Harbor是一個(gè)用于存儲(chǔ)和分發(fā)Docker 鏡像的企業(yè)級(jí)Registry 服務(wù)器,通過(guò)添加一些企業(yè)必需的功能特性,例如安全肝箱、標(biāo)識(shí)和管理等,擴(kuò)展了開(kāi)源Docker Distribution稀蟋。作為一個(gè)企業(yè)級(jí)私有Registry 服務(wù)器煌张,Harbor 提供了更好的性能和安全。提升用戶(hù)使用Registry構(gòu)建和運(yùn)行環(huán)境傳輸鏡像的效率退客。Harbor 支持安裝在多個(gè)Registry節(jié)點(diǎn)的鏡像資源復(fù)制骏融,鏡像全部保存在私有Registry 中, 確保數(shù)據(jù)和知識(shí)產(chǎn)權(quán)在公司內(nèi)部網(wǎng)絡(luò)中管控萌狂。另外档玻,Harbor也提供了高級(jí)的安全特性,諸如用戶(hù)管理粥脚,訪(fǎng)問(wèn)控制和活動(dòng)審計(jì)等窃肠。
克隆harbor項(xiàng)目,修改配置
git clone https://github.com/vmware/harbor.git
cd harbor
git checkout v1.4.0 #這里選擇1.4版本的安裝文件刷允,不過(guò)安裝的harbor還是1.2版本的
cd make/
vim harbor.cfg #修改以下幾項(xiàng)
hostname = reg.mydomain.com #改為域名或者ip地址
ui_url_protocol = http
harbor_admin_password = Harbor12345 #harbor admin登陸密碼
cd kubernetes/
python k8s-prepare #生成configmap配置文件和ingress規(guī)則
vim pv/pv-pvc.yaml
apiVersion: v1
kind: Secret
metadata:
name: ceph-secret
data:
key: QVFBZ28wUmFmaEo1RnhBQTFaQXRnRnlRdVU2YUt1cGlOY245YVE9PQo=
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: opspv
labels:
k8s-app: opspv
spec:
accessModes:
- ReadWriteMany
capacity:
storage: 100Gi
persistentVolumeReclaimPolicy: Retain
monitors:
- 192.168.0.231:6789
- 192.168.0.242:6789
- 192.168.0.211:6789
path: /harbor
user: admin
secretRef:
name: ceph-secret
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: opspvc
namespace: kube-ops
labels:
k8s-app: opspvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Gi
selector:
matchLabels:
k8s-app: opspv
接著修改kubernetes下的yaml名稱(chēng)空間和目錄掛載如:
metadata:
name: jobservice
labels:
name: jobservice
namespace: kube-ops
volumeMounts:
- name: logs
mountPath: /var/log/jobs
subPath: logs
volumes:
- name: logs
persistentVolumeClaim:
claimName: opspvc
創(chuàng)建配置文件
kubectl apply -f make/kubernetes/pv/pv-pvc.yaml
# create config map
kubectl apply -f make/kubernetes/jobservice/jobservice.cm.yaml
kubectl apply -f make/kubernetes/mysql/mysql.cm.yaml
kubectl apply -f make/kubernetes/registry/registry.cm.yaml
kubectl apply -f make/kubernetes/ui/ui.cm.yaml
kubectl apply -f make/kubernetes/adminserver/adminserver.cm.yaml
# create service
kubectl apply -f make/kubernetes/jobservice/jobservice.svc.yaml
kubectl apply -f make/kubernetes/mysql/mysql.svc.yaml
kubectl apply -f make/kubernetes/registry/registry.svc.yaml
kubectl apply -f make/kubernetes/ui/ui.svc.yaml
kubectl apply -f make/kubernetes/adminserver/adminserver.svc.yaml
# create k8s deployment
kubectl apply -f make/kubernetes/registry/registry.deploy.yaml
kubectl apply -f make/kubernetes/mysql/mysql.deploy.yaml
kubectl apply -f make/kubernetes/jobservice/jobservice.deploy.yaml
kubectl apply -f make/kubernetes/ui/ui.deploy.yaml
kubectl apply -f make/kubernetes/adminserver/adminserver.deploy.yaml
# create k8s ingress
kubectl apply -f make/kubernetes/ingress.yaml
隨后在本地修改hosts冤留,將前面修改的hostname解析成nodeip
登陸界面如下圖所示
image.png
docker login提示被拒絕解決方法:
vim /usr/lib/systemd/system/docker.service
#加入--insecure-registry $hostname
ExecStart=/usr/bin/dockerd --insecure-registry reg.mydomain.com
重啟docker,就可以登陸了
