由于kubernetes是对docker容器的编排,kubernetes搭建过程中需要从docker仓库中去拉取所需要的镜像。生产的k8s集群一般是搭建在内网中,因此需要在内网搭建一个Docker仓库私服。
一、安装docker服务(二进制)
1.下载docker二进制安装包:
https://download.docker.com/linux/static/stable/x86_64/docker-19.03.4.tgz
2.解压docker二进制包
将下载的docker二进制包上传到服务器上,然后解压:
tar -zxvf docker-19.03.4.tgz
2.移动到系统bin目录
在解压目录执行:sudo cp docker/* /usr/bin/
3.开启 docker 守护进程
sudo dockerd &
此时docker info 可以看到docker服务的信息
4.增加docker启动参数文件
sudo cat > /etc/docker/daemon.json <<EOF
{
"insecure-registries":["192.168.100.101"]
}
EOF
5.注册docker为系统服务
sudo vi /usr/lib/systemd/system/docker.service
文件内容如下:
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
ExecStart=/usr/bin/dockerd
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
# TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
然后就可使用service docker restart/stop/status 或者systemctl start/stop/status docker 等来操作docker服务
5.添加docker开机自启动
sudo systemctl enable docker
二、安装docker-compose服务(二进制)
1.下载docker-compose二进制包
https://github.com/docker/compose/releases
2.上传docker-compose二进制包
将下载的docker-compose-Linux-x86_64二进制包上传到服务器上
3.移动到系统bin目录
在上传目录执行:sudo cp docker-compose-Linux-x86_64 /usr/bin/docker-compose
给docker-compose添加可执行权限:sudo chmod +x /usr/bin/docker-compose
然后docker-compose -v验证下:
三、安装harbor服务(二进制)
1.下载harbor离线镜像包
https://github.com/vmware/harbor/releases或https://github.com/goharbor/harbor/releases
https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.1.tgz
注:离线安装包中是docker镜像,大概500多MB
2.解压harbor离线安装包
将下载的harbor-offline-installer-v1.9.1.tgz离线安装包上传到服务器上
然后解压:tar -zxvf harbor-offline-installer-v1.9.1.tgz
3.创建https证书
mkdir cert && cd cert
创建https证书,根据官方文档:https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=SH/L=BS/O=GR/OU=MaxBill/CN=registry.maxbill.com" \
-key ca.key \
-out ca.crt
openssl genrsa -out registry.maxbill.com.key 4096
openssl genrsa -out registry.maxbill.com.key 4096
openssl req -sha512 -new \
-subj "/C=CN/ST=SH/L=BS/O=GR/OU=MaxBill/CN=registry.maxbill.com" \
-key registry.maxbill.com.key \
-out registry.maxbill.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=registry.maxbill.com
DNS.2=192.168.100.101
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in registry.maxbill.com.csr \
-out registry.maxbill.com.crt
4.修改harbor配置文件
vi harbor.yml 具体配置如下:
修改hostname: registry.maxbill.com
放开https配置:
https:
port: 443
certificate: /work/harbor/cert/registry.maxbill.com.crt
private_key: /work/harbor/cert/registry.maxbill.com.key
修改harbor_admin_password管理密码:MaxBill2019
5.执行安装准备
在harbor目录下执行 ./prepare
6.开始安装操作
在harbor 目录执行 ./install.sh
等待安装程序打印如下日志,说明安装完成:
四、安装验证
在docker中看下启动的容器:
docker ps
在浏览器中https://192.168.100.101或者https://registry.maxbill.com访问:
使用上面配置的账户登录:admin/MaxBill2019