搭建docker镜像仓库harbor

一.安装docker

1.配置阿里源

cd /etc/yum.repos.d/
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

2.下载指定版本的docker

yum -y install docker-ce-18.09.9-3.el7 docker-ce-cli-18.09.9-3.el7

3.配置docker镜像加速

mkdir /etc/docker
cat > /etc/docker/daemon.json <

4.启动

systemctl enable docker && systemctl start docker

5.检查版本

docker -v

二.安装harbor

1.下载harbor

wget https://github.com/goharbor/harbor/releases/download/v1.9.3/harbor-offline-installer-v1.9.3.tgz

2.在node4上安装harbor

cd /opt/
tar zxf harbor-offline-installer-v1.9.0-rc1.tgz
cd harbor/

3.编辑harbor配置文件

vim harbor.yml
...
hostname: 10.0.0.14
harbor_admin_password: 123456
data_volume: /data/harbor
...

4.执行安装

yum install docker-compose -y
./install.sh

5.浏览器访问

http://10.0.0.14
admin
123456

6.建立镜像仓库
这里有2种访问级别：
公开：任何人都可以直接访问并下载镜像
私有：登陆授权后才允许下载镜像

三.使用harbor作为k8s私有仓库

1.创建镜像仓库

2.所有节点都配置docker信任harbor仓库并重启docker

cat >/etc/docker/daemon.json <

3.为镜像打标签

[root@node2 ~]# docker tag d5cea958d330 10.0.0.14/k8s/mysql:5.7
[root@node2 ~]# docker tag a29e200a18e9 10.0.0.14/k8s/tomcat-app:v1

4.登录harbor并推送镜像到harbor

[root@node2 ~]# docker login 10.0.0.14
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@node2 ~]# docker push 10.0.0.14/k8s/tomcat-app:v1
The push refers to repository [10.0.0.14/k8s/tomcat-app]
fe9a890c4f24: Pushed 
5f70bf18a086: Pushed 
a072f755a133: Pushed 
6d0267f8a9fd: Pushed 
7bb92eb08c02: Pushed 
d8ba5f179687: Pushed 
2275023dea33: Pushed 
d490458a60cb: Pushed 
bb3e02b5a488: Pushed 
3b7a0c95e085: Pushed 
02adacdfda2f: Pushed 
d2c5e3a8d3d3: Pushed 
4dcab49015d4: Pushed 
v1: digest: sha256:565bb4e52ac67b4d37feed9ea4626b786f23e0871451587c7187683532a6188f size: 5719
[root@node2 ~]# docker push 10.0.0.14/k8s/mysql:5.7
The push refers to repository [10.0.0.14/k8s/mysql]
ef78375f166a: Pushed 
549184ef4a0e: Pushed 
3be346044c35: Pushed 
c7c9b9502281: Pushed 
80c697004ac9: Pushed 
f24603cb3885: Pushed 
cee57cdf5101: Pushed 
1a527f11e03e: Pushed 
4dac9b6b28ce: Pushed 
605f8f2fe1e5: Pushed 
e0db3ba0aaea: Pushed 
5.7: digest: sha256:1be1f2cbd2c18563b167ffda45f67c5b0afb1bfe6a77cbc506306836fb1317b5 size: 2622

5.查看docker登陆的密码文件

[root@node1 ~]# cat /root/.docker/config.json
{
    "auths": {
        "10.0.0.14": {
            "auth": "YWRtaW46SGFyYm9yMTIzNDU="
        }
    },
    "HttpHeaders": {
        "User-Agent": "Docker-Client/18.09.7 (linux)"
    }
}

6.将docker密码文件解码成base64编码

[root@node1 ~/demo]# cat /root/.docker/config.json|base64
ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTQiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVlt
OXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRv
Y2tlci1DbGllbnQvMTguMDkuNyAobGludXgpIgoJfQp9

7.创建并应用docker登陆的Secret资源
注意！！！
1.dockerconfigjson: xxx直接写base64的编码，不需要换行
2.base64编码是一整行，不是好几行
3.最后的type字段不能少

[root@node1 ~]# vim harbor-secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: harbor-secret
data:
 .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxMC4wLjAuMTQiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVlt
OXlNVEl6TkRVPSIKCQl9Cgl9LAoJIkh0dHBIZWFkZXJzIjogewoJCSJVc2VyLUFnZW50IjogIkRv
Y2tlci1DbGllbnQvMTguMDkuNyAobGludXgpIgoJfQp9
type: kubernetes.io/dockerconfigjson

8.应用资源配置清单并查看

[root@node1 ~]# kubectl create -f harbor-secret.yaml
secret/harbor-secret created
[root@node1 ~]# kubectl get secrets 
NAME                  TYPE                                  DATA   AGE
default-token-vz4d9   kubernetes.io/service-account-token   3      30h
harbor-secret         kubernetes.io/dockerconfigjson        1      14s