部署私有仓库
下载harbor-2.1.0安装包
下载离线安装包:
$ wget https://github.com/goharbor/harbor/releases/download/v2.1.0-rc2/harbor-offline-installer-v2.1.0-rc2.tgz
解压!
修改harbor.yml配置信息
$ cp harbor.yml.tmpl harbor.yml
$ vim harbor.yml
# 如何选择hostname:
# 1、如果所有机器都在一个局域网,那么配置内网IP或域名(确保域名已做内网解析或绑定hosts)
# 2、如果机器跨网络,只能通过公网访问,那么配置本机外网IP或域名
hostname: hub.adaixuezhang.cn
http:
port: 80
# ssl证书需要购买,如果自己制作可参考:https://goharbor.io/docs/2.0.0/install-config/configure-https/ 或 http://www.zhangblog.com/2020/05/13/docker06/
https:
port: 443
certificate: /etc/ssl/certs/nginx/hub.adaixuezhang.cn_bundle.crt
private_key: /etc/ssl/certs/nginx/hub.adaixuezhang.cn.key
# harbor admin用户密码
harbor_admin_password: Harbor12345
# 数据库配置信息
database:
password: root123
max_idle_conns: 50
max_open_conns: 1000
# 数据存储路径
data_volume: /data/harbor/data
# 日志存放目录
location: /var/log/harbor
安装
$ ./install.sh
安装并启动成功!
访问Harbor
hub.adaixuezhang.cn
- 用户名:admin
- 密码:Harbor12345
管理harbor进程
如果修改了Harbor的配置文件harbor.yml,因为Harbor是基于docker-compose服务编排的,我们可以使用docker-compose命令重启Harbor。
未修改配置文件,重启Harbor命令:docker-compose start | stop | restart
当然个人建议:如果修改了harbor.yml文件,那么停止使用docker-compose down,启动使用 ./install.sh 。
$ docker-compose help
Define and run multi-container applications with Docker.
Usage:
docker-compose [-f <arg>...] [options] [--] [COMMAND] [ARGS...]
docker-compose -h|--help
Options:
-f, --file FILE Specify an alternate compose file
(default: docker-compose.yml)
-p, --project-name NAME Specify an alternate project name
(default: directory name)
-c, --context NAME Specify a context name
--verbose Show more output
--log-level LEVEL Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
--no-ansi Do not print ANSI control characters
-v, --version Print version and exit
-H, --host HOST Daemon socket to connect to
--tls Use TLS; implied by --tlsverify
--tlscacert CA_PATH Trust certs signed only by this CA
--tlscert CLIENT_CERT_PATH Path to TLS certificate file
--tlskey TLS_KEY_PATH Path to TLS key file
--tlsverify Use TLS and verify the remote
--skip-hostname-check Don't check the daemon's hostname against the
name specified in the client certificate
--project-directory PATH Specify an alternate working directory
(default: the path of the Compose file)
--compatibility If set, Compose will attempt to convert keys
in v3 files to their non-Swarm equivalent (DEPRECATED)
--env-file PATH Specify an alternate environment file
Commands:
build Build or rebuild services
config Validate and view the Compose file
create Create services
down Stop and remove containers, networks, images, and volumes
events Receive real time events from containers
exec Execute a command in a running container
help Get help on a command
images List images
kill Kill containers
logs View output from containers
pause Pause services
port Print the public port for a port binding
ps List containers
pull Pull service images
push Push service images
restart Restart services
rm Remove stopped containers
run Run a one-off command
scale Set number of containers for a service
start Start services
stop Stop services
top Display the running processes
unpause Unpause services
up Create and start containers
version Show version information and quit
为docker指定镜像仓库
# 增加配置 "insecure-registries"
$ vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"insecure-registries": ["https://hub.adaixuezhang.cn"]
}
$ systemctl restart docker
为harbor服务器配置镜像加速
# 配置 registry-mirrors ,使用国内镜像源
$ vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"insecure-registries": ["https://hub.adaixuezhang.cn"],
"registry-mirrors": [
"https://hub-mirror.c.163.com",
"https://mirror.baidubce.com"
]
}
harbor仓库使用测试
在服务器上登陆
$ docker login https://hub.adaixuezhang.cn username: admin password: Harbor12345 Login Succeeded!
push镜像:
# 拉去第三方镜像 $ docker pull wangyanglinux/myapp:v1 # 打tag:见harbor参考 推送命令 $ docker tag wangyanglinux/myapp:v1 hub.adaixuezhang.cn/library/myapp:v1 # push到私有仓库 $ docker push hub.adaixuezhang.cn/library/myapp:v1
使用镜像
$ kubectl run nginx-deployment --image=hub.adaixuezhang.cn/library/myapp:v1 --port=80 --replicas=1 # 查看状态 $ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-deployment 1/1 Running 0 14m 10.244.2.3 host3 <none> <none>
成功!