Kubernetes集群中部署私有库harbor
来源:互联网 发布:jsp与javascript的区别 编辑:程序博客网 时间:2024/06/05 22:47
私有仓库harbor部署
使用 docker-compose
部署 harbor 私有仓库的步骤,你也可以使用 docker 官方的 registry 镜像部署私有仓库。
环境变量
harbor用到的变量。
$ export NODE_IP=10.50.101.74 # 当前部署 harbor 的节点 IP$
部署所需文件
docker-compose文件
从 docker-compose 发布页面下载最新的 docker-compose
二进制文件
$ wget https://github.com/docker/compose/releases/download/1.16.1/docker-compose-Linux-x86_64$ mv ~/docker-compose-Linux-x86_64 /usr/local/bin/docker-compose$ chmod a+x /usr/local/bin/docker-compose$
harbor文件
你也可以从 harbor 发布页面下载最新的 harbor 离线安装包
$ wget --continue https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-offline-installer-v1.2.0.tgz$ tar -xzvf harbor-offline-installer-v1.2.0.tgz$ cd harbor$
导入镜像
导入离线安装包中 harbor 相关的 docker images。
$ docker load -i harbor.v1.2.0.tar.gz$
创建harbor服务器使用的TLS证书
创建 harbor 证书签名请求:
$ cat > harbor-csr.json <<EOF{ "CN": "harbor", "hosts": [ "127.0.0.1", "$NODE_IP" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "BeiJing", "L": "BeiJing", "O": "k8s", "OU": "System" } ]}EOF
- hosts 字段指定授权使用该证书的当前部署节点 IP,如果后续使用域名访问 harbor则还需要添加域名;
生成 harbor 证书和私钥:
$ cfssl gencert -ca=/etc/kubernetes/ssl/ca.pem \ -ca-key=/etc/kubernetes/ssl/ca-key.pem \ -config=/etc/kubernetes/ssl/ca-config.json \ -profile=kubernetes harbor-csr.json | cfssljson -bare harbor$ ls harbor*harbor.csr harbor-csr.json harbor-key.pem harbor.pem$ sudo mkdir -p /etc/harbor/ssl$ sudo mv harbor*.pem /etc/harbor/ssl$ rm harbor.csr harbor-csr.json
修改 harbor.cfg 文件
$ diff harbor.cfg.orig harbor.cfg5c5< hostname = reg.mydomain.com---> hostname = 10.50.101.749c9< ui_url_protocol = http---> ui_url_protocol = https24,25c24,25< ssl_cert = /data/cert/server.crt< ssl_cert_key = /data/cert/server.key---> ssl_cert = /etc/harbor/ssl/harbor.pem> ssl_cert_key = /etc/harbor/ssl/harbor-key.pem
- 注意不要修改data路径,并且一定要将data路径修改为可读写
sudo chmod a+x /data && sudo chown ${USERGROUP}:${USER} /data
上面命令做了修改可读写权限,并且修改了那个目录下属于那个用户组的那个用户的权限。
加载和启动 harbor 镜像
$ ./install.sh[Step 0]: checking installation environment ...Note: docker version: 17.04.0Note: docker-compose version: 1.12.0[Step 1]: loading Harbor images ...Loaded image: vmware/harbor-adminserver:v1.2.0Loaded image: vmware/harbor-ui:v1.2.0Loaded image: vmware/harbor-log:v1.2.0Loaded image: vmware/harbor-jobservice:v1.2.0Loaded image: vmware/registry:photon-2.6.0Loaded image: vmware/harbor-notary-db:mariadb-10.1.10Loaded image: vmware/harbor-db:v1.2.0Loaded image: vmware/nginx:1.11.5-patchedLoaded image: photon:1.0Loaded image: vmware/notary-photon:server-0.5.0Loaded image: vmware/notary-photon:signer-0.5.0[Step 2]: preparing environment ...Generated and saved secret to file: /data/secretkeyGenerated configuration file: ./common/config/nginx/nginx.confGenerated configuration file: ./common/config/adminserver/envGenerated configuration file: ./common/config/ui/envGenerated configuration file: ./common/config/registry/config.ymlGenerated configuration file: ./common/config/db/envGenerated configuration file: ./common/config/jobservice/envGenerated configuration file: ./common/config/jobservice/app.confGenerated configuration file: ./common/config/ui/app.confGenerated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crtThe configuration files are ready, please use docker-compose to start the service.[Step 3]: checking existing instance of Harbor ...[Step 4]: starting Harbor ...Creating network "harbor_harbor" with the default driverCreating harbor-logCreating registryCreating harbor-adminserverCreating harbor-dbCreating harbor-uiCreating harbor-jobserviceCreating nginx✔ ----Harbor has been installed and started successfully.----Now you should be able to visit the admin portal at https://10.50.101.74.For more details, please visit https://github.com/vmware/harbor .
