Kubernetes 使用harbor作为私有仓库

安装docker

Docker 安装部署

清理以前安装的Harbor

1
2
3
docker ps -a|grep "goharbor"|awk '{print "docker stop "$1}'
docker ps -a|grep "goharbor"|awk '{print "docker rm "$1}'
docker images|grep "goharbor"|awk '{print "docker rmi "$1":"$2}'

安装Docker-compose

github项目地址:https://github.com/docker/compose/releases/

1
2
3
curl -L "https://github.com/docker/compose/releases/download/1.29.2/dockercompose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose --version

image-20221003194148927

下载解压并修改harbor配置文件

github项目地址:https://github.com/goharbor/harbor/releases

image-20221003195725029

1
2
3
4
5
6
7
# 解压
tar zxf harbor-offline-installer-v1.9.2.tgz -C /opt

# 修改配置文件
vim /opt/harbor/harbor.yml
hostname: 172.16.32.146 # 修改为node节点IP
harbor_admin_password: 123456 # 登录密码改不改都行

执行安装并访问

1
2
cd /opt/harbor
./install.sh

http://172.16.32.146

image-20221003201453501

用户名:admin,密码:123456

创建一个私有仓库k8s

image-20221003201608983

image-20221003201637812

image-20221003201659452

配置docker信任仓库并重启

注意!!!集群服务器都操作!!!

1
2
3
4
5
6
cat >/etc/docker/daemon.json<<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "insecure-registries" : ["http://172.16.32.146"]
}
EOF
1
systemctl restart docker

image-20221003202030087

注意!!!重启docker后harbor会失效,需要重启harbor

1
2
3
cd /opt/harbor
docker-compose stop
docker-compose start

image-20221003202527538

docker登陆harbor

1
2
# harbor默认用户名是admin,密码是harbor配置文件设置的密码
docker login 172.16.32.146

image-20221003202649339

将docker登陆凭证转化为k8s能识别的base64编码

1
2
# docker登录后会在家目录生成.docker目录,凭证在该目录内config.json
cat /root/.docker/config.json|base64

image-20221003203054874

编写Secert资源配置清单

1
2
3
4
5
6
7
apiVersion: v1
kind: Secret
metadata:
  name: harbor-secret
data:
  .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxNzIuMTYuMzIuMTQ2IjogewoJCQkiYXV0aCI6ICJZV1J0YVc0Nk1USXpORFUyIgoJCX0KCX0KfQ==
type: kubernetes.io/dockerconfigjson

应用Secret资源

1
kubectl apply -f harbor-secret.yaml

image-20221003203711918

在harbor仓库修改镜像tag并上传

1
2
3
docker pull nginx:latest
docker tag nginx:latest 172.16.32.146/k8s/nginx:latest
docker push 172.16.32.146/k8s/nginx:latest

image-20221003204110523

编写资源清单测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
apiVersion: v1
kind: Pod
metadata:
  name: demo
  labels:
    app: demo
spec:
  imagePullSecrets:  # 镜像拉取策略
  - name: harbor-secret # 填写密钥资源名称
  containers:
  - name: demo
    image: 172.16.32.146/k8s/nginx:latest # 镜像地址写harbor仓库地址
    ports:
    - containerPort: 80

应用资源清单并查看

1
2
kubectl apply -f nginx-harbor.yaml
kubectl get pod

image-20221003204624903

Secert资源需要和拉取镜像的Pod属于同一个命名空间