centos上部署k8s

环境准备

四台Linux服务器

|---------------|--------------|--------|
| 主机名 | IP | 角色 |
| k8s-master-94 | 192.168.0.94 | master |
| k8s-node1-95 | 192.168.0.95 | node1 |
| k8s-node2-96 | 192.168.0.96 | node2 |
| habor | 192.168.0.77 | 镜像仓库 |

三台机器均执行以下命令：

• 查看centos版本

  [root@localhost Work]# cat /etc/redhat-release
  CentOS Linux release 8.5.2111

• 关闭防火墙和selinux

  [root@localhost ~]# systemctl stop firewalld
  [root@localhost ~]# systemctl disable firewalld
  Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
  Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
  [root@localhost ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config
  [root@localhost ~]# setenforce 0

• 关闭swap分区（k8s禁止虚拟内存以提高性能）

  临时关闭；关闭swap主要是为了性能考虑

  [root@localhost ~]#swapoff -a

  可以通过这个命令查看swap是否关闭了

  [root@localhost ~]#free

  永久关闭

  [root@localhost ~]#sed -ri 's/.swap./#&/' /etc/fstab

• 修改主机名

  在192.168.0.94执行

  [root@localhost ~]#hostnamectl set-hostname k8s-master-94

  在192.168.0.95执行

  [root@localhost ~]#hostnamectl set-hostname k8s-node1-95

  在192.168.0.96执行

  [root@localhost ~]#hostnamectl set-hostname k8s-node2-96
  [root@localhost ~]#hostname $hostname # 立刻生效

• 修改hosts表

  [root@localhost ~]# cat >> /etc/hosts<<EOF

  192.168.0.94 k8s-master-94
  192.168.0.95 k8s-node1-95
  192.168.0.96 k8s-node2-96
  EOF

• 时间同步

  [root@localhost ~]#yum install chrony -y
  [root@localhost ~]#systemctl start chronyd
  [root@localhost ~]#systemctl enable chronyd
  [root@localhost ~]#chronyc sources

• 允许 iptables 检查桥接流量，将桥接的IPv4流量传递到iptables的链：以下net.ipv4.ip_forward如存在=0，修改为1即可

  [root@localhost ~]# cat > /etc/sysctl.d/k8s.conf << EOF

  net.ipv4.ip_forward = 1
  net.ipv4.tcp_tw_recycle = 0
  net.bridge.bridge-nf-call-ip6tables = 1
  net.bridge.bridge-nf-call-iptables = 1
  EOF
  [root@localhost ~]#
  sysctl --system

• 安装docker，如果有问题，参考这里解决：

Centos 8安装Docker及报错解决办法_duansamve的博客-CSDN博客_centos8 docker 安装失败

##卸载旧版本
yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine


##更换镜像
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo

###进入yum目录
cd /etc/yum.repos.d

## 删除目录下所有文件(注意完整复制，不要漏了那个点)
rm -rf ./*

##安装正确的镜像源
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo

##生成缓存
yum makecache

##安装需要的软件包， yum-util 提供yum-config-manager功能，另外两个是devicemapper驱动依赖的
yum install -y yum-utils device-mapper-persistent-data lvm2

##设置yum源
um-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

##安装docker
yum install -y docker-ce

##启动并加入开机启动
systemctl start docker
systemctl enable docker

##验证安装是否成功
docker version
docker info

##配置镜像加速
mkdir -p /etc/docker
 tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://ccdkz6eh.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker

安装kubeadm，kubelet和kubectl

三台机器执行

• 添加k8s阿里云YUM软件源

  [root@k8s-node1-80 ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo

  [kubernetes]
  name=Kubernetes
  baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
  enabled=1
  gpgcheck=1
  repo_gpgcheck=1
  gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
  EOF

