二、Kubernetes模拟生产环境搭建高可用集群之Docker私服

原创
2019/10/27 19:44
阅读数 408

       由于kubernetes是对docker容器的编排,kubernetes搭建过程中需要从docker仓库中去拉取所需要的镜像。生产的k8s集群一般是搭建在内网中,因此需要在内网搭建一个Docker仓库私服。

一、安装docker服务(二进制)

1.下载docker二进制安装包:

https://download.docker.com/linux/static/stable/x86_64/docker-19.03.4.tgz

2.解压docker二进制包

将下载的docker二进制包上传到服务器上,然后解压:

tar -zxvf docker-19.03.4.tgz

2.移动到系统bin目录

在解压目录执行:sudo cp docker/* /usr/bin/

3.开启 docker 守护进程

sudo dockerd &

此时docker info 可以看到docker服务的信息

4.增加docker启动参数文件

sudo cat  > /etc/docker/daemon.json  <<EOF

{

    "insecure-registries":["192.168.100.101"]

}

EOF

5.注册docker为系统服务

sudo vi /usr/lib/systemd/system/docker.service

文件内容如下:

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
 
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
ExecStart=/usr/bin/dockerd
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock 
ExecReload=/bin/kill -s HUP $MAINPID
 
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
 
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
# TasksMax=infinity
TimeoutStartSec=0
 
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
 
# kill only the docker process, not all processes in the cgroup
KillMode=process
 
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
 
[Install]
WantedBy=multi-user.target

然后就可使用service docker restart/stop/status 或者systemctl start/stop/status docker 等来操作docker服务

5.添加docker开机自启动

sudo systemctl enable docker

二、安装docker-compose服务(二进制)

1.下载docker-compose二进制包

https://github.com/docker/compose/releases

2.上传docker-compose二进制包

将下载的docker-compose-Linux-x86_64二进制包上传到服务器上

3.移动到系统bin目录

在上传目录执行:sudo cp docker-compose-Linux-x86_64 /usr/bin/docker-compose

给docker-compose添加可执行权限:sudo chmod +x /usr/bin/docker-compose

然后docker-compose -v验证下:

三、安装harbor服务(二进制)

1.下载harbor离线镜像包

https://github.com/vmware/harbor/releases或https://github.com/goharbor/harbor/releases

https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.1.tgz

注:离线安装包中是docker镜像,大概500多MB

2.解压harbor离线安装包

将下载的harbor-offline-installer-v1.9.1.tgz离线安装包上传到服务器上

然后解压:tar -zxvf harbor-offline-installer-v1.9.1.tgz

3.创建https证书

mkdir cert && cd cert

创建https证书,根据官方文档:https://github.com/goharbor/harbor/blob/master/docs/configure_https.md

openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=SH/L=BS/O=GR/OU=MaxBill/CN=registry.maxbill.com" \
 -key ca.key \
 -out ca.crt

openssl genrsa -out registry.maxbill.com.key 4096

openssl genrsa -out registry.maxbill.com.key 4096


openssl req -sha512 -new \
 -subj "/C=CN/ST=SH/L=BS/O=GR/OU=MaxBill/CN=registry.maxbill.com" \
 -key registry.maxbill.com.key \
 -out registry.maxbill.com.csr


cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=registry.maxbill.com
DNS.2=192.168.100.101
EOF


openssl x509 -req -sha512 -days 3650 \
 -extfile v3.ext \
 -CA ca.crt -CAkey ca.key -CAcreateserial \
 -in registry.maxbill.com.csr \
 -out registry.maxbill.com.crt

4.修改harbor配置文件

vi harbor.yml 具体配置如下:

修改hostname:  registry.maxbill.com

放开https配置:

https:
   port: 443
   certificate: /work/harbor/cert/registry.maxbill.com.crt
   private_key: /work/harbor/cert/registry.maxbill.com.key

修改harbor_admin_password管理密码:MaxBill2019

5.执行安装准备

在harbor目录下执行  ./prepare

6.开始安装操作

在harbor 目录执行 ./install.sh

等待安装程序打印如下日志,说明安装完成:

四、安装验证

在docker中看下启动的容器:

docker ps

在浏览器中https://192.168.100.101或者https://registry.maxbill.com访问:

使用上面配置的账户登录:admin/MaxBill2019

 

展开阅读全文
加载中
点击加入讨论🔥(1) 发布并加入讨论🔥
1 评论
0 收藏
0
分享
返回顶部
顶部