搭建企业级私有仓库Harbor

安装需求

python版本 >= 2.7

Docker引擎版本 >= 1.10

docker-compose版本 >= 1.6.0

安装环境

一、Python安装

yum -y install python3

二、Docker上章节中已经安装,不再赘述

三、docker-compose安装

curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

chmod +x /usr/local/bin/docker-compose

四、Harbor安装

## 因为docker 默认不允许http 方式推送镜像,所以要修改docker配置文件,添加以下行,每个k8s节点都要做

vim /etc/docker/daemon.json

...
{

  "insecure-registries": ["https://hub.vfancloud.com"]

}
...

## 每个节点的hosts文件也必须添加此解析,包括你将要访问的windows主机

vim /etc/hosts

...

192.168.152.252 hub.vfancloud.com

...

## 下载harbor,curl和wget都太慢,直接迅雷下的,然后上传到服务器

curl -L https://github.com/goharbor/harbor/releases/download/v1.10.2/harbor-offline-installer-v1.10.2.tgz -o /usr/local/harbor-offline-installer-v1.10.2.tgz

## 解压,编辑配置文件

tar xvf harbor-offline-installer-v1.10.2.tgz

cd harbor/

vim harbor.yml

...

hostname: hub.vfancloud.com  #域名

http:  #协议及端口,若开启了https,则将http自动转发至https

  port: 

https:

  port:

  # The path of cert and key files for nginx

  certificate: /data/cert/server.crt  #证书位置

  private_key: /data/cert/server.key  #私钥位置

database: #数据库密码,可以修改

  password: root123

harbor_admin_password: Harbor12345  #harbor的admin密码

...

—————————————— 生成局域网证书 —————————————————

[root@kubenode2 ~]# mkdir -p /data/cert

[root@kubenode2 ~]# cd /data/cert/

# 生成私钥

[root@kubenode2 cert]# openssl genrsa -des3 -out server.key

Generating RSA private key,  bit long modulus ( primes)

.....................................+++++

...........................+++++

e is  (0x010001)

Enter pass phrase for server.key: 填写密码

Verifying - Enter pass phrase for server.key: 确认密码

# 创建csr证书请求

[root@kubenode2 cert]# openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name ( letter code) [XX]:CN

State or Province Name (full name) []:BJ

Locality Name (eg, city) [Default City]:BJ

Organization Name (eg, company) [Default Company Ltd]:vfancloud

Organizational Unit Name (eg, section) []:vfancloud

Common Name (eg, your name or your server's hostname) []:hub.vfancloud.com

Email Address []:vfan8991@.com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

# 去除私钥的连接密码,harbor是以Nginx当前端,若不去掉密码,则会请求https失败

[root@kubenode2 cert]# cp server.key server.key.org

[root@kubenode2 cert]# openssl rsa -in server.key.org -out server.key

Enter pass phrase for server.key.org:  输入私钥密码

writing RSA key  去除成功

# 证书签名

[root@kubenode2 cert]# openssl x509 -req -days  -in server.csr -signkey server.key -out server.crt

Signature ok

subject=C = CN, ST = BJ, L = BJ, O = vfancloud, OU = vfancloud, CN = hub.vfancloud.com, emailAddress = vfan8991@.com

Getting Private key 签名成功

# 赋予执行权限

[root@kubenode2 cert]# chmod +x ./*

————————————————— 证书生成完毕 —————————————————

[root@kubenode2 harbor]# ./install.sh

 ----Harbor has been installed and started successfully.----

[root@kubenode2 harbor]# docker ps

CONTAINER ID        IMAGE                                 COMMAND                  CREATED             STATUS                             PORTS                                         NAMES

1dcd38feb29d        goharbor/nginx-photon:v1.10.2         "nginx -g 'daemon of…"   34 seconds ago      Up 32 seconds (healthy)            0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp   nginx

063509e49573        goharbor/harbor-jobservice:v1.10.2    "/harbor/harbor_jobs…"   34 seconds ago      Up 32 seconds (healthy)                                                          harbor-jobservice

1c37e61f9479        goharbor/harbor-core:v1.10.2          "/harbor/harbor_core"    35 seconds ago      Up 28 seconds (health: starting)                                                 harbor-core

cf7e7bd46982        goharbor/registry-photon:v1.10.2      "/home/harbor/entryp…"   39 seconds ago      Up 35 seconds (healthy)            5000/tcp                                      registry

977f5ca9214a        goharbor/redis-photon:v1.10.2         "redis-server /etc/r…"   39 seconds ago      Up 35 seconds (healthy)            6379/tcp                                      redis

86fdcb7b988b        goharbor/harbor-registryctl:v1.10.2   "/home/harbor/start.…"   39 seconds ago      Up 35 seconds (healthy)                                                          registryctl

8fc55f981c54        goharbor/harbor-db:v1.10.2            "/docker-entrypoint.…"   39 seconds ago      Up 35 seconds (healthy)            5432/tcp                                      harbor-db

