怎么搭建Harbor私有倉(cāng)庫(kù)-創(chuàng)新互聯(lián)

搭建Harbor私有倉(cāng)庫(kù)

此時(shí)再開啟一臺(tái)新的虛擬機(jī)：CentOS 7-2  192.168.18.134（可以將網(wǎng)卡設(shè)置為靜態(tài)IP）

從事雅安服務(wù)器托管，服務(wù)器租用，云主機(jī)，網(wǎng)絡(luò)空間，域名注冊(cè)，CDN，網(wǎng)絡(luò)代維等服務(wù)。

`部署docker引擎`
[root@harbor ~]# yum install yum-utils device-mapper-persistent-data lvm2 -y
[root@harbor ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@harbor ~]# yum install -y docker-ce
[root@harbor ~]# systemctl stop firewalld.service
[root@harbor ~]# setenforce 0
[root@harbor ~]# systemctl start docker.service
[root@harbor ~]# systemctl enable docker.service

`檢查相關(guān)進(jìn)程開啟情況`
[root@harbor ~]# ps aux | grep docker
root    4913  0.8  3.6 565612 68884 ?     Ssl  12:23  0:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root    5095  0.0  0.0 112676  984 pts/1   R+  12:23  0:00 grep --color=auto docker

`鏡像加速服務(wù)`
[root@harbor ~]# tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://w1ogxqvl.mirror.aliyuncs.com"]
}
EOF
[root@harbor ~]# systemctl daemon-reload
[root@harbor ~]# systemctl restart docker

`網(wǎng)絡(luò)優(yōu)化部分`
[root@harbor ~]# echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
[root@harbor ~]# service network restart
Restarting network (via systemctl):             [  確定  ]
[root@harbor ~]# systemctl restart docker
----------

[root@harbor ~]# mkdir /aaa
[root@harbor ~]# mount.cifs //192.168.0.105/rpm /aaa
Password for root@//192.168.0.105/rpm:
[root@harbor ~]# cd /aaa/docker/
[root@harbor docker]# cp docker-compose /usr/local/bin/
[root@harbor docker]# cd /usr/local/bin/
[root@harbor bin]# ls
docker-compose
[root@harbor bin]# docker-compose -v
docker-compose version 1.21.1, build 5a3f1a3
[root@harbor bin]# cd /aaa/docker/
[root@harbor docker]# tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
[root@harbor docker]# cd /usr/local/harbor/
[root@harbor harbor]# ls
common           docker-compose.yml   harbor.v1.2.2.tar.gz  NOTICE
docker-compose.clair.yml  harbor_1_1_0_template  install.sh       prepare
docker-compose.notary.yml  harbor.cfg       LICENSE        upgrade

`配置Harbor參數(shù)文件`
[root@harbor harbor]# vim harbor.cfg
5 hostname = 192.168.18.134   #5行改為自己本機(jī)的IP地址
59 harbor_admin_password = Harbor12345    #此行為默認(rèn)賬號(hào)和密碼不要忘記，登陸時(shí)要用
#修改完成后按Esc退出插入模式，輸入:wq保存退出
[root@harbor harbor]# ./install.sh
......此處省略多行
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating harbor-db      ... done
Creating registry      ... done
Creating harbor-ui      ... done
Creating nginx        ... done
Creating harbor-jobservice  ... done
? ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.18.134.
For more details, please visit https://github.com/vmware/harbor .

第一步：登錄Harbor私有倉(cāng)庫(kù)

在宿主機(jī)瀏覽器地址欄中輸入：192.168.18.134，輸入默認(rèn)的賬戶admin，密碼Harbor12345，就可以點(diǎn)擊登錄

第二步：新建項(xiàng)目并設(shè)為私有

在項(xiàng)目界面點(diǎn)擊"+項(xiàng)目"添加新項(xiàng)目，輸入項(xiàng)目名稱，點(diǎn)擊創(chuàng)建，然后點(diǎn)擊新項(xiàng)目左側(cè)的三個(gè)小點(diǎn)，將項(xiàng)目設(shè)為私有

---

兩個(gè)node節(jié)點(diǎn)配置連接私有倉(cāng)庫(kù)（注意后面的逗號(hào)要添加）

`node2節(jié)點(diǎn)`
[root@node2 ~]# vim /etc/docker/daemon.json
{
  "registry-mirrors": ["https://w1ogxqvl.mirror.aliyuncs.com"],   #末尾要有,
  "insecure-registries":["192.168.18.134"]              #添加這行
}
[root@node2 ~]# systemctl restart docker

`node2節(jié)點(diǎn)`
[root@node1 ~]# vim /etc/docker/daemon.json
{
  "registry-mirrors": ["https://w1ogxqvl.mirror.aliyuncs.com"],   #末尾要有,
  "insecure-registries":["192.168.18.134"]              #添加這行
}
[root@node1 ~]# systemctl restart docker

