一、环境
【互联网解析域名】docker.gayj.cn
#互联网绑定解析
192.168.4.204和docker.gayj.cn
【本地域名】
#修改hosts文件
echo “192.168.4.204 docker.gayj.cn ” >> /etc/hosts
#修改本地hosts文件
C:\Windows\System32\drivers\etc\hosts
加入:192.168.4.204 docker.gayj.cn
二、部署docker
#关闭防火墙和seliunx
systemctl stop firewalld
systemctl disable firewalld
# 关闭selinux
sed -i ‘s/enforcing/disabled/’ /etc/selinux/config
# 永久 setenforce 0 # 临时
#卸载旧版本的源
sudo yum -y remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
#安装源。yum-utils提供了yum-config-manager 效用,并device-mapper-persistent-data和lvm2由需要 devicemapper存储驱动程序。
sudo yum -y install yum-utils
#使用阿里源
sudo yum-config-manager –add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#安装docker-ce
sudo yum -y install docker-ce docker-ce-cli containerd.io
#配置加速源
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
#启动docker加入开机启动
sudo systemctl restart docker
sudo systemctl enable docker
三、部署docker-compose
#下载最新版的docker-compose文件
curl -L https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
#添加可执行权限
chmod +x /usr/local/bin/docker-compose
#验证版本
docker-compose -v
四、生成证书
#创建证书目录
mkdir -p /data/cert/ cd /data/cert/
#生成根证书
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt -subj “/C=CN/L=Shanghai/O=harbor/CN=harbor-registry”
#生成一个证书签名, 设置访问域名为
docker.gayj.cn openssl req -newkey rsa:4096 -nodes -sha256 -keyout docker.gayj.cn.key -out server.csr -subj “/C=CN/L=Shanghai/O=harbor/CN=docker.gayj.cn”
#生成主机证书
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out docker.gayj.cn.crt
五、部署harbor
1)安装harbor
#获取Harbor软件包
wget -c https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz
#解压
tar -xf harbor-offline-installer-v1.7.1.tgz -C /usr/local/
cd /usr/local/harbor
2)需要编辑编辑修改的配置文件
[root@VM_0_7_centos harbor]# cat /usr/local/harbor/harbor.cfg
# 本机外网IP或域名,该地址供用户通过UI进行访问,不要使用127.0.0.1
hostname = docker.gayj.cn
# 用户访问私仓时使用的协议,默认时http,配置成https
ui_url_protocol = https
# 指定mysql数据库管理员密码,可修改
db_password = root123
# harbor的管理员账户密码,可修改
harbor_admin_password:*****
# 设置证书文件路径
ssl_cert = /data/cert/docker.gayj.cn.crt
# 设置证书密钥文件路径
ssl_cert_key = /data/cert/docker.gayj.cn.key
####其他配置选项按需填写即可
3)启动harbor
#进入harbor目录中
cd /usr/local/harbor/
#执行修改过后的配置文件生效
./prepare
#执行安装脚本
./install.sh
#安装成功后查看
docker-compose ps
六、配置docker实现镜像上传下载
#每台使用harbor的机器都需要增加
cat >>/etc/docker/daemon.json<<EOF
{“registry-mirrors”: [“https://docker.gayj.cn”]}
EOF
#每台使用harbor的机器都需要创建ca认证目录
mkdir -p /etc/docker/certs.d/docker.gayj.cn
#拷贝ca文件
cp /data/cert/ca.crt /etc/docker/certs.d/docker.gayj.cn/
ll /data/cert/ca.crt /etc/docker/certs.d/docker.gayj.cn/
#重启docker
systemctl daemon-reload
systemctl restart docker.service
#将传送到其他虚拟主机
scp -r /data/cert/ca.crt root@192.168.4.116:/etc/docker/certs.d/docker.gayj.cn/
scp -r /data/cert/ca.crt root@192.168.4.115:/etc/docker/certs.d/docker.gayj.cn/
七、验证harbor仓库
