Docker使用Harbor无SSL
1、docker 安装 (略)
curl -sSL https://get.daocloud.io/docker | sh
systemctl start docker && systemctl enable docker2、安装docker-compose
curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose --version3、安装harbor
#wget https://storage.googleapis.com/harbor-releases/release-1.5.0/harbor-offline-installer-v1.5.1.tgz
wget https://github.com/goharbor/harbor/releases/download/v1.9.3/harbor-offline-installer-v1.9.3.tgz
tar xf harbor-offline-installer-v1.9.3.tgz
cd harbor
sed -i 's/reg.mydomain.com/192.168.1.136/' harbor.yml # 192.168.1.136 是我自己的IP地址
bash install.sh4、访问
docker-compose ps
访问: http://192.168.1.136
默认用户名/密码:admin/Harbor12345注意: 如果需要 helm charts 的仓库,默认是没有的
docker-compose stop
./install.sh --with-chartmuseum客户端如何使用?
docker login -u admin -p Harbor12345 192.168.1.136
'''
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://192.168.1.136/v2/: dial tcp 192.168.1.136:443: connect: connection refused
'''
# 需要加上一行
sed -i 's#/usr/bin/dockerd#& --insecure-registry=192.168.1.136#' /usr/lib/systemd/system/docker.service
systemctl daemon-reload && systemctl restart docker
# 再次登录
docker login -u admin -p Harbor12345 192.168.1.136
···
~~~
Login Succeeded
···
cat >> /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["http://192.168.1.136:5000"]
}
EOF
systemctl daemon-reload && systemctl restart docker# 测试上传镜像
docker pull hello-world
docker tag hello-world 172.168.1.249/library/hello-world:v1
docker push 192.168.1.136/library/hello-world:v1
# 查看Harbor是否有 hello-world:v1 版本
# 拉取镜像
docker rmi -f hello-world
docker pull 172.168.1.249/library/hello-world:v1
docker images
如果是 k8s containerd 方式
示例
$ cat /etc/containerd/config.toml
...略
[plugins]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "kubesphere/pause:3.9"
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
max_conf_num = 1
conf_template = ""
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
# 只添加了如下内容
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."hbd.xfgjoa.com"]
endpoint = ["http://hbd.xfgjoa.com"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."hbd.xfgjoa.com".tls]
insecure_skip_verify = true
# 修改完配置重启下
$ systemctl restart containerd
$ systemctl status containerd**手动测试拉取**
# 手动拉起默认还是走 https 方式,我们手动指定下 --plain-http
ctr -n k8s.io images pull --plain-http hbd.xfgjoa.com/jys/adminrest:test500**pod 镜像拉取策略中,使用 http 方式**
Last updated