kubernetes&&私有镜像仓库部署
固化IP地址
[root@192 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.0.220
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=192.168.0.1
关闭firewalld并禁止自启动,安装iptables并清空规则并保存并设置开机自启
systemctl stop firewalld && systemctl disable firewalld
yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
关闭SELINUX
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
设置时区并重启与时间有关的服务
# 设置系统时区为 中国/上海
timedatectl set-timezone Asia/Shanghai
# 将当前的UTC时间写入硬件时钟
timedatectl set-local-rtc 0
systemctl restart rsyslog && systemctl restart crond
# 停止并禁止自启动无关服务
systemctl stop postfix && systemctl disable postfix
安装docker软件
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum update -y && yum install -y docker-ce
# 创建目录
mkdir /etc/docker
# 配置daemon
[root@192 ~]# cat /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
# 定义docker仓库域名,此处使用insecure-registries可以忽略https证书的安全性继续访问
"insecure-registries": ["https://hub.atguigu.com"]
}
# 创建目录用于存放docker的配置文件
mkdir -p /etc/systemd/system/docker.service.d
systemctl daemon-reload && systemctl restart docker && systemctl enable docker
安装docker-compose
# 下载
sudo curl -L "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# 授权
sudo chmod +x /usr/local/bin/docker-compose
# 检测
[root@192 ~]# docker-compose -version
docker-compose version 1.25.0, build 0a186604
离线安装harbor
yum -y install lrzsz wget
wget https://github.com/goharbor/harbor/releases/download/v1.2.0/harbor-offline-installer-v1.2.0.tgz
tar -zxvf harbor-offline-installer-v1.2.0.tgz
cd /usr/local/harbor
[root@192 harbor]# vim harbor.cfg
# 指定服务域名
hostname = hub.atguigu.com
# 修改为https协议
ui_url_protocol = https
# 创建存放证书的路径
[root@192 harbor]# mkdir -p /data/cert/
# 创建https证书及配置相关目录权限
## 生成私钥
[root@192 harbor]# cd /data/cert/
[root@192 cert]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
..........+++
..+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
## 请求创建证书的csr
[root@192 cert]# openssl req -new -key server.key -out server.csr
# 输入与上一步相同的密码
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
# 输入国家名
Country Name (2 letter code) [XX]:CN
# 省
State or Province Name (full name) []:BJ
# 市
Locality Name (eg, city) [Default City]:BJ
# 组织
Organization Name (eg, company) [Default Company Ltd]:atguigu
# 机构
Organizational Unit Name (eg, section) []:atguigu
# 完全域名
Common Name (eg, your name or your server's hostname) []:hub.atguigu.com
# 管理员邮箱
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# 备份私钥
[root@192 cert]# cp server.key server.key.org
# 生成证书
[root@192 cert]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
# 提示私钥已被抹掉密码
writing RSA key
# 证书签名
[root@192 cert]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=BJ/L=BJ/O=atguigu/OU=atguigu/CN=hub.atguigu.com/emailAddress=[email protected]
Getting Private key
# 授权
[root@192 cert]# chmod a+x /data/cert/*
# 脚本安装harbor
[root@192 cert]# cd /usr/local/harbor
[root@192 harbor]# ./install.sh
--snip--
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating registry ... done
Creating harbor-db ... done
Creating harbor-ui ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://hub.atguigu.com.
For more details, please visit https://github.com/vmware/harbor .
# 安装完毕
# 客户端添加hosts"192.168.0.220 hub.atguigu.com",打开网页,访问https://hub.atguigu.com检测
# 用户名默认:admin,密码默认:Harbor12345
# 用户名密码可通过/usr/local/harbor/harbor.cfg文件进行修改。
docker服务上传镜像文件到私有镜像仓库
# 此处以更改hosts文件的方式,添加docker仓库域名与IP的对应关系(所有使用该仓库的服务器节点均需修改)
echo "192.168.0.220 hub.atguigu.com" >> /etc/hosts
# 登录 admin : Harbor12345
[root@k8s-master01 ~]# docker login https://hub.atguigu.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
查看推送镜像命令
# 更改镜像tag
[root@k8s-master01 ~]# docker tag wangyanglinux/myapp:v1 hub.atguigu.com/library/myapp:v1
# 推送
[root@k8s-master01 ~]# docker push hub.atguigu.com/library/myapp:v1
# 检测