[TOC]
1. 🛠️ 基础环境配置
📌 安装基础环境请参考:
[Ubuntu 22.04] 安装K8S基础环境准备脚本
2. 🐳 Docker安装
📌 docker
安装请参考:
[Ubuntu 22.04] 安装docker,并设置镜像加速
3. 🚢 部署Harbor,HTTP访问
📌 [Ubuntu 22.04] 安装Harbor#HTTP方式
🔍 浏览器中输入:http://192.168.11.20
,即可访问刚才部署的harbor
4. 📦 部署ContainerD
📌 containerd
的安装请参考:
[Ubuntu 22.04] 安装containerd
5. 🔄 修改docker配置文件,向harbor中推入镜像
🎯 目标:向第三步部署的harbor仓库中推入镜像仓库
根据目前的环境,有两种方式可以向harbor
中推入镜像。其一是通过docker
向harbor
中推入镜像仓库。其二是通过containerd
向harbor
中推入镜像
由于目前我们对于containerd
并不熟悉,因此我们先直接通过docker
向harbor
中推入镜像,由于我们自己搭建的harbor
是私有仓库,并且是HTTP
的方式,因此我们需要配置docker
的配置文件。
你可以重新找一台机器安装docker
做实验,或者直接使用harbor
那台机器也可以,这里我直接使用harbor
那台机器上的docker
工具,向harbor
推送镜像。
配置修改如下,主要是增加了insecure-registries
配置,如果你的配置文件中包含其它的配置,请不要直接执行,否则会覆盖你的配置。;另外,请一定要注意80端口,这个不能省略,否则docker
会以https
的方式访问harbor
tee /etc/docker/daemon.json << 'EOF'
{
"registry-mirrors": [
"http://hub-mirror.c.163.com",
"https://mirror.baidubce.com",
"https://docker.mirrors.ustc.edu.cn",
"https://registry.docker-cn.com",
"https://dockerproxy.com",
"https://ccr.ccs.tencentyun.com",
"https://registry.cn-hangzhou.aliyuncs.com"
],
"insecure-registries": ["192.168.11.20:80"]
}
EOF
systemctl restart docker.service
这里我随便推送harbor
的一个镜像到我自己的harbor
仓库当中,操作如下,第一步:重新打tag, 第二步:docker push
。这里需要注意的是,再推送镜像之前,一定要在登录harbor
,提前建立仓库目录,否则推送会被拒绝,另外,静态的Tag所指向的仓库端口必须要显式指定80端口,否则默认使用443端口
root@harbor-http:~/harbor#
root@harbor-http:~/harbor#
root@harbor-http:~/harbor# cat /etc/docker/daemon.json
{
"registry-mirrors": [
"http://hub-mirror.c.163.com",
"https://mirror.baidubce.com",
"https://docker.mirrors.ustc.edu.cn",
"https://registry.docker-cn.com",
"https://dockerproxy.com",
"https://ccr.ccs.tencentyun.com",
"https://registry.cn-hangzhou.aliyuncs.com"
],
"insecure-registries": ["192.168.11.20:80","192.168.11.30"]
}
root@harbor-http:~/harbor# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/redis-photon v2.8.2 6f4498a430ca 7 weeks ago 121MB
goharbor/harbor-registryctl v2.8.2 fa61a236a6d6 7 weeks ago 142MB
goharbor/registry-photon v2.8.2 f80e71363231 7 weeks ago 79.3MB
goharbor/nginx-photon v2.8.2 3d009028f260 7 weeks ago 120MB
goharbor/harbor-log v2.8.2 2914d282d9bf 7 weeks ago 127MB
goharbor/harbor-jobservice v2.8.2 40118f1568a8 7 weeks ago 141MB
goharbor/harbor-core v2.8.2 0bbbd1f379fc 7 weeks ago 165MB
goharbor/harbor-portal v2.8.2 3e74e0758aa4 7 weeks ago 127MB
goharbor/harbor-db v2.8.2 5126635ae9f0 7 weeks ago 174MB
goharbor/prepare v2.8.2 eb3cf3cdd17a 7 weeks ago 163MB
hello-world latest 9c7a54a9a43c 2 months ago 13.3kB
root@harbor-http:~/harbor#
root@harbor-http:~/harbor# docker tag goharbor/harbor-core:v2.8.2 192.168.11.20:80/goharbor/harbor-core:v2.8.2
root@harbor-http:~/harbor#
root@harbor-http:~/harbor# docker login -u admin -p harbor666 192.168.11.20:80
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
root@harbor-http:~/harbor#
root@harbor-http:~/harbor# docker push 192.168.11.20:80/goharbor/harbor-core:v2.8.2
The push refers to repository [192.168.11.20:80/goharbor/harbor-core]
c8ec2ddada08: Pushed
e1c4f1102d2f: Pushed
17583ba2a843: Pushed
0a049ad6bb06: Pushed
557ccce847e1: Pushed
9cb5dd968a55: Pushed
06d8a79a810a: Pushed
88edeb5b4944: Pushed
c00acf6f4f58: Pushed
21e7914e06fb: Pushed
v2.8.2: digest: sha256:654efa193924544a680f1cc7aaadb8d9fb4e1dcaa8c84a74c71b7fe861973838 size: 2411
root@harbor-http:~/harbor#
root@harbor-http:~/harbor# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/redis-photon v2.8.2 6f4498a430ca 7 weeks ago 121MB
goharbor/harbor-registryctl v2.8.2 fa61a236a6d6 7 weeks ago 142MB
goharbor/registry-photon v2.8.2 f80e71363231 7 weeks ago 79.3MB
goharbor/nginx-photon v2.8.2 3d009028f260 7 weeks ago 120MB
goharbor/harbor-log v2.8.2 2914d282d9bf 7 weeks ago 127MB
goharbor/harbor-jobservice v2.8.2 40118f1568a8 7 weeks ago 141MB
192.168.11.20:80/goharbor/harbor-core v2.8.2 0bbbd1f379fc 7 weeks ago 165MB
goharbor/harbor-core v2.8.2 0bbbd1f379fc 7 weeks ago 165MB
goharbor/harbor-portal v2.8.2 3e74e0758aa4 7 weeks ago 127MB
goharbor/harbor-db v2.8.2 5126635ae9f0 7 weeks ago 174MB