第三步：節(jié)點(diǎn)上登錄harbor私有倉(cāng)庫(kù)

`node2節(jié)點(diǎn)：`
[root@node2 ~]# docker login 192.168.18.134
Username: admin   #輸入賬戶admin
Password:      #輸入密碼：Harbor12345
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded   #此時(shí)成功登錄

`下載tomcat鏡像并打標(biāo)簽推送：``
[root@node2 ~]# docker pull tomcat
......此處省略多行
Status: Downloaded newer image for tomcat:latest
docker.io/library/tomcat:latest
[root@node2 ~]# docker images
REPOSITORY                             TAG         IMAGE ID       CREATED       SIZE
tomcat                               latest        aeea3708743f     3 days ago      529MB
[root@node2 ~]# docker tag tomcat 192.168.18.134/project/tomcat   #打標(biāo)簽的過(guò)程
[root@node2 ~]# docker push 192.168.18.134/project/tomcat      #上傳鏡像

此時(shí)在harbor私倉(cāng)界面就能看到推送上去的tomcat鏡像

---

問(wèn)題：如果我們想使用另一個(gè)節(jié)點(diǎn)node1去拉取私倉(cāng)中的tomcar鏡像就會(huì)出現(xiàn)error報(bào)錯(cuò)，提示被拒絕（也就是需要登陸）

[root@node1 ~]# docker pull 192.168.18.134/project/tomcat
Using default tag: latest
Error response from daemon: pull access denied for 192.168.18.134/project/tomcat, repository does not exist or may require 'docker login': denied: requested access to the resource is denied    #提示出錯(cuò)，缺少倉(cāng)庫(kù)的憑據(jù)

`node1節(jié)點(diǎn)下載tomcat鏡像`
[root@node1 ~]# docker pull tomcat:8.0.52
[root@node1 ~]# docker images
REPOSITORY                             TAG         IMAGE ID       CREATED       SIZE
tomcat                               8.0.52        b4b762737ed4     19 months ago    356MB

---

第四步：master1上操作

[root@master1 demo]# vim tomcat01.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: my-tomcat
spec:
  replicas: 2
  template:
   metadata:
    labels:
     app: my-tomcat
   spec:
    containers:
    - name: my-tomcat
     image: docker.io/tomcat:8.0.52
     ports:
     - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: my-tomcat
spec:
  type: NodePort
  ports:
  - port: 8080
   targetPort: 8080
  selector:
   app: my-tomcat

`創(chuàng)建`
[root@master1 demo]# kubectl create -f tomcat01.yaml
deployment.extensions/my-tomcat created
service/my-tomcat created
`查看資源`
[root@master1 demo]# kubectl get pods,deploy,svc
NAME                   READY  STATUS   RESTARTS  AGE
pod/my-nginx-d55b94fd-kc2gl       1/1   Running  1      2d
pod/my-nginx-d55b94fd-tkr42       1/1   Running  1      2d
`pod/my-tomcat-57667b9d9-8bkns`     1/1   Running  0      84s
`pod/my-tomcat-57667b9d9-kcddv`     1/1   Running  0      84s
pod/mypod                1/1   Running  1      8h
pod/nginx-6c94d899fd-8pf48        1/1   Running  1      3d
pod/nginx-deployment-5477945587-f5dsm  1/1   Running  1      2d23h
pod/nginx-deployment-5477945587-hmgd2  1/1   Running  1      2d23h
pod/nginx-deployment-5477945587-pl2hn  1/1   Running  1      2d23h

NAME                   DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
deployment.extensions/my-nginx      2     2     2       2      2d
`deployment.extensions/my-tomcat`     2     2     2       2      84s
deployment.extensions/nginx        1     1     1       1      8d
deployment.extensions/nginx-deployment  3     3     3       3      2d23h

NAME            TYPE     CLUSTER-IP  EXTERNAL-IP  PORT(S)      AGE
service/kubernetes     ClusterIP  10.0.0.1   <none>     443/TCP      10d
service/my-nginx-service  NodePort   10.0.0.210  <none>     80:40377/TCP   2d
`service/my-tomcat      NodePort   10.0.0.86   <none>     8080:41860/TCP  84s`
service/nginx-service    NodePort   10.0.0.242  <none>     80:40422/TCP   3d10h
#內(nèi)部端口8080，對(duì)外端口41860

[root@master1 demo]# kubectl get ep
NAME        ENDPOINTS                 AGE
kubernetes     192.168.18.128:6443,192.168.18.132:6443  10d
my-nginx-service  172.17.32.4:80,172.17.40.3:80       2d
`my-tomcat      172.17.32.6:8080,172.17.40.6:8080     5m29s`
nginx-service    172.17.40.5:80               3d10h
#此時(shí)my-tomcat被分配到了后面兩個(gè)節(jié)點(diǎn)上去

