一 :整体工作流程
注意:这里为了清晰将docker 的客户端和服务端(docker daemon)分开了,实际一般都在一台机器上。当然也有分开部署的。
docker 客户端通过命令(api)向docker server 发送请求,docker server 与私有仓库交互完成用户的请求,docker push / pull
二 :安装部署
2.1 安装docker
这里为了后面的k8s 集群安装 ,安装docker 18.06版本。
1.安装yum-utils (如有可省略)
yum install -y yum-utils
2.设置 docker yum 源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
- 版本预览&安装
yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce-18.06.1.ce-3.el7
4.启动&设置开机启动
systemctl start docker
systemctl enable docker
5.查看docker 版本
docker version
[root@k8s-node1 docker]# docker version
Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:23:03 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:25:29 2018
OS/Arch: linux/amd64
Experimental: false
3.1 Harbor 安装
1.Harbor 镜像 依赖 docker-compose 管理
上GitHub下载最新的release版本https://github.com/vmware/harbor/releases
docker-compose 版本 :https://github.com/docker/compose/releases/
这里下载的是
下载 Harbor online installer
-rw-r--r--. 1 root root 381 2月 27 17:15 1
-rw-------. 1 root root 1423 8月 28 2018 anaconda-ks.cfg
drwxr-xr-x. 3 root root 251 2月 28 11:56 harbor
-rw-r--r--. 1 root root 163595 2月 28 14:37 harbor-online-installer-v1.7.1.tgz
- 解压得到harbor
tar -zxvf harbor-online-installer-v1.7.1.tgz
3.进行最简单配置
cd harbor
-rw-r--r--. 1 root root 238 2月 28 11:56 1
drwxr-xr-x. 4 root root 37 2月 27 17:23 common
-rw-r--r--. 1 root root 939 1月 7 13:53 docker-compose.chartmuseum.yml
-rw-r--r--. 1 root root 975 1月 7 13:53 docker-compose.clair.yml
-rw-r--r--. 1 root root 1434 1月 7 13:53 docker-compose.notary.yml
-rw-r--r--. 1 root root 5608 1月 7 13:53 docker-compose.yml
-rw-r--r--. 1 root root 8031 2月 28 11:49 harbor.cfg
-rwxr-xr-x. 1 root root 5739 1月 7 13:53 install.sh
-rw-r--r--. 1 root root 11347 1月 7 13:53 LICENSE
-rw-r--r--. 1 root root 748160 1月 7 13:53 open_source_license
-rwxr-xr-x. 1 root root 36337 1月 7 13:53 prepare
#配置 harbor.cfg
vim harbor.cfg
#设置hostname
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version = 1.7.0
#The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
#DO NOT comment out this line, modify the value of "hostname" directly, or the installation will fail.
hostname = xxx.com(或者设置ip 192.168.229.20)
4.安装
./install.sh
等待docker-compose 下载相关的docker image,默认安装完成后会自动运行相关镜像
docker ps #查看
ad6b75b133db goharbor/nginx-photon:v1.7.1 "nginx -g 'daemon of…" 21 hours ago Up 3 hours (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
7b3d6fa358f1 goharbor/harbor-portal:v1.7.1 "nginx -g 'daemon of…" 21 hours ago Up 3 hours (healthy) 80/tcp harbor-portal
d248fb290d22 goharbor/harbor-jobservice:v1.7.1 "/harbor/start.sh" 21 hours ago Up 3 hours harbor-jobservice
15947394ae84 goharbor/harbor-core:v1.7.1 "/harbor/start.sh" 21 hours ago Up 3 hours (healthy) harbor-core
b40c1817fd99 goharbor/redis-photon:v1.7.1 "docker-entrypoint.s…" 21 hours ago Up 3 hours 6379/tcp redis
00c65a2b4239 goharbor/harbor-db:v1.7.1 "/entrypoint.sh post…" 21 hours ago Up 3 hours (healthy) 5432/tcp harbor-db
bab4d5e22e86 goharbor/harbor-registryctl:v1.7.1 "/harbor/start.sh" 21 hours ago Up 3 hours (healthy) registryctl
6f83af4bfbc6 goharbor/registry-photon:v2.6.2-v1.7.1 "/entrypoint.sh /etc…" 21 hours ago Up 3 hours (healthy) 5000/tcp registry
4326255fb989 goharbor/harbor-adminserver:v1.7.1 "/harbor/start.sh" 21 hours ago Up 3 hours (healthy) harbor-adminserver
cd6ef6445d5d goharbor/harbor-log:v1.7.1 "/bin/sh -c /usr/loc…" 21 hours ago Up 3 hours (healthy) 127.0.0.1:1514->10514/tcp harbor-log
这里使用了nginx,默认80端口提供服务。
5.如需重启/或者停止 Harbor
#切换到 harbor 目录
cd harbor
docker-compose stop
docker-compose start
docker-compose restart
查看 docker-compose 命令使用
docker-compose --help
[root@k8s-master harbor]# docker-compose --help
Define and run multi-container applications with Docker.