10057d8629a0        goharbor/harbor-portal:v1.10.2        "nginx -g 'daemon of…"   39 seconds ago      Up 35 seconds (healthy)            8080/tcp                                      harbor-portal

8485731461d8        goharbor/harbor-log:v1.10.2           "/bin/sh -c /usr/loc…"   40 seconds ago      Up 38 seconds (healthy)            127.0.0.1:1514->10514/tcp                     harbor-log

测试访问Harbor

1、浏览器输入:https://hub.vfancloud.com/

2、登录,账号为admin,密码为harbor.yml中的 harbor_admin_password 的值

3、可以自己创建一些用户,或者上传一些镜像等

新建Pod测试

## 首先docker login登录仓库

[root@Centos8 rbac]# docker login hub.vfancloud.com
  Username: admin
  Password:

## 启动一个deployment

[root@Centos8 ~]# kubectl run nginx-deployment --image=hub.vfancloud.com/test/myapp:v1 --port= --replicas=

kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.

deployment.apps/nginx-deployment created

## 查看deployment

[root@Centos8 ~]# kubectl get deployment

NAME               READY   UP-TO-DATE   AVAILABLE   AGE

nginx-deployment   /                            8s

## 新建一个deployment会自动创建一个rs

[root@Centos8 ~]# kubectl get rs

NAME                          DESIRED   CURRENT   READY   AGE

nginx-deployment-5bc446d899                            74s

## 再来查看pod

[root@Centos8 ~]# kubectl get pod -o wide

NAME                                READY   STATUS    RESTARTS   AGE   IP           NODE          NOMINATED NODE   READINESS GATES

nginx-deployment-5bc446d899-ndd57   /     Running             81s   10.244.3.6   testcentos7   <none>           <none>

## 测试访问

[root@Centos8 ~]# curl 10.244.3.6

Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

[root@Centos8 ~]# curl 10.244.3.6/hostname.html

nginx-deployment-5bc446d899-ndd57

## 添加副本数

[root@Centos8 ~]# kubectl scale --replicas= deployment/nginx-deployment

deployment.extensions/nginx-deployment scaled

[root@Centos8 ~]# kubectl get pod -o wide

NAME                                READY   STATUS              RESTARTS   AGE     IP           NODE          NOMINATED NODE   READINESS GATES

nginx-deployment-5bc446d899-jsgvf   /     Running                       37s     10.244.3.7   testcentos7   <none>           <none>

nginx-deployment-5bc446d899-lbsfp   /     ContainerCreating             7m32s   <none>       kubenode2     <none>           <none>

nginx-deployment-5bc446d899-v2lrx   /     ContainerCreating             37s     <none>       kubenode2     <none>           <none>

## 创建svc,实现自动的负载均衡

[root@Centos8 ~]# kubectl expose deployment nginx-deployment --port= --target-port=

service/nginx-deployment exposed

[root@Centos8 ~]# kubectl get svc

NAME               TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)     AGE

kubernetes         ClusterIP   10.96.0.1      <none>        /TCP     4d17h

nginx-deployment   ClusterIP   10.96.14.172   <none>        /TCP   7s

[root@Centos8 ~]# curl 10.96.14.172:/hostname.html

nginx-deployment-78d674b868-mqkqf

[root@Centos8 ~]# curl 10.96.14.172:/hostname.html

nginx-deployment-78d674b868-8jdhl

[root@Centos8 ~]# curl 10.96.14.172:/hostname.html

nginx-deployment-78d674b868-jcd42

## 可以使用ipvsadm -Ln来查看当前负载的ip地址

[root@Centos8 ~]# ipvsadm -Ln

TCP  10.96.14.172: rr

  -> 10.244.3.12:               Masq

  -> 10.244.3.13:               Masq

  -> 10.244.3.14:               Masq

测试外网访问

##修改svc TYPE,实现可以外网访问

[root@Centos8 ~]# kubectl edit svc nginx-deployment

service/nginx-deployment edited

[root@Centos8 ~]# grep type /tmp/kubectl-edit-1h3zf.yaml

type: NodePort   #修改此行

## 查看TYPE 已经修改为nodeport

[root@Centos8 ~]# kubectl get svc

NAME               TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)           AGE

kubernetes         ClusterIP   10.96.0.1     <none>        /TCP           3d17h

nginx-deployment   NodePort    10.97.134.6   <none>        :/TCP   16m

## 修改完毕后,进入外网进行测试访问,还是访问不到,后来得知为iptables规则问题

## 将 FORWARD 链放行即可

[root@Centos8 ~]# iptables -P FORWARD ACCEPT

## 测试访问

[root@Centos8 ~]# curl 192.168.152.53:

Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

Kubernetes-5:搭建企业级私有仓库Harbor的更多相关文章

  1. 使用docker搭建“企业级镜像仓库”Harbor

    一.前沿 docker的官方镜像仓库registry,功能比较单一,不太好用,特别是删除镜像操作,不够友好. Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一 ...

