部署harbor私有镜像---K8s

版权声明：文章转发需标明文章出处地址及作者 https://blog.csdn.net/weixin_44267608/article/details/89576047

环境准备：

添加硬盘，作为镜像的存储单元

cd /kubernetes

tar -zxf harbor-offline-installer-v1.4.0.tgz 

之后将解压出的harbor移动至/opt

   cd /opt
    mv /root/kubernetes/harbor ./

mkdir /date/
挂载

mount /dev/sdb /date

cd /date
mkdir harbor

cd /opt/harbor
编辑配置文件
vim harbor.cfg 修改以下选项

hostname = reg.yunwei.edu
ui_url_protocol = https
ssl_cert = /data/harbor/cert/harbor.crt
ssl_cert_key = /data/harbor/cert/harbor.key
secretkey_path = /data/harbor
harbor_admin_password = admin

修改配置文件
vim docker-compose.clair.yml 修改以下参数在volumes中

/data/harbor/clair-db:/var/lib/postgresql/data:z

修改配置文件
vim docker-compose.notary.yml 修改以下参数在volumes中

/data/harbor/notary-db:/var/lib/mysql:z

修改配置文件
vim docker-compose.yml 修改以下参数在volumes中

/data/harbor/:/var/log/docker/:z
/data/harbor/registry:/storage:z
/data/harbor/database:/var/lib/mysql:z
/data/harbor/config/:/etc/adminserver/config/:z
/data/harbor/secretkey:/etc/adminserver/key:z
/data/harbor/:/data/:z
/data/harbor/secretkey:/etc/ui/key:z
/data/harbor/ca_download/:/etc/ui/ca/:z
/data/harbor/psc/:/etc/ui/token/:z
/data/harbor/job_logs:/var/log/jobs:z
/data/harbor/secretkey:/etc/jobservice/key:z

进入/root/kubernetes目录
cd /root/kubernetes
解压

tar -zxf ca.tar.gz 

mv ca /date/harbor/cert
ca证书名称，必须与实际文件同名

cd /opt/harbor/
vim harbor.cfg 修改以下选项

ssl_cert = /date/harbor/cert/harbor.crt
ssl_cert_key = /date/harbor/cert/harbor.key

执行脚本

sh install.sh

为每个节点设置登录harbor私有镜像仓库

mkdir -p /etc/docker/certs.d/reg.yunwei.edu/
cd /etc/docker/certs.d/reg.yunwei.edu/

将harbor的ca证书中的ca.crt拷贝到/etc/docker目录下

cp /date/harbor/cert/ca.crt /etc/docker/certs.d/reg.yunwei.edu/

将harbor节点的ca.crt文件，分发给各节点的/etc/docker/certs.d/reg.yunwei.edu/下

scp /etc/docker/certs.d/reg.yunwei.edu/ca.crt chen1:/etc/docker/certs.d/reg.yunwei.edu/
scp /etc/docker/certs.d/reg.yunwei.edu/ca.crt chen2:/etc/docker/certs.d/reg.yunwei.edu/
scp /etc/docker/certs.d/reg.yunwei.edu/ca.crt chen3:/etc/docker/certs.d/reg.yunwei.edu/

验证
命令行：各节点登陆镜像库地址后，输入用户名/密码（admin/admin）后出现 Login Succeeded

docker login reg.yunwei.edu

web浏览器：浏览器输入部署节点ip

上传镜像
将本地images重新打tag

docker tag itsthenetwork/nfs-server-alpine:latest reg.yunwei.edu/learn/nfs-server-alpine:latest

上传镜像

docker push reg.yunwei.edu/learn/nfs-server-alpine:latest