目录
写在前面:
1、添加 yum 源,安装 docker
2、安装 harbor,修改 yml 文件
3、更新 openssl 版本
4、添加本地解析,安装 docker-compose
5、安装仓库
编辑 7、导出镜像,上传至 harbor 仓库
写在前面:
在工作中,我们可能没有几乎使用外网拉取镜像,为了使实验环境尽量真实,我将在本篇博文中搭建 harbor 仓库来模仿工作环境
1、添加 yum 源,安装 docker[root@server4 yum.repos.d]# vim docker.repo
[docker]
name=docker-ce
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/
gpgcheck=0
[extras]
name=extras
baseurl=https://mirrors.aliyun.com/centos/7/extras/x86_64/
gpgcheck=0
[root@server4 yum.repos.d]# yum install -y docker-ce
[root@server4 yum.repos.d]# systemctl enable --now docker
[root@server4 sysctl.d]# vim docker.conf ##打开桥接
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip forward = 1
2、安装 harbor,修改 yml 文件
harbor 下载地址:https://github.com/goharbor/harbor/releases
我本地有,版本低但完全够用
[root@server4 sysctl.d]# lftp 172.25.31.250
lftp 172.25.31.250:/mnt/pub/docker/harbor> get harbor-offline-installer-v2.4.1.tgz
[root@server4 ~]# tar zxf harbor-offline-installer-v2.4.1.tgz
[root@server4 harbor]# cp harbor.yml.tmpl harbor.yml
[root@server4 harbor]# vim harbor.yml
5 hostname: reg.westos.org
17 certificate: /data/certs/westos.org.crt #证书
18 private_key: /data/certs/westos.org.key
34 harbor_admin_password: westos #管理员密码
47 data_volume: /data #不改
[root@server4 harbor]# mkdir /data/certs -p
3、更新 openssl 版本
注意:openssl 版本够用就行
[root@server4 certs]# openssl req --help
#如果版本够用,会有 -addext 选项,若没有此选项则需要升级
#我使用的 rhel7 ,必须升级
openssl11 下载地址:openssl11-1.1.1k-3.el7.x86_64镜像-openssl11-1.1.1k-3.el7.x86_64下载地址-openssl11-1.1.1k-3.el7.x86_64安装教程-阿里巴巴开源镜像站
[root@server4 sysctl.d]# lftp 172.25.31.250
lftp 172.25.31.250:/mnt/pub/docs/docker/openssl11> get openssl11-1.1.1k-2.el7.x86_64.rpm openssl11-libs-1.1.1k-2.el7.x86_64.rpm
[root@server4 ~]# yum install -y openssl*
[root@server4 ~]# openssl11 req -newkey rsa:4096 -nodes -sha256 -keyout /data/certs/westos.org.key -addext "subjectAltName = DNS:reg.westos.org" -x509 -days 365 -out /data/certs/westos.org.crt
4、添加本地解析,安装 docker-compose
[root@server4 ~]# vim /etc/hosts
172.25.31.4 server4 reg.westos.org
[root@server4 sysctl.d]# lftp 172.25.31.250
lftp 172.25.31.250:/mnt/pub/docker/compose/> get docker-compose-linux-x86_64-v2.2.3
[root@server4 ~]# mv docker-compose-linux-x86_64-v2.2.3 /usr/local/bin/docker-compose
[root@server4 ~]# chmod +x /usr/local/bin/docker-compose
[root@server4 ~]# docker-compose --help ##检查是否运行
5、安装仓库
[root@server4 ~]# cd harbor/
[root@server4 harbor]# ./install.sh --with-chartmuseum --with-trivy
[root@server4 harbor]# docker-compose ps ##查看启动状态
6、查看仓库
7、导出镜像,上传至 harbor 仓库[root@server1 ~]# docker images
[root@server1 ~]# docker save registry.aliyuncs.com/google_containers/kube-apiserver:v1.22.9 registry.aliyuncs.com/google_containers/kube-controller-manager:v1.22.9 registry.aliyuncs.com/google_containers/kube-proxy:v1.22.9 registry.aliyuncs.com/google_containers/kube-scheduler:v1.22.9 rancher/mirrored-flannelcni-flannel:v0.17.0 rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.1 registry.aliyuncs.com/google_containers/kube-apiserver:v1.22.2 registry.aliyuncs.com/google_containers/kube-controller-manager:v1.22.2 registry.aliyuncs.com/google_containers/kube-proxy:v1.22.2 registry.aliyuncs.com/google_containers/kube-scheduler:v1.22.2 registry.aliyuncs.com/google_containers/etcd:3.5.0-0 registry.aliyuncs.com/google_containers/coredns:v1.8.4 registry.aliyuncs.com/google_containers/pause:3.5 > /root/k8s.tar
创建新项目
[root@server1 ~]# docker images | grep registry |awk '{print ":"}' | awk -F/ '{system("docker tag "[root@server4 harbor]# /etc/containerd/
[root@server4 containerd]# cp /data/certs/westos.org.crt .
[root@server1 ~]# cd /etc/containerd/
[root@server1 containerd]# vim config.toml
congig_path = "/etc/containerd/certs.d"
[root@server1 containerd]# mkdir certs.d
[root@server1 certs.d]# mkdir reg.westos.org
[root@server1 reg.westos.org]# scp server4:/data/certs/westos.org.crt .
#server2 server3 都要有
##更改 /etc/hosts 解析(实验环境通过更改 hosts 文件就可以了,如果节点过多可以搭建 DNS )
[root@server1 ~]# systemctl restart containerd.service
" reg.westos.org/k8s/""")}'
[root@server1 ~]# docker images | grep k8s | awk '{system("docker push "":""")}'
[root@server4 reg.westos.org]# mkdir -p /etc/docker/certs.d/reg.westos.org
[root@server4 reg.westos.org]# cp /data/certs/westos.org.crt .
[root@server4 harbor]# docker login reg.westos.org
[root@server4 harbor]# docker images | grep westos | awk '{system("docker push "":""")}'
如果是使用 containerd ,就把证书放在 /etc/containerd/ 中
欢迎分享,转载请注明来源:内存溢出
评论列表(0条)