一 :整體工作流程
工作機(jī)制.jpg
注意:這里為了清晰將docker 的客戶端和服務(wù)端(docker daemon)分開了否副,實(shí)際一般都在一臺(tái)機(jī)器上。當(dāng)然也有分開部署的。
docker 客戶端通過命令(api)向docker server 發(fā)送請求奋渔,docker server 與私有倉庫交互完成用戶的請求祖很,docker push / pull
二 :安裝部署
2.1 安裝docker
這里為了后面的k8s 集群安裝 ,安裝docker 18.06版本颇蜡。
1.安裝yum-utils (如有可省略)
yum install -y yum-utils
2.設(shè)置 docker yum 源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
- 版本預(yù)覽&安裝
yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce-18.06.1.ce-3.el7
4.啟動(dòng)&設(shè)置開機(jī)啟動(dòng)
systemctl start docker
systemctl enable docker
5.查看docker 版本
docker version
[root@k8s-node1 docker]# docker version
Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:23:03 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:25:29 2018
OS/Arch: linux/amd64
Experimental: false
3.1 Harbor 安裝
1.Harbor 鏡像 依賴 docker-compose 管理
上GitHub下載最新的release版本https://github.com/vmware/harbor/releases
docker-compose 版本 :https://github.com/docker/compose/releases/
這里下載的是
v1.7.1
下載 Harbor online installer
-rw-r--r--. 1 root root 381 2月 27 17:15 1
-rw-------. 1 root root 1423 8月 28 2018 anaconda-ks.cfg
drwxr-xr-x. 3 root root 251 2月 28 11:56 harbor
-rw-r--r--. 1 root root 163595 2月 28 14:37 harbor-online-installer-v1.7.1.tgz
- 解壓得到harbor
tar -zxvf harbor-online-installer-v1.7.1.tgz
3.進(jìn)行最簡單配置
cd harbor
-rw-r--r--. 1 root root 238 2月 28 11:56 1
drwxr-xr-x. 4 root root 37 2月 27 17:23 common
-rw-r--r--. 1 root root 939 1月 7 13:53 docker-compose.chartmuseum.yml
-rw-r--r--. 1 root root 975 1月 7 13:53 docker-compose.clair.yml
-rw-r--r--. 1 root root 1434 1月 7 13:53 docker-compose.notary.yml
-rw-r--r--. 1 root root 5608 1月 7 13:53 docker-compose.yml
-rw-r--r--. 1 root root 8031 2月 28 11:49 harbor.cfg
-rwxr-xr-x. 1 root root 5739 1月 7 13:53 install.sh
-rw-r--r--. 1 root root 11347 1月 7 13:53 LICENSE
-rw-r--r--. 1 root root 748160 1月 7 13:53 open_source_license
-rwxr-xr-x. 1 root root 36337 1月 7 13:53 prepare
#配置 harbor.cfg
vim harbor.cfg
#設(shè)置hostname
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version = 1.7.0
#The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
#DO NOT comment out this line, modify the value of "hostname" directly, or the installation will fail.
hostname = xxx.com(或者設(shè)置ip 192.168.229.20)
4.安裝
./install.sh
等待docker-compose 下載相關(guān)的docker image价说,默認(rèn)安裝完成后會(huì)自動(dòng)運(yùn)行相關(guān)鏡像
docker ps #查看
ad6b75b133db goharbor/nginx-photon:v1.7.1 "nginx -g 'daemon of…" 21 hours ago Up 3 hours (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
7b3d6fa358f1 goharbor/harbor-portal:v1.7.1 "nginx -g 'daemon of…" 21 hours ago Up 3 hours (healthy) 80/tcp harbor-portal
d248fb290d22 goharbor/harbor-jobservice:v1.7.1 "/harbor/start.sh" 21 hours ago Up 3 hours harbor-jobservice
15947394ae84 goharbor/harbor-core:v1.7.1 "/harbor/start.sh" 21 hours ago Up 3 hours (healthy) harbor-core
b40c1817fd99 goharbor/redis-photon:v1.7.1 "docker-entrypoint.s…" 21 hours ago Up 3 hours 6379/tcp redis
00c65a2b4239 goharbor/harbor-db:v1.7.1 "/entrypoint.sh post…" 21 hours ago Up 3 hours (healthy) 5432/tcp harbor-db
bab4d5e22e86 goharbor/harbor-registryctl:v1.7.1 "/harbor/start.sh" 21 hours ago Up 3 hours (healthy) registryctl
6f83af4bfbc6 goharbor/registry-photon:v2.6.2-v1.7.1 "/entrypoint.sh /etc…" 21 hours ago Up 3 hours (healthy) 5000/tcp registry
4326255fb989 goharbor/harbor-adminserver:v1.7.1 "/harbor/start.sh" 21 hours ago Up 3 hours (healthy) harbor-adminserver
cd6ef6445d5d goharbor/harbor-log:v1.7.1 "/bin/sh -c /usr/loc…" 21 hours ago Up 3 hours (healthy) 127.0.0.1:1514->10514/tcp harbor-log
這里使用了nginx,默認(rèn)80端口提供服務(wù)风秤。
5.如需重啟/或者停止 Harbor
#切換到 harbor 目錄
cd harbor
docker-compose stop
docker-compose start
docker-compose restart
查看 docker-compose 命令使用
docker-compose --help
[root@k8s-master harbor]# docker-compose --help
Define and run multi-container applications with Docker.