goharbor/prepare v2.8.2 eb3cf3cdd17a 7 weeks ago 163MB
hello-world latest 9c7a54a9a43c 2 months ago 13.3kB
root@harbor-http:~/harbor#
6. 配置containerd
mkdir -p /etc/containerd/certs.d/192.168.11.20:80
tee /etc/containerd/certs.d/192.168.11.20:80/hosts.toml << 'EOF'
server = "http://192.168.11.20:80"
[host."http://192.168.11.20:80"]
capabilities = ["pull", "resolve", "push"]
skip_verify = true
EOF
systemctl restart containerd.service
6.1. 拉取镜像验证
执行:ctr image pull --plain-http=true 192.168.11.20:80/goharbor/harbor-core:v2.8.2
root@containerd:~#
root@containerd:~# ctr image ls -q
docker.io/library/redis:alpine
root@containerd:~# cat /etc/containerd/certs.d/192.168.11.20\:80/hosts.toml
server = "http://192.168.11.20:80"
[host."http://192.168.11.20:80"]
capabilities = ["pull", "resolve", "push"]
skip_verify = true
root@containerd:~#
root@containerd:~#
root@containerd:~# ctr image pull --plain-http=true 192.168.11.20:80/goharbor/harbor-core:v2.8.2
192.168.11.20:80/goharbor/harbor-core:v2.8.2: resolved |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:654efa193924544a680f1cc7aaadb8d9fb4e1dcaa8c84a74c71b7fe861973838: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:aea1be403dd1c4dce59794761f350e4706eb70771631535689e2b06a0a241001: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:548383ab94bf8b81b55cabf36298e0b14cca610a07a1ebd5bba013fa61ffab96: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:06212d50621c9654d97e7ec78e972b5017e139b11763375ee4c28bace1fcc087: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:cf14510ec51c323f283e583a5aabfa33337680e953b07d83162a6c5b5d72defc: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:b6c3d89688aed77dcbea624088f7613ac0923ca1f0398c42f0c79503a03baed6: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:0bbbd1f379fc1f577c5db15c9deac4a218637e4af0196d97e6771f59d9815355: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:b3381433ebd4d04b664639ab510a6659fec0268dc222de8fb085da676f017cb4: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:b70a76c262e454573e9550cb64962b84a338d78d6f1db4ee9464cce0a8a47dcd: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:378fedafb8051764d80ec29260e7bf3101aabe84b72b23c5829deb2a445391a8: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f9cd03857d3ab614d97d896de3496a66dffaf4cf5b2051cda730d028d6def94e: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a3c670ddffbdf7be0c56baae8213258ee6cf339929c86b29905dd11808c80a34: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 0.5 s total: 47.1 M (94.2 MiB/s)
unpacking linux/amd64 sha256:654efa193924544a680f1cc7aaadb8d9fb4e1dcaa8c84a74c71b7fe861973838...
done: 1.256989921s
root@containerd:~#
root@containerd:~#
root@containerd:~# ctr image ls -q
192.168.11.20:80/goharbor/harbor-core:v2.8.2
docker.io/library/redis:alpine
root@containerd:~#
6.2. 推送镜像验证
执行:ctr image push --plain-http=true -u admin:harbor666 192.168.11.20:80/goharbor/harbor-core:v2.8.3
root@containerd:~#
root@containerd:~# ctr image ls -q
192.168.11.20:80/goharbor/harbor-core:v2.8.2
docker.io/library/redis:alpine
root@containerd:~#
root@containerd:~# ctr image tag 192.168.11.20:80/goharbor/harbor-core:v2.8.2 192.168.11.20:80/goharbor/harbor-core:v2.8.3
192.168.11.20:80/goharbor/harbor-core:v2.8.3
root@containerd:~# ctr image ls -q
192.168.11.20:80/goharbor/harbor-core:v2.8.2
192.168.11.20:80/goharbor/harbor-core:v2.8.3
docker.io/library/redis:alpine
root@containerd:~#
root@containerd:~# ctr image push --plain-http=true -u admin:harbor666 192.168.11.20:80/goharbor/harbor-core:v2.8.3
manifest-sha256:654efa193924544a680f1cc7aaadb8d9fb4e1dcaa8c84a74c71b7fe861973838: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:0bbbd1f379fc1f577c5db15c9deac4a218637e4af0196d97e6771f59d9815355: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 0.2 s total: 7.7 Ki (38.4 KiB/s)
root@containerd:~#
root@containerd:~#
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用
。你还可以使用@
来通知其他用户。