Kubernetes+Harbor 自建仓库

来源:转载

注: 由于 Harbor 是基于 Docker Registry V2 版本,所以 docker 版本必须 > = 1.10.0 docker-compose >= 1.6.0


开源项目地址:https://github.com/vmware/harbor


安装
下载

官方下载地址


快速下载:


由于下载实在太慢,我传到了百度网盘,方便国内用户。链接:https://pan.baidu.com/s/1sneDz21密码:sqrz


docker-compose 准备

如果没有docker-compose,则需要先安装


yum install python-pip
pip install docker-compose

docker-compose 基本命令


docker-compose ps #检查运行状态
docker-composeup -d # 后台运行
docker-composestop #关闭
配置
解压
tar -zxvf harbor-offline-installer-v1.2.2.tgz
解压后
[[email protected] harbor]# ll
总用量 527664
drwxr-xr-x 4 root root 37 2月 1 10:01 common
-rw-r--r-- 1 root root1163 10月 20 16:52 docker-compose.clair.yml
-rw-r--r-- 1 root root1988 10月 20 16:52 docker-compose.notary.yml
-rw-r--r-- 1 root root3193 2月 1 10:08 docker-compose.yml
-rw-r--r-- 1 root root4304 10月 20 16:52 harbor_1_1_0_template
-rw-r--r-- 1 root root4338 2月 1 14:28 harbor.cfg
-rw-r--r-- 1 root root 539885476 10月 20 16:56 harbor.v1.2.2.tar.gz
-rwxr-xr-x 1 root root5332 10月 20 16:52 install.sh
-rw-r--r-- 1 root root371640 10月 20 16:52 LICENSE
-rw-r--r-- 1 root root482 10月 20 16:52 NOTICE
-rwxr-xr-x 1 root root 17592 10月 20 16:52 prepare
-rwxr-xr-x 1 root root4550 10月 20 16:52 upgrade
修改配置

初始化配置, 配置文件为harbor.cfg


## Configuration file of Harbor
# hostname 设置访问地址,支持IP,域名,主机名,禁止设置127.0.0.1
# 必须修改!!!
hostname = reg.mydomain.com
# 访问协议,可设置 http,https
ui_url_protocol = http
# 邮件通知, 配置邮件通知。
email_server = smtp.mydomain.com
email_server_port = 25
email_username = [email protected]
email_password = abc
email_from = admin
email_ssl = false
# harbor WEB UI登陆使用的密码
harbor_admin_password = Harbor12345
# 认证方式,这里支持多种认证方式,默认是 db_auth ,既mysql数据库存储认证。
# 这里还支持 ldap 以及 本地文件存储方式。
auth_mode = db_auth
# ldap 服务器访问地址。
ldap_url = ldaps://ldap.mydomain.com
ldap_basedn = uid=%s,ou=people,dc=mydomain,dc=com
# mysql root 账户的 密码
db_password = root123
# 默认密码应该是root,反正root123的时候我登不进去
self_registration = on
use_compressed_js = on
max_job_workers = 3
verify_remote_cert = on
customize_crt = on
# 一些显示的设置.
crt_country = CN
crt_state = State
crt_location = CN
crt_organization = organization
crt_organizationalunit = organizational unit
crt_commonname = example.com
crt_email = [email protected]
更新配置
sh ./prepare
Generated configuration file: ./config/ui/env
Generated configuration file: ./config/ui/app.conf
Generated configuration file: ./config/registry/config.yml
Generated configuration file: ./config/db/env
Generated configuration file: ./config/jobservice/env
Clearing the configuration file: ./config/ui/private_key.pem
Clearing the configuration file: ./config/registry/root.crt
Generated configuration file: ./config/ui/private_key.pem
Generated configuration file: ./config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.

之后会生成一个docker-compose.yml文件,该文件指定挂载目录、启动方式等。


启动设置
修改启动端口,80更改为5000
proxy:
image: vmware/nginx-photon:1.11.13
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
ports:
- 5000:80
- 443:443
- 4443:4443
depends_on:
- mysql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
修改模板
#vim common/templates/registry/config.yml
auth:
token:
issuer: registry-token-issuer
realm: $ui_url:5000/service/token
rootcertbundle: /etc/registry/root.crt
service: token-service
启动
./install.sh

执行完成后检查


[[email protected] harbor]# docker-compose ps
Name Command State Ports
--------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/harbor_adminserverUp
harbor-db docker-entrypoint.sh mysqldUp3306/tcp
harbor-jobservice/harbor/harbor_jobservice Up
harbor-log/bin/sh -c crond && rm -f... Up127.0.0.1:1514->514/tcp
harbor-ui /harbor/harbor_uiUp
nginxnginx -g daemon off;Up0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:5000->80/tcp
registry/entrypoint.sh serve /etc/ ... Up5000/tcp

访问ip:5000 就可以了
默认帐号密码admin/Harbor12345
然后创建用户和项目,注意区分公开还是私有。


应用
镜像推送
docker tag c17babb28223 10.10.30.102:5000/health/spring-eureka:v.0.1
docker push 10.10.30.102:5000/health/spring-eureka:v.0.1

格式如下


c17babb28223 为原镜像
ip:Port/project/name:tag

推送后在Harbor可看到


结合kubernetes
配置docker

CentOS 7 修改一下文件,增加私库地址/etc/sysconfig/docker


INSECURE_REGISTRY='--add-registry 10.10.30.102:5000'

然后重启,检查docker info


docker login 10.10.30.102:5000
#然后输入帐号密码,成功则继续,否则检查
配置secret:
kubectl create secret docker-registry registry-secret --namespace=default /
--docker-server=http://10.10.30.102:5000 --docker-username=myname /
--docker-password=mypassword [email protected]

创建成功


修改yml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: sping-test
spec:
replicas: 1
template:
metadata:
labels:
app: sping-test
spec:
nodeName: centos-minion-2
containers:
- name: sping-test-tomcat
image: 10.10.30.102:5000/health/spring-eureka:v.0.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9091
resources:
limits:
memory: 1024Mi
imagePullSecrets:
- name: registry-secret

注意imagePullSecrets就是指定的授权信息。


测试

pod重启后,自动拉取,日志显示如下



更多参考 Kubernetes+Harbor 自建仓库


分享给朋友:
您可能感兴趣的文章:
随机阅读: