K8S复习（五）：搭建K8S本地 harbor 仓库_软件运维

[root@server4 yum.repos.d]# vim docker.repo [docker] name=docker-ce baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/ gpgcheck=0 [extras] name=extras baseurl=https://mirrors.aliyun.com/centos/7/extras/x86_64/ gpgcheck=0 [root@server4 yum.repos.d]# yum install -y docker-ce [root@server4 yum.repos.d]# systemctl enable --now docker [root@server4 sysctl.d]# vim docker.conf ##打开桥接 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip forward = 1

[root@server4 sysctl.d]# lftp 172.25.31.250 lftp 172.25.31.250:/mnt/pub/docker/harbor> get harbor-offline-installer-v2.4.1.tgz [root@server4 ~]# tar zxf harbor-offline-installer-v2.4.1.tgz [root@server4 harbor]# cp harbor.yml.tmpl harbor.yml [root@server4 harbor]# vim harbor.yml 5 hostname: reg.westos.org 17 certificate: /data/certs/westos.org.crt #证书 18 private_key: /data/certs/westos.org.key 34 harbor_admin_password: westos #管理员密码 47 data_volume: /data #不改 [root@server4 harbor]# mkdir /data/certs -p

[root@server4 sysctl.d]# lftp 172.25.31.250 lftp 172.25.31.250:/mnt/pub/docs/docker/openssl11> get openssl11-1.1.1k-2.el7.x86_64.rpm openssl11-libs-1.1.1k-2.el7.x86_64.rpm [root@server4 ~]# yum install -y openssl* [root@server4 ~]# openssl11 req -newkey rsa:4096 -nodes -sha256 -keyout /data/certs/westos.org.key -addext "subjectAltName = DNS:reg.westos.org" -x509 -days 365 -out /data/certs/westos.org.crt

[root@server4 ~]# vim /etc/hosts 172.25.31.4 server4 reg.westos.org [root@server4 sysctl.d]# lftp 172.25.31.250 lftp 172.25.31.250:/mnt/pub/docker/compose/> get docker-compose-linux-x86_64-v2.2.3 [root@server4 ~]# mv docker-compose-linux-x86_64-v2.2.3 /usr/local/bin/docker-compose [root@server4 ~]# chmod +x /usr/local/bin/docker-compose [root@server4 ~]# docker-compose --help ##检查是否运行

[root@server1 ~]# docker images [root@server1 ~]# docker save registry.aliyuncs.com/google_containers/kube-apiserver:v1.22.9 registry.aliyuncs.com/google_containers/kube-controller-manager:v1.22.9 registry.aliyuncs.com/google_containers/kube-proxy:v1.22.9 registry.aliyuncs.com/google_containers/kube-scheduler:v1.22.9 rancher/mirrored-flannelcni-flannel:v0.17.0 rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.1 registry.aliyuncs.com/google_containers/kube-apiserver:v1.22.2 registry.aliyuncs.com/google_containers/kube-controller-manager:v1.22.2 registry.aliyuncs.com/google_containers/kube-proxy:v1.22.2 registry.aliyuncs.com/google_containers/kube-scheduler:v1.22.2 registry.aliyuncs.com/google_containers/etcd:3.5.0-0 registry.aliyuncs.com/google_containers/coredns:v1.8.4 registry.aliyuncs.com/google_containers/pause:3.5 > /root/k8s.tar

[root@server1 ~]# docker images | grep registry |awk '{print ":"}' | awk -F/ '{system("docker tag "[root@server4 harbor]# /etc/containerd/ [root@server4 containerd]# cp /data/certs/westos.org.crt . [root@server1 ~]# cd /etc/containerd/ [root@server1 containerd]# vim config.toml congig_path = "/etc/containerd/certs.d" [root@server1 containerd]# mkdir certs.d [root@server1 certs.d]# mkdir reg.westos.org [root@server1 reg.westos.org]# scp server4:/data/certs/westos.org.crt . #server2 server3 都要有 ##更改 /etc/hosts 解析（实验环境通过更改 hosts 文件就可以了，如果节点过多可以搭建 DNS ） [root@server1 ~]# systemctl restart containerd.service " reg.westos.org/k8s/""")}' [root@server1 ~]# docker images | grep k8s | awk '{system("docker push "":""")}' [root@server4 reg.westos.org]# mkdir -p /etc/docker/certs.d/reg.westos.org [root@server4 reg.westos.org]# cp /data/certs/westos.org.crt . [root@server4 harbor]# docker login reg.westos.org [root@server4 harbor]# docker images | grep westos | awk '{system("docker push "":""")}'

写在前面：

1、添加 yum 源，安装 docker

2、安装 harbor,修改 yml 文件

3、更新 openssl 版本

4、添加本地解析，安装 docker-compose

5、安装仓库

编辑 7、导出镜像，上传至 harbor 仓库

写在前面：

在工作中，我们可能没有几乎使用外网拉取镜像，为了使实验环境尽量真实，我将在本篇博文中搭建 harbor 仓库来模仿工作环境

1、添加 yum 源，安装 docker

[root@server4 yum.repos.d]# vim docker.repo

[docker]
name=docker-ce
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/
gpgcheck=0
[extras]
name=extras
baseurl=https://mirrors.aliyun.com/centos/7/extras/x86_64/
gpgcheck=0

[root@server4 yum.repos.d]# yum install -y docker-ce
[root@server4 yum.repos.d]# systemctl enable --now docker
[root@server4 sysctl.d]# vim docker.conf        ##打开桥接

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip forward = 1

2、安装 harbor,修改 yml 文件

harbor 下载地址：https://github.com/goharbor/harbor/releases

我本地有，版本低但完全够用

[root@server4 sysctl.d]# lftp 172.25.31.250
lftp 172.25.31.250:/mnt/pub/docker/harbor> get harbor-offline-installer-v2.4.1.tgz

[root@server4 ~]# tar zxf harbor-offline-installer-v2.4.1.tgz
[root@server4 harbor]# cp harbor.yml.tmpl harbor.yml
[root@server4 harbor]# vim harbor.yml

  5 hostname: reg.westos.org
 17   certificate: /data/certs/westos.org.crt    #证书
 18   private_key: /data/certs/westos.org.key
 34 harbor_admin_password: westos                #管理员密码
 47 data_volume: /data                           #不改

[root@server4 harbor]# mkdir /data/certs -p

3、更新 openssl 版本

注意：openssl 版本够用就行

[root@server4 certs]# openssl req --help
#如果版本够用，会有 -addext 选项，若没有此选项则需要升级
#我使用的 rhel7 ，必须升级

openssl11 下载地址：openssl11-1.1.1k-3.el7.x86_64镜像-openssl11-1.1.1k-3.el7.x86_64下载地址-openssl11-1.1.1k-3.el7.x86_64安装教程-阿里巴巴开源镜像站

[root@server4 sysctl.d]# lftp 172.25.31.250
lftp 172.25.31.250:/mnt/pub/docs/docker/openssl11> get openssl11-1.1.1k-2.el7.x86_64.rpm openssl11-libs-1.1.1k-2.el7.x86_64.rpm

[root@server4 ~]# yum install -y openssl*
[root@server4 ~]# openssl11 req -newkey rsa:4096 -nodes -sha256 -keyout /data/certs/westos.org.key -addext "subjectAltName = DNS:reg.westos.org" -x509 -days 365 -out /data/certs/westos.org.crt

4、添加本地解析，安装 docker-compose

[root@server4 ~]# vim /etc/hosts
172.25.31.4 server4 reg.westos.org

[root@server4 sysctl.d]# lftp 172.25.31.250
lftp 172.25.31.250:/mnt/pub/docker/compose/> get docker-compose-linux-x86_64-v2.2.3
[root@server4 ~]# mv docker-compose-linux-x86_64-v2.2.3 /usr/local/bin/docker-compose
[root@server4 ~]# chmod +x /usr/local/bin/docker-compose
[root@server4 ~]# docker-compose --help    ##检查是否运行

5、安装仓库

[root@server4 ~]# cd harbor/
[root@server4 harbor]# ./install.sh --with-chartmuseum --with-trivy
[root@server4 harbor]# docker-compose ps    ##查看启动状态

6、查看仓库

7、导出镜像，上传至 harbor 仓库

[root@server1 ~]# docker images

[root@server1 ~]# docker save registry.aliyuncs.com/google_containers/kube-apiserver:v1.22.9 registry.aliyuncs.com/google_containers/kube-controller-manager:v1.22.9 registry.aliyuncs.com/google_containers/kube-proxy:v1.22.9 registry.aliyuncs.com/google_containers/kube-scheduler:v1.22.9 rancher/mirrored-flannelcni-flannel:v0.17.0 rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.1 registry.aliyuncs.com/google_containers/kube-apiserver:v1.22.2 registry.aliyuncs.com/google_containers/kube-controller-manager:v1.22.2 registry.aliyuncs.com/google_containers/kube-proxy:v1.22.2 registry.aliyuncs.com/google_containers/kube-scheduler:v1.22.2 registry.aliyuncs.com/google_containers/etcd:3.5.0-0 registry.aliyuncs.com/google_containers/coredns:v1.8.4 registry.aliyuncs.com/google_containers/pause:3.5 > /root/k8s.tar

创建新项目

[root@server1 ~]# docker images | grep registry |awk '{print ":"}' | awk -F/ '{system("docker tag "[root@server4 harbor]# /etc/containerd/
[root@server4 containerd]# cp /data/certs/westos.org.crt .
[root@server1 ~]# cd /etc/containerd/
[root@server1 containerd]# vim config.toml 
    congig_path = "/etc/containerd/certs.d"
[root@server1 containerd]# mkdir certs.d
[root@server1 certs.d]# mkdir reg.westos.org
[root@server1 reg.westos.org]# scp server4:/data/certs/westos.org.crt .
#server2  server3 都要有

##更改 /etc/hosts 解析（实验环境通过更改 hosts 文件就可以了，如果节点过多可以搭建 DNS ）
[root@server1 ~]# systemctl restart containerd.service 
" reg.westos.org/k8s/""")}'
[root@server1 ~]# docker images | grep k8s | awk '{system("docker push "":""")}'

[root@server4 reg.westos.org]# mkdir -p /etc/docker/certs.d/reg.westos.org
[root@server4 reg.westos.org]# cp /data/certs/westos.org.crt .
[root@server4 harbor]# docker login reg.westos.org
[root@server4 harbor]# docker images | grep westos | awk '{system("docker push "":""")}'

如果是使用 containerd ，就把证书放在 /etc/containerd/ 中

欢迎分享，转载请注明来源：内存溢出

原文地址: http://outofmemory.cn/yw/926186.html

K8S复习（五）：搭建K8S本地 harbor 仓库

发表评论

评论列表（0条）