驗(yàn)證：在宿主機(jī)瀏覽器中輸入192.168.18.148:41860和192.168.18.145:41860這兩個(gè)節(jié)點(diǎn)地址加對(duì)外暴露端口號(hào)，查看是否都可以訪問(wèn)tomcat的主頁(yè)

`驗(yàn)證可以成功訪問(wèn)之后我們先把資源刪除，后面使用私有倉(cāng)庫(kù)中的鏡像進(jìn)行創(chuàng)建`
[root@master1 demo]# kubectl delete -f tomcat01.yaml
deployment.extensions "my-tomcat" deleted
service "my-tomcat" deleted

---

問(wèn)題處理：

`如果遇到處于Terminating狀態(tài)的無(wú)法刪除的資源`
[root@localhost demo]# kubectl get pods
NAME                READY  STATUS     RESTARTS  AGE
my-tomcat-57667b9d9-8bkns     1/1   `Terminating`  0      84s
my-tomcat-57667b9d9-kcddv     1/1   `Terminating`  0      84s

#這種情況下可以使用強(qiáng)制刪除命令
`格式：kubectl delete pod [pod name] --force --grace-period=0 -n [namespace]`

[root@localhost demo]# kubectl delete pod my-tomcat-57667b9d9-8bkns --force --grace-period=0 -n default
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "my-tomcat-57667b9d9-8bkns" force deleted

[root@localhost demo]# kubectl delete pod my-tomcat-57667b9d9-kcddv --force --grace-period=0 -n default
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "my-tomcat-57667b9d9-kcddv" force deleted

[root@localhost demo]# kubectl get pods
NAME                READY  STATUS   RESTARTS  AGE
pod/mypod                1/1   Running  1      8h
pod/nginx-6c94d899fd-8pf48        1/1   Running  1      3d
pod/nginx-deployment-5477945587-f5dsm  1/1   Running  1      2d23h
pod/nginx-deployment-5477945587-hmgd2  1/1   Running  1      2d23h
pod/nginx-deployment-5477945587-pl2hn  1/1   Running  1      2d23h

---

第五步：node1上操作（之前登陸過(guò)Harbor倉(cāng)庫(kù)的節(jié)點(diǎn)）

我們需要先刪除我們之前上傳到私有倉(cāng)庫(kù)的額project/tomcat鏡像

node2中之前打標(biāo)簽的鏡像也需要?jiǎng)h除：

[root@node2 ~]# docker images
REPOSITORY                             TAG         IMAGE ID       CREATED       SIZE
192.168.18.134/project/tomcat                   latest        aeea3708743f     3 days ago      529MB

[root@node2 ~]# docker rmi 192.168.18.134/project/tomcat
Untagged: 192.168.18.134/project/tomcat:latest
Untagged: 192.168.18.134/project/tomcat@sha256:8ffa1b72bf611ac305523ed5bd6329afd051c7211fbe5f0b5c46ea5fb1adba46

---

`鏡像打標(biāo)簽`
[root@node2 ~]# docker tag tomcat:8.0.52 192.168.18.134/project/tomcat
`上傳鏡像到Harbor`
[root@node2 ~]# docker push 192.168.18.134/project/tomcat
#此時(shí)我們就可以在私有倉(cāng)庫(kù)中看到新上傳的鏡像了

`查看登陸憑據(jù)`
[root@node2 ~]# cat .docker/config.json
{
     "auths": {
         "192.168.18.134": {   #訪問(wèn)的IP地址
             "auth": "YWRtaW46SGFyYm9yMTIzNDU="    #驗(yàn)證
         }
     },
     "HttpHeaders": {         #頭部信息
         "User-Agent": "Docker-Client/19.03.5 (linux)"
     }
`生成非換行形式的驗(yàn)證碼`
[root@node2 ~]# cat .docker/config.json | base64 -w 0
ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE4LjEzNCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0= 

特別注意：此時(shí)下載次數(shù)為0，一會(huì)我們使用私有倉(cāng)庫(kù)中的鏡像進(jìn)行資源的創(chuàng)建，那么拉取的過(guò)程必定會(huì)下載鏡像，應(yīng)當(dāng)數(shù)值會(huì)有變化

---

第六步：master1中創(chuàng)建安全組件的yaml文件

[root@master1 demo]# vim registry-pull-secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: registry-pull-secret
data:
  .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE4LjEzNCI6IHsKCQkJImF1dGgiOiAiWVdSdGFXNDZTR0Z5WW05eU1USXpORFU9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy41IChsaW51eCkiCgl9Cn0=
type: kubernetes.io/dockerconfigjson

