Harbor 安装 && Containerd 拉取 harbor私有镜像实验
containerd 下载私有仓库镜像
三台k8s集群 一台harbor服务器
harbor服务器 v2.9.1 安装harbor需要docker版本需要17.06.0+
[root@Web harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 1.13.1
✖ Need to upgrade docker package to 17.06.0+.1.清除之前安装的docker
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine2.安装docker 源
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum makecache fast
sudo yum install docker-ce3.启动docker
sudo systemctl daemon-reload
sudo systemctl start docker4.下载harbor
可以去官网进行下载
https://github.com/goharbor/harbor/releases
tar -xzvf harbor-offline-installer-v2.9.1.tgz -C /usr/local
cd /usr/local/harbor & cp harbor.yml.tmpl harbor.yml
vim harbor.yml
hostname: 主机IP
# 注释掉https
# https:
# #https port for harbor, default is 443
# port: 443
# #The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
# 密码
harbor_admin_password: Harbor12345
运行
./install.sh
5. harbor 启动的docker 有一些不是开机启动的 因此需要重新设置docker 重启
docker update --restart=always docker-id
6. 尝试推送镜像
vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries":["192.168.178.137"]
}systemctl daemon-reload
systemctl restart docker
# 重启之后harbor可能会没有启动
docker start `docker ps -a | gerp Exited | awk '{print $1}'`
# 登入harbor
docker login -u 'admin' -p 'Harbor12345' http://192.168.178.137
docker tag nginx:latest 192.168.178.137/elastic/nginx:v1
docker push 192.168.178.137/elastic/nginx:v1====================================================================
二、在k8s集群内安装crictl 需要安装
查看集群版本
kubectl version
# 设置版本号
VERSION="v1.23.0"
# 下载对应的ctrctl安装包
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz# 解压
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
# 检验ctrctl
[root@k8s-node2 src]# crictl version
FATA[0002] connect: connect endpoint 'unix:///var/run/cri-dockerd.sock', make sure you are running as root and the endpoint has been started: context deadline exceeded# 报错 需要修改ctrctl配置环境
vi /etc/crictl.yaml
runtime-endpoint: "unix:///run/containerd/containerd.sock"
image-endpoint: "unix:///run/containerd/containerd.sock"
timeout: 0
debug: false
pull-image-on-create: false
disable-pull-on-run: false# 重新检验
[root@k8s-node2 src]# crictl version
Version: 0.1.0
RuntimeName: containerd
RuntimeVersion: 1.6.22
RuntimeApiVersion: v1alpha2
# 测试拉取harbor私有镜像仓库镜像
[root@k8s-master ~]# crictl pull 192.168.178.137/elastic/nginx:v1
FATA[0000] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "192.168.178.137/elastic/nginx@sha256:3c4c1f42a89e343c7b050c5e5d6f670a0e0b82e70e0e7d023f10092a04bbb5a7": failed to resolve reference "192.168.178.137/elastic/nginx@sha256:3c4c1f42a89e343c7b050c5e5d6f670a0e0b82e70e0e7d023f10092a04bbb5a7": failed to do request: Head "https://192.168.178.137/v2/elastic/nginx/manifests/sha256:3c4c1f42a89e343c7b050c5e5d6f670a0e0b82e70e0e7d023f10092a04bbb5a7": dial tcp 192.168.178.137:443: connect: connection refused# 拉取镜像失败 配置镜像 拉取私有镜像仓库
vi /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = ""
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.178.137"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.178.137".tls]
insecure_skip_verify = true # 是否跳过验证
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.178.137".auth]
username = "admin"
password = "Harbor12345"
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://hub-mirror.c.163.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.178.137"]
endpoint = ["http://192.168.178.137"]
systemctl daemon-reload
systemctl restart containerd
# 测试拉取harbor私有镜像
crictl pull 192.168.178.137/elastic/nginx:v1
ps: 之前拉取镜像失败 添加了后面这两个参数之后拉取成功 --plain-http --user admin:Harbor12345
[root@k8s-node2 src]# ctr -n k8s.io image pull 192.168.178.137/elastic/nginx:@sha256:3c4c1f42a89e343c7b050c5e5d6f670a0e0b82e70e0e7d023f100
INFO[0000] trying next host error="failed to do request: Head \"https://192.168.178.137/v2/elastic/nginx/manifests/sha256:3c4c1f42a89e343c7b050c5e5d6f670a0e0b82e70e0e7d023f10092a04bbb5a7\": dial tcp 192.168.178.137:443: connect: connection refused" host=192.168.178.137
INFO[0000] trying next host error="failed to do request: Head \"https://192.168.178.137/v2/elastic/nginx/blobs/sha256:3c4c1f42a89e343c7b050c5e5d6f670a0e0b82e70e0e7d023f10092a04bbb5a7\": dial tcp 192.168.178.137:443: connect: connection refused" host=192.168.178.137
ctr: failed to resolve reference "192.168.178.137/elastic/nginx@sha256:3c4c1f42a89e343c7b050c5e5d6f670a0e0b82e70e0e7d023f10092a04bbb5a7": failed to do request: Head "https://192.168.178.137/v2/elastic/nginx/manifests/sha256:3c4c1f42a89e343c7b050c5e5d6f670a0e0b82e70e0e7d023f10092a04bbb5a7": dial tcp 192.168.178.137:443: connect: connection refusedctr images pull 192.168.178.137/elastic/nginx@sha256:3c4c1f42a89e343c7b050c5e5d6f670a0e0b82e70e0e7d023f10092a04bbb5a7 --plain-http --user admin:Harbor12345
腾讯云面向开发者汇聚海量精品云计算使用和开发经验,营造开放的云计算技术生态圈。
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)