Usage:
docker-compose [-f <arg>...] [options] [COMMAND] [ARGS...]
docker-compose -h|--help
Options:
-f, --file FILE Specify an alternate compose file
(default: docker-compose.yml)
-p, --project-name NAME Specify an alternate project name
(default: directory name)
--verbose Show more output
--log-level LEVEL Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
--no-ansi Do not print ANSI control characters
-v, --version Print version and exit
-H, --host HOST Daemon socket to connect to
--tls Use TLS; implied by --tlsverify
--tlscacert CA_PATH Trust certs signed only by this CA
--tlscert CLIENT_CERT_PATH Path to TLS certificate file
--tlskey TLS_KEY_PATH Path to TLS key file
--tlsverify Use TLS and verify the remote
--skip-hostname-check Don't check the daemon's hostname against the
name specified in the client certificate
--project-directory PATH Specify an alternate working directory
(default: the path of the Compose file)
--compatibility If set, Compose will attempt to convert deploy
keys in v3 files to their non-Swarm equivalent
Commands:
build Build or rebuild services
bundle Generate a Docker bundle from the Compose file
config Validate and view the Compose file
create Create services
down Stop and remove containers, networks, images, and volumes
events Receive real time events from containers
exec Execute a command in a running container
help Get help on a command
images List images
kill Kill containers
logs View output from containers
pause Pause services
port Print the public port for a port binding
ps List containers
pull Pull service images
push Push service images
restart Restart services
rm Remove stopped containers
run Run a one-off command
scale Set number of containers for a service
start Start services
stop Stop services
top Display the running processes
unpause Unpause services
up Create and start containers
version Show the Docker-Compose version information
6.UI 界面登陸 admin/Harbor12345 (harbor.cfg 可查看/修改admin 密碼)
http://harborserver[ip]-> 192.168.x.20
harbor 首頁
內(nèi)容頁
4.1 push 鏡像到harbor 私有倉庫
1 .設(shè)置docker 私有倉庫
#如果沒有 daemon.json 就是創(chuàng)建
vim /etc/docker/daemon.json
{
"insecure-registries": ["192.168.229.20"]
}
如果不設(shè)置該私服地址會(huì)出現(xiàn) xxxx 443 類似的錯(cuò)誤鳖目,也就是
Error response from daemon: Get https://192.168.x.20/v1/users/: dial tcp 192.168.229.20:443: getsockopt: connection refused
harbor 默認(rèn)使用 https ,這里的配置就是 告訴 docker daemon 支持 http 訪問方式缤弦,并在設(shè)置了代理服務(wù)器地址疑苔。簡單點(diǎn)就是配置私服地址,這個(gè)地址也可以作為鏡像倉庫(理解可能不準(zhǔn)確,請勿深究!)
- 登陸 到 harbor (類似登陸github)
docker login 192.168.229.20
命令行會(huì)提示 輸入 username/password惦费,可以是 admin/Harbor12345
[root@k8s-node1 docker]# docker login 192.168.229.20
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@k8s-node1 docker]#
- push 鏡像到 haebor 私服
[root@k8s-node1 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.229.20/user/user-setvice v2.0 3dc0481535b8 2 hours ago 122MB
nginx alpine b411e34b4606 3 weeks ago 16.1MB
registry.aliyuncs.com/google_containers/kube-proxy v1.13.1 fdb321fd30a0 2 months ago 80.2MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 13 months ago 44.6MB
registry.aliyuncs.com/google_containers/pause 3.1 da86e6ba6ca1 14 months ago 742kB
nginx 1.9.1 94ec7e53edfc 3 years ago 133MB
nginx 1.7.9 84581e99d807 4 years ago 91.7MB
注意: 192.168.229.20/user/user-setvice:v2.0 鏡像的tag 必須是 私服ip[域名]/項(xiàng)目名稱/自定義:tag
192.168.x.20 : 私服ip
user :harbor 創(chuàng)建的項(xiàng)目名稱 user
user-sertvice: 自定義 名稱
項(xiàng)目列表
#push
docker push 192.168.229.20/user/user-setvice:v2.0
#pull
docker pull 192.168.229.20/user/user-setvice:v2.0