  2. Docker学习笔记六:Docker搭建企业级私有仓库

    前言 Docker不仅是一个强大的服务器部署工具,而且它还有一个官方的Docker Hub registry用于储存Docker镜像.上传镜像到Docker Hub是免费的,上传的镜像文件同时也对公共 ...

  3. Docker:企业级私有仓库harbor[十六]

    一.安装配置 1.下载安装包 链接:https://pan.baidu.com/s/1Z9I7zYXSt-8ve3lFT2YCeg 提取码:iuqj 2.安装docker和docker-compose ...

  4. 企业级镜像仓库harbor搭建

    企业级镜像仓库harbor搭建 一.    Harbor概述 VMware公司最近开源了企业级Registry项目Harbor,其的目标是帮助用户迅速搭建一个企业级的Docker registry 服 ...

  5. 菜鸟系列docker——搭建私有仓库harbor(6)

    docker 搭建私有仓库harbor 1. 准备条件 安装docker sudo yum update sudo yum install -y yum-utils device-mapper-per ...

  6. Kubernets二进制安装(5)之私有仓库harbor搭建

    在IP地址为192.168.80.50,机器名为mfyxw50上搭建私有仓库harbor harbor下载地址: harbor下载连接地址:https://github.com/goharbor/ha ...

  7. Docker: 企业级镜像仓库Harbor的使用

    上一节,演示了Harbor的安装部署 这次我们来讲解 Harbor的使用. 我们需要了解到: 1. 如何推镜像到镜像仓库 2. 如何从镜像仓库拉取镜像 3. 如何运行从私有仓库拉取的镜像 # 查看 h ...

  8. 一步步搭建docker私有仓库并从私有仓库中下载镜像

    一步步搭建docker私有仓库 #下载镜像 docker pull registry#查看镜像 docker images #运行私有仓库,指定端口和数据卷 docker run -d -p : -v ...

  9. 搭建docker私有仓库

    保存镜像的地方成为仓库(registry).目前有2种仓库:公共仓库和私有仓库. 最方便的是使用公共仓库上传和下载镜像,下载不需要注册,上传需要到公共仓库注册.公共仓库网站:https://hub.d ...

随机推荐

  1. C - 一个C语言猜字游戏

    下面是一个简陋的猜字游戏,玩了一会儿,发现自己打不过自己写的游戏,除非赢了就跑,最高分没有过1000. 说明:srand(time(NULL))和rand(),srand,time和rand都是函数, ...

  2. PMP各种图比较记忆

    1.控制图:监控过程是否稳定,是否具有可预测的绩效,在问题还未发生时解决.需要关注控制图中的平均值.控制界限.规格界限的含义.控制上.下限一般设为±3个西格玛.过程失控的情况包括数据点在控制界限外,以 ...

  3. 痞子衡嵌入式:一种i.MXRT下从App中进入ROM串行下载模式的方法

    大家好,我是痞子衡,是正经搞技术的痞子.今天痞子衡给大家介绍的是i.MXRT下在App中利用ROM API进ISP/SDP模式的方法. 我们知道i.MXRT系列分为两大阵营:CM33内核的i.MXRT ...

  4. ALGEBRA-2 有限维向量空间

    关键词:张成.线性无关.基.维度 linear span:  V中任意一组向量的span都是V的子空间(对加法和数乘封闭) linear independent 线性无关 https://www.zy ...

  5. C#LeetCode刷题之#589-N叉树的前序遍历(N-ary Tree Preorder Traversal)

    问题 该文章的最新版本已迁移至个人博客[比特飞],单击链接 https://www.byteflying.com/archives/4090 访问. 给定一个 N 叉树,返回其节点值的前序遍历. 例如 ...

  6. Remix+Geth 实现智能合约部署和调用详解

    Remix编写智能合约 编写代码 在线调试 实现部署 调用接口 Geth实现私有链部署合约和调用接口 部署合约 调用合约 获得合约实例 通过实例调用合约接口 Remix编写智能合约 编写代码 Remi ...

  7. 存储系列之 共享文件:链接link

    一.link与unlink的定义 1.link link是Linux文件系统目录管理的一个系统调用,创建一个链接,该链接只是创建一个目录项,上文ext2的介绍中提到过目录项是<文件名,inode ...

  8. 45道Promise面试题

    来看看通过阅读本篇文章要点: Promise的几道基础题 Promise结合setTimeout Promise中的then.catch.finally Promise中的all和race async ...

  9. Python爬取表结构数据---pandas快速获取

    例如: 此形式的表数据,可用pandas获取 首先获取table import requests from lxml import etree import pandas as pd url = 'h ...

  10. 编译原理LR(0)项目集规范族的构造详解

    转载于https://blog.csdn.net/johan_joe_king/article/details/79051993#comments 学编译原理的时候,感觉什么LL(1).LR(0).S ...