  #清除缓存

  [root@k8s-node1-80 ~]# yum clean all
  #把服务器的包信息下载到本地电脑缓存起来，makecache建立一个缓存

  [root@k8s-node1-80 ~]# yum makecache
  #列出kubectl可用的版本

  [root@k8s-node1-80 ~]# yum list kubectl --showduplicates | sort -r

• 安装kubeadm，kubelet和kubectl

  [root@k8s-node1-80 ~]#yum install -y kubelet-1.21.0 kubeadm-1.21.0 kubectl-1.21.0
  [root@k8s-node1-80 ~]#systemctl start kubelet
  [root@k8s-node1-80 ~]#systemctl enable kubelet

  #查看有没有安装
  [root@k8s-node2-92 ~]# yum list installed | grep kubelet
  kubelet.x86_64 1.21.0-0 @kubernetes
  [root@k8s-node2-92 ~]# yum list installed | grep kubeadm
  kubeadm.x86_64 1.21.0-0 @kubernetes
  [root@k8s-node2-92 ~]# yum list installed | grep kubectl
  kubectl.x86_64 1.21.0-0 @kubernetes

• 查看安装的版本

  [root@k8s-node2-92 ~]# kubelet --version
  Kubernetes v1.21.0
  ##########3
  Kubelet：运行在cluster所有节点上，负责启动POD和容器；
  Kubeadm：用于初始化cluster的一个工具；
  Kubectl：kubectl是kubenetes命令行工具，通过kubectl可以部署和管理应用，查看各种资源，创建，删除和更新组件；

• 重启centos

  reboot

初始化K8S集群

部署master节点，在192.168.0.94执行

kubeadm init --apiserver-advertise-address=192.168.0.94 \
--apiserver-cert-extra-sans=127.0.0.1 \
--image-repository=registry.aliyuncs.com/google_containers \
--ignore-preflight-errors=all \
--kubernetes-version=v1.21.0 \
--service-cidr=10.10.0.0/16 \
--pod-network-cidr=10.244.0.0/16

参数说明

--apiserver-advertise-address=192.168.0.94 ：这个参数就是master主机的IP地址，例如我的Master主机的IP是：192.168.0.94 

--image-repository=registry.aliyuncs.com/google_containers：这个是镜像地址，由于国外地址无法访问，故使用的阿里云仓库地址：registry.aliyuncs.com/google_containers

--kubernetes-version=v1.17.4：这个参数是下载的k8s软件版本号

--service-cidr=10.10.0.0/16：这个参数后的IP地址直接就套用10.10.0.0/16 ,以后安装时也套用即可，不要更改

--pod-network-cidr=10.244.0.0/16：k8s内部的pod节点之间网络可以使用的IP段，不能和service-cidr写一样，如果不知道怎么配，就先用这个10.244.0.0/16

