參考1:https://blog.csdn.net/weixin_45308292/article/details/107248788
參考2:https://www.cnblogs.com/linanjie/p/13912017.html
參考3:https://www.cnblogs.com/fuyuteng/p/15242621.html
- 下載:https://github.com/goharbor/harbor/releases
或者網(wǎng)盤:
image.png
tar -zxvf harbor-offline-installer-v2.5.0.tgz
- 修改配置
- harbor.yml:
hostname: 192.168.16.144
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 7129
# https related config
#https:
# https port for harbor, default is 443
# port: 443
-
修改數(shù)據(jù)存儲(chǔ)地方:
image.png
- 啟動(dòng)Harbor
修改完配置文件后惩激,在的當(dāng)前目錄執(zhí)行./install.sh,Harbor服務(wù)就會(huì)根據(jù)當(dāng)期目錄下的docker-compose.yml開始下載依賴的鏡像,檢測(cè)并按照順序依次啟動(dòng)各個(gè)服務(wù)
#修改配置后要執(zhí)行贬丛,不然不生效
./prepare
#啟動(dòng)
sudo ./install.sh
- 若提示docker版本問(wèn)題
wget "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -O /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
- 輸入賬戶密碼進(jìn)入 默認(rèn)賬號(hào)/密碼:admin/Harbor12345
http://192.168.16.144:7129/
- 修改daemon配置(
k8s每個(gè)節(jié)點(diǎn)都需執(zhí)行):
vi /etc/docker/daemon.json
- 配置:
{
"registry-mirrors": ["https://dockerhub.azk8s.cn","https://quay.azk8s.cn"],
"insecure-registries": ["10.244.0.0/18","10.244.64.0/18","192.168.0.0/18","192.168.16.144:7129"],
"max-concurrent-downloads": 10,
"log-driver": "json-file",
"log-level": "warn",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"data-root": "/var/lib/docker",
"exec-opts": ["native.cgroupdriver=systemd"],
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
- 或
{
"insecure-registries": ["192.168.16.144:7129"]
}
- 重啟docker:
systemctl daemon-reload
systemctl restart docker
- 登錄
k8s每個(gè)節(jié)點(diǎn)都需執(zhí)行
docker login -u admin -p Harbor12345 192.168.16.144:7129
#可查看
cat ~/.docker/config.json
- harbor停掉搂捧、啟動(dòng)
#查看harbor
docker-compose ps
#停掉harbor
docker-compose down -v
#啟動(dòng)qharbor
docker-compose up -d
- 基于現(xiàn)有Docker憑據(jù)創(chuàng)建secret
注意命名空間
kubectl create secret generic harborsecret \
--from-file=.dockerconfigjson=/root/.docker/config.json \
--type=kubernetes.io/dockerconfigjson
注意:主要修改紅色部分贸营。
harborsecret 表示key名
/root/.docker/config.json 表示docker認(rèn)證文件骆捧,注意要寫絕對(duì)路徑岖常。
- 查看內(nèi)容
注意命名空間
kubectl get secrets -n hips-dev harborsecret -n hips-dev --output="jsonpath={.data.\.dockerconfigjson}" | base64 -d
- 應(yīng)用pod yaml配置文件添加:添加在
containers:下侍筛,每個(gè)pod都需添加
dnsPolicy: ClusterFirst
#添加內(nèi)容 start
imagePullSecrets:
- name: harborsecret
#添加內(nèi)容 end
restartPolicy: Always
image.png