`創(chuàng)建secret資源`
[root@master1 demo]# kubectl create -f registry-pull-secret.yaml
secret/registry-pull-secret created
`查看secret資源`
[root@master1 demo]# kubectl get secret
NAME          TYPE                  DATA  AGE
default-token-pbr9p   kubernetes.io/service-account-token  3    10d
`registry-pull-secret  kubernetes.io/dockerconfigjson     1    25s`

[root@master1 demo]# vim tomcat01.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: my-tomcat
spec:
  replicas: 2
  template:
   metadata:
    labels:
     app: my-tomcat
   spec:
    imagePullSecrets:       #證書拉取的憑據(jù)
    - name: registry-pull-secret  #名稱
    containers:
    - name: my-tomcat
     image: 192.168.18.134/project/tomcat   #鏡像的下載位置做此修改
     ports:
     - containerPort: 80
......以下省略多行
#修改完成后按Esc退出插入模式，輸入:wq保存退出
`創(chuàng)建tomcat01資源`
[root@master1 demo]# kubectl create -f tomcat01.yaml
deployment.extensions/my-tomcat created
service/my-tomcat created

[root@master1 demo]# kubectl get pods,deploy,svc,ep
NAME                   READY  STATUS   RESTARTS  AGE
pod/my-nginx-d55b94fd-kc2gl       1/1   Running  1      2d1h
pod/my-nginx-d55b94fd-tkr42       1/1   Running  1      2d1h
`pod/my-tomcat-7c5b6db486-bzjlv`     1/1   Running  0      56s
`pod/my-tomcat-7c5b6db486-kw8m4`     1/1   Running  0      56s
pod/mypod                1/1   Running  1      9h
pod/nginx-6c94d899fd-8pf48        1/1   Running  1      3d1h
pod/nginx-deployment-5477945587-f5dsm  1/1   Running  1      3d
pod/nginx-deployment-5477945587-hmgd2  1/1   Running  1      3d
pod/nginx-deployment-5477945587-pl2hn  1/1   Running  1      3d

NAME                   DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
deployment.extensions/my-nginx      2     2     2       2      2d1h
`deployment.extensions/my-tomcat`     2     2     2       2      56s
deployment.extensions/nginx        1     1     1       1      8d
deployment.extensions/nginx-deployment  3     3     3       3      3d

NAME            TYPE     CLUSTER-IP  EXTERNAL-IP  PORT(S)      AGE
service/kubernetes     ClusterIP  10.0.0.1   <none>     443/TCP      10d
service/my-nginx-service  NodePort   10.0.0.210  <none>     80:40377/TCP   2d1h
`service/my-tomcat`     NodePort   10.0.0.235  <none>     8080:43654/TCP  56s
service/nginx-service    NodePort   10.0.0.242  <none>     80:40422/TCP   3d11h
#對(duì)外端口為43654
NAME             ENDPOINTS                 AGE
endpoints/kubernetes     192.168.18.128:6443,192.168.18.132:6443  10d
endpoints/my-nginx-service  172.17.32.4:80,172.17.40.3:80       2d1h
`endpoints/my-tomcat`     172.17.32.6:8080,172.17.40.6:8080     56s
endpoints/nginx-service    172.17.40.5:80               3d11h

接下來(lái)我們需要驗(yàn)證的就是資源加載沒(méi)有任何問(wèn)題的情況下，鏡像資源是否來(lái)自我們的Harbor私有倉(cāng)庫(kù)呢？

這里就需要關(guān)注我們私有倉(cāng)庫(kù)中鏡像的下載數(shù)了

結(jié)果：這時(shí)顯示下載數(shù)由之前的0變?yōu)?，這就說(shuō)明我們創(chuàng)建的兩個(gè)資源鏡像是從私有倉(cāng)庫(kù)中下載的！

我們?cè)偈褂盟拗鳈C(jī)的瀏覽器驗(yàn)證192.168.18.148:43654和192.168.18.145:43654這兩個(gè)節(jié)點(diǎn)地址還是可以訪問(wèn)tomcat的主頁(yè)

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)cdcxhl.cn，海內(nèi)外云服務(wù)器15元起步，三天無(wú)理由+7*72小時(shí)售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國(guó)服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡(jiǎn)單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢(shì)，專為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場(chǎng)景需求。

當(dāng)前文章：怎么搭建Harbor私有倉(cāng)庫(kù)-創(chuàng)新互聯(lián)
網(wǎng)頁(yè)URL：http://muchs.cn/article18/dpspgp.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供手機(jī)網(wǎng)站建設(shè)、關(guān)鍵詞優(yōu)化、企業(yè)建站、網(wǎng)站排名、微信公眾號(hào)、App開發(fā)

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請(qǐng)盡快告知，我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng)，如需處理請(qǐng)聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時(shí)需注明來(lái)源： 創(chuàng)新互聯(lián)