker
[root@10-60-128-219 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 [root@10-60-128-219 ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo [root@10-60-128-219 ~]# yum install docker-ce-18.06.3.ce-3.el7 [root@10-60-128-219 ~]# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://bc437cce.m.daocloud.io [root@10-60-128-219 ~]# systemctl start docker [root@10-60-128-219 ~]# systemctl enable docker ### 開啟ipv4地址轉發 vim /etc/sysctl.conf net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 vm.swappiness=0 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 ### 使文件生效 sysctl -p
二進制包下載地址:https://github.com/goharbor/harbor/releases/download/v1.10.2/harbor-offline-installer-v1.10.2.tgz
3.1解壓安裝包
[root@10-60-128-219 ~]# cd /data/src/ [root@10-60-128-219 src]# wget https://github.com/goharbor/harbor/releases/download/v1.10.2/harbor-offline-installer-v1.10.2.tgz [root@10-60-128-219 src]# tar zxf harbor-offline-installer-v1.10.2.tgz [root@10-60-128-219 src]#cd harbor
3.2 編輯harbor配置文件
[root@10-60-128-219 src]#scp harbor.yml harbor.yml.bak [root@10-60-128-219 src]#grep -Ev "#|^$" harbor.yml.bak >harbor.yml [root@10-60-128-219 harbor]# cat harbor.yml hostname: 10.60.128.219 http: port: 888 #https: # port: 443 # certificate: /your/certificate/path # private_key: /your/private/key/path harbor_admin_password: Harbor12345 database: password: root123 max_idle_conns: 50 max_open_conns: 100 data_volume: /data/harbor clair: updaters_interval: 12 jobservice: max_job_workers: 10 notification: webhook_job_max_retry: 10 chart: absolute_url: disabled log: level: info local: rotate_count: 50 rotate_size: 200M location: /var/log/harbor _version: 1.10.0 proxy: http_proxy: https_proxy: no_proxy: components: - core - jobservice - clair [root@10-60-128-219 harbor]#
需要更改的地方
#需要更改的地方 hostname: ip port: 8888 harbor_admin_password: 123456 data_volume: /data/harbor
3.3 執行安裝
#在安裝harbor是許諾先安裝docker-compose,否則報錯 [root@10-60-128-219 harbor]# yum install docker-compose -y #安裝harbor(注意命令執行的所在目錄) [root@10-60-128-219 harbor]# ./install.sh
3.4 瀏覽器訪問
http://10.60.128.219:888
用戶:admin
密碼:Harbor
四、 建立鏡像倉庫
這里有2種訪問級別: 公開:任何人都可以直接訪問並下載鏡像 私有:登陸授權后才允許下載鏡像 #注意 如果創建私有倉庫,k8s是不能直接下載的,需要配置安全文件
4.1 創建倉庫cloudops
4.2 所有K8S Node節點建立信任
所有節點都配置docker信任harbor倉庫並重啟docker 注意:所有節點
harbor倉庫節點
#配置信任倉庫 [root@10-60-128-219 ~]# cat /etc/docker/daemon.json {"insecure-registries":["10.60.128.219:888"] } #重啟docker [root@10-60-128-219 ~]# systemctl restart docker 在node1上重啟docker后,如果harbor不正常了,重啟harbor即可 [root@10-60-128-219~]# cd /data/src/harbor [root@10-60-128-219 harbor]# docker-compose restart Restarting harbor-jobservice ... done Restarting nginx ... done Restarting harbor-core ... done Restarting registryctl ... done Restarting registry ... done Restarting harbor-portal ... done Restarting harbor-db ... done Restarting redis ... done Restarting harbor-log ... done
K8S Master 節點
[root@vm-k8s-master ~]# cat /etc/docker/daemon.json { "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, "registry-mirrors": ["http://bc437cce.m.daocloud.io"], "storage-driver": "overlay2", "storage-opts": ["overlay2.override_kernel_check=true"], "insecure-registries":["10.60.128.219:888"], "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "3" } } [root@vm-k8s-master ~]# systemctl restart dockcer
K8S Node節點
[root@vm-k8s-node01~]# cat /etc/docker/daemon.json { "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, "registry-mirrors": ["http://bc437cce.m.daocloud.io"], "storage-driver": "overlay2", "storage-opts": ["overlay2.override_kernel_check=true"], "insecure-registries":["10.60.128.219:888"], "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "3" } } [root@vm-k8s-node01~]# systemctl restart dockcer [root@vm-k8s-node02~]# cat /etc/docker/daemon.json { "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, "registry-mirrors": ["http://bc437cce.m.daocloud.io"], "storage-driver": "overlay2", "storage-opts": ["overlay2.override_kernel_check=true"], "insecure-registries":["10.60.128.219:888"], "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "3" } } [root@vm-k8s-node02~]# systemctl restart dockcer
4.3 docker登陸harbor ( 所有節點 都執行 )
Harbor節點 [root@10-60-128-219 ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345 WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@10-60-128-219 ~]# [root@vm-k8s-master ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345 [root@vm-k8s-node01 ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345 [root@vm-k8s-node02 ~]# docker login 10.60.128.219:888 -u admin -pHarbor12345