由于kubernetes是对docker容器的编排,kubernetes搭建过程中需要从docker仓库中去拉取所需要的镜像。生产的k8s集群一般是搭建在内网中,因此需要在内网搭建一个Docker仓库私服。

安装docker服务

下载docker二进制安装包:

https://download.docker.com/linux/static/stable/x86_64/docker-19.03.4.tgz

解压docker二进制包

将下载的docker二进制包上传到服务器上,然后解压:
tar -zxvf docker-19.03.4.tgz

移动到系统bin目录

在解压目录执行:sudo cp docker/* /usr/bin/

开启 docker 守护进程

sudo dockerd &

此时docker info 可以看到docker服务的信息

增加docker启动参数文件

sudo cat > /etc/docker/daemon.json <<EOF
{
“insecure-registries”:[“192.168.100.101”]
}
EOF

注册docker为系统服务

sudo vi /usr/lib/systemd/system/docker.service
文件内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
ExecStart=/usr/bin/dockerd
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
ExecReload=/bin/kill -s HUP $MAINPID

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
# TasksMax=infinity
TimeoutStartSec=0

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

然后就可使用service docker restart/stop/status 或者systemctl start/stop/status docker 等来操作docker服务

添加docker开机自启动

sudo systemctl enable docker

安装docker-compose服务

下载docker-compose二进制包

https://github.com/docker/compose/releases

上传docker-compose二进制包

将下载的docker-compose-Linux-x86_64二进制包上传到服务器上

移动到系统bin目录

在上传目录执行:sudo cp docker-compose-Linux-x86_64 /usr/bin/docker-compose
给docker-compose添加可执行权限:sudo chmod +x /usr/bin/docker-compose
然后docker-compose -v验证下:

安装harbor服务

下载harbor离线镜像包

https://github.com/vmware/harbor/releases或https://github.com/goharbor/harbor/releases
https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.1.tgz
注:离线安装包中是docker镜像,大概500多MB

解压harbor离线安装包

将下载的harbor-offline-installer-v1.9.1.tgz离线安装包上传到服务器上
然后解压:tar -zxvf harbor-offline-installer-v1.9.1.tgz

创建https证书

mkdir cert && cd cert
创建https证书,根据官方文档:https://github.com/goharbor/harbor/blob/master/docs/configure_https.md

1
openssl genrsa -out ca.key 4096
1
2
3
4
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=SH/L=BS/O=GR/OU=MaxBill/CN=registry.maxbill.com" \
-key ca.key \
-out ca.crt


openssl genrsa -out registry.maxbill.com.key 4096

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
openssl genrsa -out registry.maxbill.com.key 4096

openssl req -sha512 -new \
-subj "/C=CN/ST=SH/L=BS/O=GR/OU=MaxBill/CN=registry.maxbill.com" \
-key registry.maxbill.com.key \
-out registry.maxbill.com.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=registry.maxbill.com
DNS.2=192.168.100.101
EOF

openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in registry.maxbill.com.csr \
-out registry.maxbill.com.crt

修改harbor配置文件

vi harbor.yml 具体配置如下:
修改hostname: registry.maxbill.com
放开https配置:
https:
port: 443
certificate: /work/harbor/cert/registry.maxbill.com.crt
private_key: /work/harbor/cert/registry.maxbill.com.key
修改harbor_admin_password管理密码:MaxBill2019

执行安装准备

在harbor目录下执行 ./prepare

开始安装操作

在harbor 目录执行 ./install.sh

等待安装程序打印如下日志,说明安装完成:

安装验证

在docker中看下启动的容器:
docker ps

在浏览器中https://192.168.100.101或者https://registry.maxbill.com访问:

使用上面配置的账户登录:admin/MaxBill2019