侧边栏壁纸
博主头像
一揽芳华 博主等级

行动起来,活在当下

  • 累计撰写 265 篇文章
  • 累计创建 24 个标签
  • 累计收到 4 条评论

目 录CONTENT

文章目录
运维

基于RKE2部署的k8s.1.26.5使用私有非安全的镜像仓库Harbor

芳华是个男孩!
芳华是个男孩!
2024-10-14 / 0 评论 / 0 点赞 / 10 阅读 / 0 字
广告 广告

一、K8S集群配置

Harobor地址:192.168.0.6 域名:my.k8shub.com

1、所有节点,编写配置文件

[root@k8s-master01 ~]# cat /etc/rancher/rke2/registries.yaml 
mirrors:
  my.k8shub.com:                # 私有仓库地址
    endpoint:
      - "http://my.k8shub.com"                # 采用http
configs:
  "http://my.k8shub.com":
    auth:
      username: admin                    # 仓库地址账号
      password: Ab660910../                    # 仓库地址密码

2、所有节点,配置hosts解析

[root@k8s-master01 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
​
192.168.0.11 k8s-master01
192.168.0.12 k8s-master02
192.168.0.13 k8s-master03
192.168.0.14 k8s-node01
192.168.0.15 k8s-node02
192.168.0.16 k8s-node03
192.168.0.6 my.k8shub.com

3、所有节点启动

server节点重新启动

[root@k8s-master01]# systemctl restart rke2-server.service

agent节点重新启动

[root@k8s-node01]# systemctl restart rke2-agent.service

4、启动后,检测集群containrd配置

[root@k8s-master01 ~]# car /var/lib/rancher/rke2/agent/etc/containerd/config.toml 
bash: car: command not found...
Similar command is: 'sar'
[root@k8s-master01 ~]# cat /var/lib/rancher/rke2/agent/etc/containerd/config.toml 
​
# File generated by rke2. DO NOT EDIT. Use config.toml.tmpl instead.
version = 2
​
[plugins."io.containerd.internal.v1.opt"]
  path = "/var/lib/rancher/rke2/agent/containerd"
[plugins."io.containerd.grpc.v1.cri"]
  stream_server_address = "127.0.0.1"
  stream_server_port = "10010"
  enable_selinux = true
  enable_unprivileged_ports = true
  enable_unprivileged_icmp = true
  sandbox_image = "registry.cn-hangzhou.aliyuncs.com/rancher/pause:3.6"
​
[plugins."io.containerd.grpc.v1.cri".containerd]
  snapshotter = "overlayfs"
  disable_snapshot_annotations = true
​
​
​
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  runtime_type = "io.containerd.runc.v2"
​
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
  SystemdCgroup = true
​
​
​
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
​
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."my.k8shub.com"]
  endpoint = ["http://my.k8shub.com"]
​
​
​
​
​
[plugins."io.containerd.grpc.v1.cri".registry.configs."http://my.k8shub.com".auth]
  username = "admin"
  password = "Ab660910../"

二、Harbor安装

使用单独一台服务器安装docker,使用docker部署Harbor

[root@my ~]# hostnamectl 
 Static hostname: my.k8shub.com                    # 主机名
       Icon name: computer-vm
         Chassis: vm 🖴
      Machine ID: e56896732df14fc29d14b5896301278a
         Boot ID: 9bda389301f14e399a7f568fbdf2b30a
  Virtualization: kvm
Operating System: Rocky Linux 9.3 (Blue Onyx)                # 系统版本
     CPE OS Name: cpe:/o:rocky:rocky:9::baseos
          Kernel: Linux 5.14.0-362.18.1.el9_3.0.1.x86_64
    Architecture: x86-64
 Hardware Vendor: QEMU
  Hardware Model: Standard PC _Q35 + ICH9, 2009_
Firmware Version: 1.15.0-1
​
​
[root@my ~]# docker -v
Docker version 25.0.4, build 1a576c5                # docker版本任意,我这里以最版本
​
[root@my ~]# docker-compose -v                    # docker-compose版本
Docker Compose version v2.20.3
​
[root@my ~]# cat /etc/docker/daemon.json             # docker加速配置以及跳过验证
{
  "registry-mirrors": ["https://a05jv9b5.mirror.aliyuncs.com"],
   "insecure-registries": ["my.k8shub.com"]            # 必须有
}
[root@my ~]#