Usage:
docker-compose [-f <arg>...] [options] [COMMAND] [ARGS...]
docker-compose -h|--help
Options:
-f, --file FILE Specify an alternate compose file
(default: docker-compose.yml)
-p, --project-name NAME Specify an alternate project name
(default: directory name)
--verbose Show more output
--log-level LEVEL Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
--no-ansi Do not print ANSI control characters
-v, --version Print version and exit
-H, --host HOST Daemon socket to connect to
--tls Use TLS; implied by --tlsverify
--tlscacert CA_PATH Trust certs signed only by this CA
--tlscert CLIENT_CERT_PATH Path to TLS certificate file
--tlskey TLS_KEY_PATH Path to TLS key file
--tlsverify Use TLS and verify the remote
--skip-hostname-check Don't check the daemon's hostname against the
name specified in the client certificate
--project-directory PATH Specify an alternate working directory
(default: the path of the Compose file)
--compatibility If set, Compose will attempt to convert deploy
keys in v3 files to their non-Swarm equivalent
Commands:
build Build or rebuild services
bundle Generate a Docker bundle from the Compose file
config Validate and view the Compose file
create Create services
down Stop and remove containers, networks, images, and volumes
events Receive real time events from containers
exec Execute a command in a running container
help Get help on a command
images List images
kill Kill containers
logs View output from containers
pause Pause services
port Print the public port for a port binding
ps List containers
pull Pull service images
push Push service images
restart Restart services
rm Remove stopped containers
run Run a one-off command
scale Set number of containers for a service
start Start services
stop Stop services
top Display the running processes
unpause Unpause services
up Create and start containers
version Show the Docker-Compose version information
6.UI 界面登陆 admin/Harbor12345 (harbor.cfg 可查看/修改admin 密码)
http://harborserver[ip]-> 192.168.x.20
4.1 push 镜像到harbor 私有仓库
1 .设置docker 私有仓库
#如果没有 daemon.json 就是创建
vim /etc/docker/daemon.json
{
"insecure-registries": ["192.168.229.20"]
}
如果不设置该私服地址会出现 xxxx 443 类似的错误,也就是
Error response from daemon: Get https://192.168.x.20/v1/users/: dial tcp 192.168.229.20:443: getsockopt: connection refused
harbor 默认使用 https ,这里的配置就是 告诉 docker daemon 支持 http 访问方式,并在设置了代理服务器地址。简单点就是配置私服地址,这个地址也可以作为镜像仓库(理解可能不准确,请勿深究!)
- 登陆 到 harbor (类似登陆github)
docker login 192.168.229.20
命令行会提示 输入 username/password,可以是 admin/Harbor12345
[root@k8s-node1 docker]# docker login 192.168.229.20
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@k8s-node1 docker]#
- push 镜像到 haebor 私服
[root@k8s-node1 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.229.20/user/user-setvice v2.0 3dc0481535b8 2 hours ago 122MB
nginx alpine b411e34b4606 3 weeks ago 16.1MB
registry.aliyuncs.com/google_containers/kube-proxy v1.13.1 fdb321fd30a0 2 months ago 80.2MB
quay.io/coreos/flannel v0.10.0-amd64 f0fad859c909 13 months ago 44.6MB
registry.aliyuncs.com/google_containers/pause 3.1 da86e6ba6ca1 14 months ago 742kB
nginx 1.9.1 94ec7e53edfc 3 years ago 133MB
nginx 1.7.9 84581e99d807 4 years ago 91.7MB
注意: 192.168.229.20/user/user-setvice:v2.0 镜像的tag 必须是 私服ip[域名]/项目名称/自定义:tag
192.168.x.20 : 私服ip
user :harbor 创建的项目名称 user
user-sertvice: 自定义 名称
#push
docker push 192.168.229.20/user/user-setvice:v2.0
#pull
docker pull 192.168.229.20/user/user-setvice:v2.0