访问管理界面
浏览器访问 https://${NODE_IP}
,示例的是 https://10.50.101.74
用账号 admin
和 harbor.cfg 配置文件中的默认密码 Harbor12345
登陆系统。
harbor 运行时产生的文件、目录
$ # 日志目录$ ls /var/log/harbor/2017-10-16/adminserver.log jobservice.log mysql.log proxy.log registry.log ui.log$ # 数据目录,包括数据库、镜像仓库$ ls /data/ca_download config database job_logs registry secretkey
- 如果启动异常,可以看看对应的日子信息去发现到底是什么问题。 +
docker客户端登陆
将签署 harbor 证书的 CA 证书拷贝到 /etc/docker/certs.d/10.50.101.74
目录下
$ sudo mkdir -p /etc/docker/certs.d/10.50.101.74$ sudo cp /etc/kubernetes/ssl/ca.pem /etc/docker/certs.d/10.50.101.74/ca.crt$
登陆 harbor
$ docker login 10.50.101.74Username: adminPassword:
认证信息自动保存到 ~/.docker/config.json
文件。
harbor启动和关闭
下列操作的工作目录均为 解压离线安装文件后生成的harbor目录。
$ # 停止 harbor$ docker-compose down -v$ # 修改配置$ vim harbor.cfg$ # 更修改的配置更新到 docker-compose.yml 文件[app@localhost harbor]# ./prepareClearing the configuration file: ./common/config/ui/app.confClearing the configuration file: ./common/config/ui/envClearing the configuration file: ./common/config/ui/private_key.pemClearing the configuration file: ./common/config/db/envClearing the configuration file: ./common/config/registry/root.crtClearing the configuration file: ./common/config/registry/config.ymlClearing the configuration file: ./common/config/jobservice/app.confClearing the configuration file: ./common/config/jobservice/envClearing the configuration file: ./common/config/nginx/cert/admin.pemClearing the configuration file: ./common/config/nginx/cert/admin-key.pemClearing the configuration file: ./common/config/nginx/nginx.confClearing the configuration file: ./common/config/adminserver/envloaded secret from file: /data/secretkeyGenerated configuration file: ./common/config/nginx/nginx.confGenerated configuration file: ./common/config/adminserver/envGenerated configuration file: ./common/config/ui/envGenerated configuration file: ./common/config/registry/config.ymlGenerated configuration file: ./common/config/db/envGenerated configuration file: ./common/config/jobservice/envGenerated configuration file: ./common/config/jobservice/app.confGenerated configuration file: ./common/config/ui/app.confGenerated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crtThe configuration files are ready, please use docker-compose to start the service.$ # 启动 harbor[app@localhost harbor]# docker-compose up -d
阅读全文
0 0
- Kubernetes集群中部署私有库harbor
- Kubernetes集群中部署dashboard
- VMWare Harbor 在 Kubernetes 上的部署
- [Kubernetes]Kubernetes集群和Docker私有库搭建(CentOS 7)
- 【转】Harbor 私有仓库简单部署
- kubernetes集群中部署kube-ui
- kubernetes集群中部署kube-ui
- <转>kubernetes集群中部署kube-ui
- Kubernetes集群中部署Node节点
- China Azure中部署Kubernetes(K8S)集群
- 在Kubernetes集群中部署Heapster
- Kubernetes如何使用Harbor作为私有镜像仓库
- kubernetes集群部署
- kubernetes-ubuntu集群部署
- 部署kubernetes集群
- Centos7部署Kubernetes集群
- Kubernetes集群部署
- Centos7部署Kubernetes集群
- 【转】如何使用应用日志(Application Log)
- Unity启动外部程序(Process)
- 身份证、银行卡 js正则校验
- java的基本语言元素--运算符
- 谷歌面试题(3)
- Kubernetes集群中部署私有库harbor
- 箭头函数几个模版例子(便于自己查询)
- SqlMapConfig.xml模板(分页)
- java Reader的使用
- div section article
- 自定义View不能显示?来看看Studio怎么说!
- jQuery知识总结
- Java大数类排序
- 20个非常有用的Java程序片段