下载Harbor、并解压

[root@my ~]# wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz
​
[root@my ~]# tar -xvf harbor-offline-installer-v2.10.0.tgz

编辑harbor配置文件

[root@my ~]# cd harbor
[root@my harbor]# cp harbor.yml.tmpl harbor.yml
[root@my harbor]# vim harbor.yml
# Configuration file of Harbor
​
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: my.k8shub.com                    # 主机名
​
# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80
​
# https related config
# https:                    # 使用的是非安全的所有注销https
  # https port for harbor, default is 443
  # port: 443                    # 注销https端口
  # The path of cert and key files for nginx
  # certificate: /root/harbor/ssl/my.k8shub.com.crt                # 注销crt证书
  # private_key: /root/harbor/ssl/my.k8shub.com.key                # 注销key证书
​
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
#   # set enabled to true means internal tls is enabled
#   enabled: true
#   # put your cert and key files on dir
#   dir: /etc/harbor/tls/internal
#   # enable strong ssl ciphers (default: false)
#   strong_ssl_ciphers: false
​
………………
后面用不上,略

编译,过程会做检差主机是否安装docker和docker-compose等信息

[root@my harbor]# ./prepare

安装

[root@my harbor]# ./install.sh

安装完成后,访问,http://192.168.0.6 用户名: admin 密码:Harbor12345 默认一个公开项目:library

invalid image(图片无法加载)

本地登录

[root@my harbor]# docker login -u admin my.k8shub.com
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
​
Login Succeeded
[root@my harbor]#

下载一个nginx镜像,并上传到私有仓库中

[root@my ~]# docker pull nginx:1.25.0
1.25.0: Pulling from library/nginx
759700526b78: Pull complete 
4fabad4a1317: Pull complete 
1150b893b52b: Pull complete 
e75fa5822000: Pull complete 
1595b4d83afa: Pull complete 
1810e754f450: Pull complete 
Digest: sha256:b997b0db9c2bc0a2fb803ced5fb9ff3a757e54903a28ada3e50412cc3ab7822f
Status: Downloaded newer image for nginx:1.25.0
docker.io/library/nginx:1.25.0

[root@my harbor]# docker tag nginx:1.25.0 my.k8shub.com/library/nginx:1.25.0
[root@my harbor]# docker push my.k8shub.com/library/nginx:1.25.0 
The push refers to repository [my.k8shub.com/library/nginx]
5f5ffeb5f485: Pushed 
f096f2cad7ff: Pushed 
89ad618cc7b9: Pushed 
cc7def5d7708: Pushed 
077db2bd2c24: Pushed 
0cc1f0165626: Pushed 
1.25.0: digest: sha256:e7058572cd3be00c224dc135c22b0e3cf21ed75d335df135ce0e56dd95a25a1b size: 1571

invalid image(图片无法加载)

invalid image(图片无法加载)

在网页中修改仓库地址,方便自己记忆

invalid image(图片无法加载)

三、集群中,测试

[root@k8s-master01 ~]# cat nginx.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  namespace: default
spec:
  containers:
    - name: nginx
      image: my.k8shub.com/library/nginx:1.25.0

[root@k8s-master01 ~]# kubectl apply -f nginx.yaml 
pod/nginx created
[root@k8s-master01 ~]# kubectl describe pod nginx | tail -8
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  9s    default-scheduler  Successfully assigned default/nginx to k8s-node03
  Normal  Pulling    8s    kubelet            Pulling image "my.k8shub.com/library/nginx:1.25.0"
[root@k8s-master01 ~]# kubectl get pod -o wide
NAME    READY   STATUS    RESTARTS   AGE   IP           NODE         NOMINATED NODE   READINESS GATES
nginx   1/1     Running   0          23s   10.42.4.13   k8s-node03   <none>           <none>

0
k8s
版权归属: 芳华是个男孩!
本文链接: https://www.xxjstl.cn/archives/ji-yu-rke2bu-shu-de-k8s.1.26.5shi-yong-si-you-fei-an-quan-de-jing-xiang-cang-ku-harbor
许可协议: 本文使用《署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)》协议授权
广告 广告

评论区