网段问题，两个网段不要重，后面是/16，不要与当前机器网段一样。

如果报错：

WARNING IsDockerSystemdCheck\]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". 出现\[WARNING IsDockerSystemdCheck\]，是由于docker的Cgroup Driver和kubelet的Cgroup Driver不一致导致的，此处选择修改docker的和kubelet一致 [root@k8s-master-94 ~]# docker info | grep Cgroup Cgroup Driver: cgroupfs Cgroup Version: 1 [root@k8s-master-94 ~]# vim /usr/lib/systemd/system/docker.service，加入--exec-opt native.cgroupdriver=systemd [root@k8s-master-94 ~]# systemctl daemon-reload [root@k8s-master-94 ~]# systemctl restart docker # 重新初始化 [root@k8s-master-94 ~]# kubeadm reset # 先重置 [root@k8s-master-94 ~]# docker info | grep Cgroup Cgroup Driver: systemd Cgroup Version: 1 #重复上次【初始化master节点】的命令 初始化成功  其中有生成一串命令用于node节点的加入，记录下来，接着执行以下命令 [root@k8s-master-94 ~]# mkdir -p $HOME/.kube [root@k8s-master-94 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@k8s-master-94 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config 看Master结点的安装状态： [root@k8s-master-94 ~]# kubectl get node NAME STATUS ROLES AGE VERSION k8s-master-94 Ready control-plane,master 20m v1.21.0 Master设备上安装K8S路由插件Calico kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.4/manifests/tigera-operator.yaml 然后在临时文件夹（或者随便你建一个文件夹）执行 wget https://raw.githubusercontent.com/projectcalico/calico/v3.26.4/manifests/custom-resources.yaml vim custom-resources.yaml 修改其中的cidr为你在初始化master节点时用--pod-network-cidr配置的那个--pod-network-cidr=10.244.0.0/16  保存修改，然后执行： kubectl create -f custom-resources.yaml 稍等片刻等待上面的pod状态变为下图，即证明网络插件Calico已经安装完毕了 kubectl get pod --all-namespaces 非running解决方法：[pod calico CoreDNS 拉取不到镜像的问题的解决办法-CSDN博客](https://blog.csdn.net/weixin_37665711/article/details/119384347 "pod calico CoreDNS 拉取不到镜像的问题的解决办法-CSDN博客") 此时Master节点就绪： [root@k8s-master-94 ~]# kubectl get node NAME STATUS ROLES AGE VERSION k8s-master-94 Ready control-plane,master 165m v1.21.0 ### 部署node节点，在192.168.0.95和192.168.0.96执行 kubeadm join 192.168.0.94:6443 --token faj2nf.5o3gwjtbst90k19y \ --discovery-token-ca-cert-hash sha256:62d91aaef65e987702ddca804330d1fe721707fdf794d2494730636e616bda09 命令执行失败，解决方法：[https://www.cnblogs.com/cloud-yongqing/p/16032596.html](https://www.cnblogs.com/cloud-yongqing/p/16032596.html "https://www.cnblogs.com/cloud-yongqing/p/16032596.html") 如果忘记，获取命令 kubeadm token create --print-join-command 执行成功  ### 查看部署结果 node节点 [root@k8s-node1-95 ~]# kubectl get node The connection to the server localhost:8080 was refused - did you specify the right host or port? master节点 [root@k8s-master-94 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master-94 Ready control-plane,master 14m v1.21.0 k8s-node1-95 Ready 4m v1.21.0 k8s-node2-96 Ready 5m10s v1.21.0 ## 部署dashboard（master） 创建recommended.yaml cat > recommended.yaml << EOF # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Namespace metadata: name: kubernetes-dashboard --- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 30001 #DASHBOARD端口 selector: k8s-app: kubernetes-dashboard --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kubernetes-dashboard type: Opaque --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-csrf namespace: kubernetes-dashboard type: Opaque data: csrf: "" --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-key-holder namespace: kubernetes-dashboard type: Opaque --- kind: ConfigMap apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-settings namespace: kubernetes-dashboard --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard rules: # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster", "dashboard-metrics-scraper"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] verbs: ["get"] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard rules: # Allow Metrics Scraper to get metrics from the Metrics server - apiGroups: ["metrics.k8s.io"] resources: ["pods", "nodes"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: securityContext: seccompProfile: type: RuntimeDefault containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.7.0 imagePullPolicy: Always ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates - --namespace=kubernetes-dashboard # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard nodeSelector: "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- kind: Service apiVersion: v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: ports: - port: 8000 targetPort: 8000 selector: k8s-app: dashboard-metrics-scraper --- kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: dashboard-metrics-scraper template: metadata: labels: k8s-app: dashboard-metrics-scraper spec: securityContext: seccompProfile: type: RuntimeDefault containers: - name: dashboard-metrics-scraper image: kubernetesui/metrics-scraper:v1.0.8 