访问域名:https://docker.gayj.cn/
默认账号:admin
默认密码:******
创建一个名字为jiawencha的私有仓库
八、检测仓库
1)打包上传
#下载nginx
docker pull nginx
#将nginx镜像打包
docker tag nginx docker.gayj.cn/jiawenchao/mynginx:latest
#私有仓库需要上传前需要登录
docker login -u admin -p Harbor12345 docker.gayj.cn
#将nginx镜像上传
docker push docker.gayj.cn/jiawenchao/mynginx:latest
#下载tomcat
docker pull tomcat
#将Tomcat打包
docker tag tomcat docker.gayj.cn/jiawenchao/mytomcat:v1
#将tomcat上传
docker push docker.gayj.cn/jiawenchao/mytomcat:v1
2)登录web页面查看
登录 WEB页面查看Tomcat和nginx镜像
九、其他服务器使用仓库
#如果是互联网域名解析则不需要加入,如果局域网则加入
echo “192.168.4.204 docker.gayj.cn ” >> /etc/hosts
#将私有仓库地址写入
cat >>/etc/docker/daemon.json<<EOF
{“registry-mirrors”: [“https://docker.gayj.cn”]}
EOF
#创建ca认证目录
mkdir -p /etc/docker/certs.d/docker.gayj.cn
#ca文件上传
cd /etc/docker/certs.d/docker.gayj.cn/
rz ca.crt
ll /data/cert/ca.crt /etc/docker/certs.d/docker.gayj.cn/
#重启docker
systemctl daemon-reload
systemctl restart docker.service
#############################################################
注意:
1、如果docker需要访问自己搭建的仓库需要每个docker的daemon.json修改
2、拷贝ca.crt 到docker对应的目录文件下
十、通过k8s使用
#在k8s的master端创建 test.yaml
mkdir -p harbor
cat >>/opt/harbor/test.yaml << EOF
apiVersion: v1
kind: Service
metadata:
labels:
app: mynginx-service
name: mynginx-service
spec:
ports:
– name: 80-80
port: 80
protocol: TCP
targetPort: 80
selector:
run: mynginx
type: ClusterIP
—
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
labels:
run: mynginx
name: mynginx
spec:
selector:
matchLabels:
run: mynginx
template:
metadata:
labels:
run: mynginx
spec:
containers:
– image: docker.gayj.cn/jiawenchao/mynginx:latest #harbor仓库地址
imagePullPolicy: Always
name: mynginx
EOF
#
#创建test.yaml,观察是否启动成功mynginx
kubectl apply -f /opt/harbor/test.yaml
#查看发现并未启动成功
[root@k8s-master1 harbor]# kubectl get pods,svc,ep
|NAME READY STATUS RESTARTS AGE
pod/myapp-deploy-66b4b4597-zftsx 1/1 Running 1 7h49m
pod/mynginx-bkj45 0/1 ImagePullBackOff 0 2m37s
pod/mynginx-j5vdn 0/1 ImagePullBackOff 0 2m37s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 5d1h
service/myapp ClusterIP 10.0.0.45 <none> 80/TCP 7h49m
service/mynginx-service ClusterIP 10.0.0.234 <none> 80/TCP 2m37s
service/tomcat ClusterIP 10.0.0.250 <none> 8080/TCP,8009/TCP 7h30m
NAME ENDPOINTS AGE
endpoints/kubernetes 192.168.4.114:6443 5d1h
endpoints/myapp 10.244.0.10:80,10.244.0.13:80,10.244.1.14:80 + 2 more… 7h49m
endpoints/mynginx-service 2m37s
endpoints/tomcat 10.244.0.12:8080,10.244.0.9:8080,10.244.1.13:8080 + 3 more… 7h30m
#将启动nginx删除
kubectl delete -f /opt/harbor/test.yaml
配置一个私有仓库harbor的secret:
kubectl create secret docker-registry registry-secret –namespace=default \
–docker-server=https://docker.gayj.cn –docker-username=admin \
–docker-password=Harbor12345
部署时指定imagePullSecrets, 修改在上面的yaml中添加这个选项:
cat >>/opt/harbor/test.yaml << EOF
apiVersion: v1
