一、Docker Registry
1、服務端YUM安裝docker-registry
yum install docker-registry -y
rpm -qldocker-distribution
2、用戶端配置
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://wgae1ou9.mirror.aliyuncs.com"],
"insecure-registries": ["nodo1.ceiling.com:5000"]
}
3、重新開機docker,給鏡像打tag推送鏡像到私有倉庫
systemctl restart docke
docker tag myweb:v0.1-2 nodo1.ceiling.com:5000/myweb:v0.1-2
docker pull nodo1.ceiling.com:5000/myweb:v0.1-2
二、Harbor 安裝
1、服務端安裝配置
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y docker-compose
wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz
tar xf harbor-offline-installer-v1.7.1.tgz -C /usr/local/
vi /usr/local/harbor/harbor.cfg
修改
hostname = ${本機IP}
ssl_cert = /data/harbor-data/cer/server.crt
ssl_cert_key = /data/harbor-data/cer/server.key
2、建立證書
mkdir -p /data/harbor-data/cert
cd /data/harbor-data/cert
opensslgenrsa -out ca.key 2048
opensslreq -x509 -new -nodes -key ca.key -days 10000 -out ca.crt -subj "/CN=Harbor-ca"
opensslreq -newkey rsa:4096 -nodes -sha256 -keyoutserver.key -out server.csr
echosubjectAltName = IP:192.168.2.107 >extfile.cnf
openssl x509 -req -in server.csr -CA ca.crt -CAkeyca.key -CAcreateserial -days 365 -extfileextfile.cnf -out server.crt
3、執行安裝腳本,拷貝CA憑證到用戶端
cd /usr/local/harbor/;./install.sh 安裝前确認80/443/4443沒有被占用
安裝後通路http://192.168.2.107 admin/Harbor12345
scp ca.crt ca.key 192.168.2.106:/etc/pki/ca-trust/source/anchors/
4、用戶端配置
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://tnxkcso1.mirror.aliyuncs.com"],
"insecure-registries":["http://192.168.2.107"]
}
update-ca-trust extract
systemctl restart docker
![Istio 筆記三 部署 Bookinfo 應用[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)