ports: - containerPort: 8000 protocol: TCP livenessProbe: httpGet: scheme: HTTP path: / port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: - mountPath: /tmp name: tmp-volume securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 serviceAccountName: kubernetes-dashboard nodeSelector: "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule volumes: - name: tmp-volume emptyDir: {} EOF [root@k8s-master-94 ~]# kubectl apply -f recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created [root@k8s-master-94 ~]# kubectl get pods -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-7c857855d9-xk4d4 1/1 Running 0 2m10s kubernetes-dashboard-658b66597c-r59xp 1/1 Running 0 2m10s 创建token登录（需要注意的是Token默认有效期是24小时，过期需要重新生成token） 创建service account并绑定默认cluster-admin管理员群集角色 #创建用户 kubectl create serviceaccount dashboard-admin -n kube-system #用户授权 kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin #获取用户Token kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}') 使用ip登录dashboard https://masterip:30001/#/login https://node1ip:30001/#/login https://node2ip:30001/#/login [配置token永不过期](https://blog.csdn.net/Dream_Weave/article/details/135059439 "配置token永不过期")输入获取的TOKEN,[配置token永不过期](https://blog.csdn.net/Dream_Weave/article/details/135059439 "配置token永不过期")    ## 部署metrics-server（master） 创建components.yaml cat > components.yaml << EOF apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" name: system:aggregated-metrics-reader rules: - apiGroups: - metrics.k8s.io resources: - pods - nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server name: system:metrics-server rules: - apiGroups: - "" resources: - nodes/metrics verbs: - get - apiGroups: - "" resources: - pods - nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server-auth-reader namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: system:metrics-server roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:metrics-server subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: v1 kind: Service metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: ports: - name: https port: 443 protocol: TCP targetPort: https selector: k8s-app: metrics-server --- apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: selector: matchLabels: k8s-app: metrics-server strategy: rollingUpdate: maxUnavailable: 0 template: metadata: labels: k8s-app: metrics-server spec: containers: - args: - --cert-dir=/tmp - --secure-port=4443 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s - --kubelet-insecure-tls #新添加的内容 - --kubelet-preferred-address-types=InternalDNS,InternalIP,ExternalDNS,ExternalIP,Hostname #新添加的内容 image: registry.aliyuncs.com/google_containers/metrics-server:v0.6.0 #替换为阿里云的镜像 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 name: metrics-server ports: - containerPort: 4443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 10 resources: requests: cpu: 100m memory: 200Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 volumeMounts: - mountPath: /tmp name: tmp-dir nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical serviceAccountName: metrics-server volumes: - emptyDir: {} name: tmp-dir --- apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: labels: k8s-app: metrics-server name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io groupPriorityMinimum: 100 insecureSkipTLSVerify: true service: name: metrics-server namespace: kube-system version: v1beta1 versionPriority: 100 EOF [root@k8s-master-94 ~]# kubectl apply -f components.yaml [root@k8s-master-94 ~]# kubectl get pods -n kube-system|grep metrics metrics-server-5f85c44dcd-fcshj 1/1 Running 0 43s ## 部署harbor仓库 * 环境要求：服务器必须安装docker和docker-compose * 安装docker-compose [root@localhost ~]# curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 4 11.6M 4 572k 0 0 15439 0 0:13:13 0:00:37 0:12:36 7942 100 11.6M 100 11.6M 0 0 27290 0 0:07:29 0:07:29 --:--:-- 154k [root@localhost ~]# chmod +x /usr/local/bin/docker-compose [root@localhost ~]# docker-compose version docker-compose version 1.26.0, build d4451659 docker-py version: 4.2.1 CPython version: 3.7.7 OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019 * 下载harbor安装包 [root@localhost ~]wget https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.3.tgz * 解压安装包并移动位置 tar -zxvf harbor-offline-installer-v1.5.3.tgz #解压离线安装包 mv harbor /opt/ #移到/opt目录下 cd /opt #进入到/opt目录 ls #查看目录内容 cd harbor * 进入harbor 目录，修改harbor.cfg配置文件 vim harbor.cfg hostname = 192.168.0.77 #修改harbor的启动ip，这里需要依据系统ip设置 harbor_admin_password = Natux2019. #修改harbor的admin用户的密码 * 配置Harbor,若执行失败，安装python2.7 ./prepare * 安装Harbor /install.sh * 如果出现问题  将docker-compose.yml ，第一行version修改为2.1，在执行./install.sh  * 访问Harbor页面，默认端口为80,http://自己的ip