kind: Service
metadata:
labels:
app: mynginx-service
name: mynginx-service
spec:
ports:
– name: 80-80
port: 80
protocol: TCP
targetPort: 80
selector:
run: mynginx
type: ClusterIP
—
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
labels:
run: mynginx
name: mynginx
spec:
selector:
matchLabels:
run: mynginx
template:
metadata:
labels:
run: mynginx
spec:
containers:
– image: docker.gayj.cn/jiawenchao/mynginx:latest #harbor仓库地址
imagePullPolicy: Always
name: mynginx
imagePullSecrets: #部署时指定imagePullSecrets
– name: registry-secret
EOF
#创建test.yaml,观察是否启动成功mynginx
kubectl apply -f /opt/harbor/test.yaml
#查看是否启动成功
[root@k8s-master1 harbor]# kubectl get pods,svc,ep
NAME READY STATUS RESTARTS AGE
pod/myapp-deploy-66b4b4597-zftsx 1/1 Running 1 7h53m
pod/mynginx-7v745 1/1 Running 0 32s #说明启动成功
pod/mynginx-rsnwn 1/1 Running 0 32s #说明启动成功
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 5d1h
service/myapp ClusterIP 10.0.0.45 <none> 80/TCP 7h53m
service/mynginx-service ClusterIP 10.0.0.219 <none> 80/TCP 32s
service/tomcat ClusterIP 10.0.0.250 <none> 8080/TCP,8009/TCP 7h33m
NAME ENDPOINTS AGE
endpoints/kubernetes 192.168.4.114:6443 5d1h
endpoints/myapp 10.244.0.10:80,10.244.0.13:80,10.244.1.14:80 + 2 more… 7h53m
endpoints/mynginx-service 10.244.0.17:80,10.244.1.18:80 33s
endpoints/tomcat 10.244.0.12:8080,10.244.0.9:8080,10.244.1.13:8080 + 3 more… 7h33m
#去node节点访问IP地址
[root@k8s-node1 ~]# curl -I 10.0.0.219
HTTP/1.1 200 OK
Server: nginx/1.19.1
Date: Sun, 12 Jul 2020 14:00:21 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 07 Jul 2020 15:52:25 GMT
Connection: keep-alive
ETag: “5f049a39-264”
Accept-Ranges: bytes
#查看的详细描述
[root@k8s-master1 harbor]# kubectl describe daemonset mynginx
Name: mynginx
Selector: run=mynginx
Node-Selector: <none>
Labels: run=mynginx
Annotations: deprecated.daemonset.template.generation: 1
kubectl.kubernetes.io/last-applied-configuration:
{“apiVersion”:”extensions/v1beta1″,”kind”:”DaemonSet”,”metadata”:{“annotations”:{},”labels”:{“run”:”mynginx”},”name”:”mynginx”,”namespace”…
Desired Number of Nodes Scheduled: 2
Current Number of Nodes Scheduled: 2
Number of Nodes Scheduled with Up-to-date Pods: 2
Number of Nodes Scheduled with Available Pods: 2
Number of Nodes Misscheduled: 0
Pods Status: 2 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
Labels: run=mynginx
Containers:
mynginx:
Image: docker.gayj.cn/jiawenchao/mynginx:latest
Port: <none>
Host Port: <none>
Environment: <none>
Mounts: <none>
Volumes: <none>
Events:
Type Reason Age From Message
—- —— —- —- ——-
Normal SuccessfulCreate 6m54s daemonset-controller Created pod: mynginx-7v745
Normal SuccessfulCreate 6m54s daemonset-controller Created pod: mynginx-rsnw
本人原创,转发附上链接,如果有问题可以联系我微信:jiawenchao666666
- 本文固定链接: https://www.gayj.cn/?p=743
- 转载请注明: https://www.gayj.cn/