kubernetes&&私有鏡像倉庫部署
固化IP地址
[root@192 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.0.220
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=192.168.0.1
關閉firewalld並禁止自啓動,安裝iptables並清空規則並保存並設置開機自啓
systemctl stop firewalld && systemctl disable firewalld
yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
關閉SELINUX
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
設置時區並重啓與時間有關的服務
# 設置系統時區爲 中國/上海
timedatectl set-timezone Asia/Shanghai
# 將當前的UTC時間寫入硬件時鐘
timedatectl set-local-rtc 0
systemctl restart rsyslog && systemctl restart crond
# 停止並禁止自啓動無關服務
systemctl stop postfix && systemctl disable postfix
安裝docker軟件
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum update -y && yum install -y docker-ce
# 創建目錄
mkdir /etc/docker
# 配置daemon
[root@192 ~]# cat /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
# 定義docker倉庫域名,此處使用insecure-registries可以忽略https證書的安全性繼續訪問
"insecure-registries": ["https://hub.atguigu.com"]
}
# 創建目錄用於存放docker的配置文件
mkdir -p /etc/systemd/system/docker.service.d
systemctl daemon-reload && systemctl restart docker && systemctl enable docker
安裝docker-compose
# 下載
sudo curl -L "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# 授權
sudo chmod +x /usr/local/bin/docker-compose
# 檢測
[root@192 ~]# docker-compose -version
docker-compose version 1.25.0, build 0a186604
離線安裝harbor
yum -y install lrzsz wget
wget https://github.com/goharbor/harbor/releases/download/v1.2.0/harbor-offline-installer-v1.2.0.tgz
tar -zxvf harbor-offline-installer-v1.2.0.tgz
cd /usr/local/harbor
[root@192 harbor]# vim harbor.cfg
# 指定服務域名
hostname = hub.atguigu.com
# 修改爲https協議
ui_url_protocol = https
# 創建存放證書的路徑
[root@192 harbor]# mkdir -p /data/cert/
# 創建https證書及配置相關目錄權限
## 生成私鑰
[root@192 harbor]# cd /data/cert/
[root@192 cert]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
..........+++
..+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
## 請求創建證書的csr
[root@192 cert]# openssl req -new -key server.key -out server.csr
# 輸入與上一步相同的密碼
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
# 輸入國家名
Country Name (2 letter code) [XX]:CN
# 省
State or Province Name (full name) []:BJ
# 市
Locality Name (eg, city) [Default City]:BJ
# 組織
Organization Name (eg, company) [Default Company Ltd]:atguigu
# 機構
Organizational Unit Name (eg, section) []:atguigu
# 完全域名
Common Name (eg, your name or your server's hostname) []:hub.atguigu.com
# 管理員郵箱
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# 備份私鑰
[root@192 cert]# cp server.key server.key.org
# 生成證書
[root@192 cert]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
# 提示私鑰已被抹掉密碼
writing RSA key
# 證書籤名
[root@192 cert]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=BJ/L=BJ/O=atguigu/OU=atguigu/CN=hub.atguigu.com/emailAddress=[email protected]
Getting Private key
# 授權
[root@192 cert]# chmod a+x /data/cert/*
# 腳本安裝harbor
[root@192 cert]# cd /usr/local/harbor
[root@192 harbor]# ./install.sh
--snip--
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating registry ... done
Creating harbor-db ... done
Creating harbor-ui ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://hub.atguigu.com.
For more details, please visit https://github.com/vmware/harbor .
# 安裝完畢
# 客戶端添加hosts"192.168.0.220 hub.atguigu.com",打開網頁,訪問https://hub.atguigu.com檢測
# 用戶名默認:admin,密碼默認:Harbor12345
# 用戶名密碼可通過/usr/local/harbor/harbor.cfg文件進行修改。
docker服務上傳鏡像文件到私有鏡像倉庫
# 此處以更改hosts文件的方式,添加docker倉庫域名與IP的對應關係(所有使用該倉庫的服務器節點均需修改)
echo "192.168.0.220 hub.atguigu.com" >> /etc/hosts
# 登錄 admin : Harbor12345
[root@k8s-master01 ~]# docker login https://hub.atguigu.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
查看推送鏡像命令
# 更改鏡像tag
[root@k8s-master01 ~]# docker tag wangyanglinux/myapp:v1 hub.atguigu.com/library/myapp:v1
# 推送
[root@k8s-master01 ~]# docker push hub.atguigu.com/library/myapp:v1
# 檢測
