k8s系列--harbor

1、获取harbor.tgz安装包
https://pan.baidu.com/s/1Y9BlAVQ1iJHEwkIDhEO5HA?pwd=1111#list/path=%2F
tar -zxvf harbor-offline-installer-v2.8.4.tgz
2、 进入解压后的文件目录,备份yml文件
image
3、修改yml文件,注释掉https相关配置(缺少证书)
image
4、执行 ./prepare进行harbor配置
image
5、执行 ./install.sh 进行harbor安装
image
6、在浏览器输入配置的ip:port 就可以打开harbor的管理界面,如下
192.168.68.253:8253
初始账号admin,密码Harbor12345

设置harbor开机自启
1.vim /usr/lib/systemd/system/harbor.service
2、配置文件
[Unit]
Description=Harbor Registry
After=docker.service
Requires=docker.service

[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/libexec/docker/cli-plugins/docker-compose -f /root/harbor/docker-compose.yml up
ExecStop=/usr/libexec/docker/cli-plugins/docker-compose -f /root/harbor/docker-compose.yml down

[Install]
WantedBy=multi-user.target

3.设置开机自启
systemctl start harbor
systemctl enable harbor
4、查看启动是否成功
docker ps -a

创建https证书
openssl genrsa -des3 -out server.key 2048 --私钥
输入2次密码 123456
openssl req -new -key server.key -out server.csr --创建证书请求
输入私钥密码
国家名

市组织
域名
邮箱
是否改密码
是否改名

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key --退掉密码,因为docker默认是用nginx当前段引导的,如果有密码会引导失败
输入密码
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt --证书请求签名
chmod a+x * --在生成证书的目录执行

docker连接harbor仓库,报错http: server gave HTTP response to HTTPS client
配置vi /etc/docker/daemon.json
{
"registry-mirrors": [
"http://hub-mirror.c.163.com",
"https://mirrors.tuna.tsinghua.edu.cn",
"http://mirrors.sohu.com",
"https://ustc-edu-cn.mirror.aliyuncs.com",
"https://ccr.ccs.tencentyun.com",
"https://docker.m.daocloud.io",
"https://docker.awsl9527.cn"
],
"insecure-registries":["192.168.68.253:8253"]
}
systemctl daemon-reload
systemctl restart docker
docker login 192.168.68.253:8253
docker login 192.168.68.253:8253 -u admin -p Harbor12345
登录报错......

[root@harbor harbor]# docker login https://chinda.com
Authenticating with existing credentials...
Login did not succeed, error: Error response from daemon: login attempt to https://chinda.com/v2/ failed with status: 401 Unauthorized
Username (admin): admin
Password:
Error response from daemon: login attempt to https://chinda.com/v2/ failed with status: 401 Unauthorized

解决方案:
docker-compose down -v
docker-compose up -d
当时看到这个方案的时候我其实是不以为然的,这不就是重启吗,抱着试一下的心态,结果WTF,真的可以,真的无语。

推个镜像试试,要带ip标签才能推,不然会报错连接超时
docker tag registry.aliyuncs.com/google_containers/pause:3.2 192.168.68.253:8253/library/pause:3.2
docker push 192.168.68.253:8253/library/pause:3.2

删除nginx镜像再拉一个
docker rmi -f nginx
docker pull 192.168.68.253:8253/library/nginx:latest@sha256:926b086e1234b6ae9a11589c4cece66b267890d24d1da388c96dd8795b2ffcfb

测试k8s启动容器
k8s1.9版本用run命令,1.20以后用create命令,并且没有--port=80 --replicas=1,放在其他命令里面了
kubectl create deployment nginx-deployment --image=192.168.68.253:8253/library/nginx:latest
kubectl expose deployment nginx-deployment --port=80 --type=NodePort

--关闭控制器pod
kubectl scale deployment nginx-deployment --replicas=0

可以通过kubectl edit svc nginx-deployment修改yml里面类型为clusterIp或者NodePort

posted @ 2025-09-22 20:51  再练习两年半  阅读(3)  评论(0)    收藏  举报