离线部署docker
docker安装包下载地址
下载地址,我这里以下载docker-18.06.3-ce.tgz的版本为例
解压
把下载的压缩包解压到指定的目录下,解压出来的文件全部都是二进制文件。执行如下命令进行解压操作:
tar -zxvf docker-18.06.3-ce.tgz -C /usr/bin
将docker注册为service
进入/etc/systemd/system/目录,并创建docker.service文件,并把下面的的内容复制到docker.service文件中。
[Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd --selinux-enabled=false ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. # Only systemd 226 and above support this version. #TasksMax=infinity TimeoutStartSec=0 # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process # restart the docker process if it exits prematurely Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target
给docker.service文件添加执行权限,执行如下命令:
chmod +x /etc/systemd/system/docker.service
启动服务
每次修改docker.service这个文件时都要重新加载下,执行下面命令执行:
systemctl daemon-reload
执行如下命令启动docker:
systemctl start docker
配置开启自启动,执行如下命令:
systemctl enable docker
验证docker是否启动成功
执行如下命令查看docker状态,显示active(running)表示启动成功。
systemctl status docker
执行如下命令,查看版本信息
[root@harbor ~]# docker -v Docker version 18.06.3-ce, build d7080c1
安装docker-compose
docker-compose下载地址,下载之后把它移到相应的目录下,并赋予执行的权限:
mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose
测试安装结果
查看docker-compose的对应版本
[root@harbor ~]# docker-compose -v Docker Compose version v2.9.0
部署Harbor
下载离线安装包
解压安装包
把下载好的离线包解压到指定的目录下:
tar -zxvf harbor-offline-installer-v2.3.1_2.tgz -C /usr/local/
生成证书文件
修改配置文件
拷贝模板文件为 harbor.yml
cp harbor.yml.tmpl harbor.yml
编辑 harbor.yml 配置文件,hostname 是 harbor 对外暴露的访问地址,HTTP 服务对外暴露 8888端口。这里暂时先不配置 HTTPS,将 HTTPS 相关内容注释。
部署 Harbor
修改完配置文件后,只需要执行 install.sh 脚本即可安装 Harbor
./install.sh
查看 Harbor 组件运行状况:
登录页面
浏览器输入 http://10.91.74.240:8888 访问 Harbor 页面,用户名和密码为 harbor.yml 配置文件中默认设置的 admin,Harbor12345
推送镜像
从公网拉取一个pause:3.7 版本的镜像 ,打包导出并上传到内网机上
docker save -o pause:3.7.tar registry.aliyuncs.com/google_containers/pause:3.7
编辑 /etc/docker/daemon.json,设置允许访问的 HTTP 仓库地址。
{ "insecure-registries":["10.91.74.240:8888"] }
修改镜像 tag:
docker tag pause:3.7 10.91.74.240:8888/k8s/pause:3.7
登录 Harbor:
[root@harbor ~]# docker login 10.91.74.240:8888 Username: admin Password: Login Succeeded
推送镜像到 Harbor:
[root@harbor ~]# docker push 10.91.74.240:8888/k8s/pause:3.7 The push refers to repository [10.91.74.240:8888/k8s/pause] 1cb555415fd3: Pushed 3.7: digest: sha256:445a99db22e9add9bfb15ddb1980861a329e5dff5c88d7eec9cbf08b6b2f4eb1 size: 526
查看推送的镜像:
