安装harbor有两种模式：

harbor-online-installer-0.5.0.tgz: for

host that can connect directly to Internet.

harbor-offline-installer-0.5.0.tgz:

for host that does not have connectivity to Internet.

本文选用offline安装。

l安装前准备工作：

1.Python should be version 2.7 orhigher. Note that you may have to install Python on Linux distributions(Gentoo, Arch) that do not come with a Python interpreter installed by default

2.Docker engine should be version1.10 or higher. For installation instructions, please refer to:https://docs.docker.com/engine/installation/

3.Docker Compose needs to beversion 1.6.0 or higher. For installation instructions, please refer to:https://docs.docker.com/compose/install/

l安装harbor步骤：

1、下载最新安装包

wgethttps://github.com/vmware/harbor/releases/download/0.5.0/harbor-offline-installer-0.5.0.tgz

解压安装包：

$ tar xvf

harbor-offline-installer-.tgz

2、配置harbor

需要仔细查看配置，配成自己需要的模式。可参考如下配置：

3、进入harbor文件目录，执行./install.sh

4、打开http://10.142.21.113网址即可登录harbor界面

l配置harbor作为k8s私有镜像仓库

1.在harbor上创建用户，项目，将用户添加到对应项目中，并赋予用户项目管理者或者开发人员权限，使其对镜像仓库有读写权限。

本次部署创建用户cm-test，密码Dcos1234，邮箱chenmiao@cmss.chinamobile.com，项目library

2.创建secret

使用命令行：

kubectl create secret docker-registryharbortest--namespace=kube-system\

--docker-server=10.142.21.113--docker-username=cm-test\

--docker-password=Dcos1234--docker-email=chenmiao@cmss.chinamobile.com

注意：

此处关键信息为标红，用户信息为对应haobor中创建的用户信息。

3.查看secret内容

kubectl get secret harbortest--namespace=kube-system -o yaml

输出：

apiVersion: v1

data:

.dockercfg: eyIxMC4xNDIuMjEuMTEzIjp7InVzZXJuYW1lIjoiY20tdGVzdCIsInBhc3N3b3JkIjoiRGNvczEyMzQiLCJlbWFpbCI6ImNoZW5taWFvQGNtc3MuY2hpbmFtb2JpbGUuY29tIiwiYXV0aCI6IlkyMHRkR1Z6ZERwRVkyOXpNVEl6TkE9PSJ9fQ==

kind: Secret

metadata:

creationTimestamp: 2017-02-07T03:30:59Z

name: harbortest

namespace: kube-system

resourceVersion: "682020"

selfLink: /api/v1/namespaces/kube-system/secrets/harbortest

uid: d82774f6-ece5-11e6-b231-005056943bc9

type: kubernetes.io/dockercfg

4.关联serviceAccount

4.1使用kubectl get

serviceaccounts defult –o yaml查看默认serviceaccount信息。

4.2kubectl get serviceaccounts defult –o yaml > service.yaml

4.3 vim service.yaml修改如下信息，主要将imagePullSecrets:字段加入配置文件，使得前面创建的secret生效，从而能从harbor上面对应权限用户的项目中pull镜像创建pod

修改为如下：

apiVersion: v1

kind: ServiceAccount

metadata:

creationTimestamp: 2017-01-18T05:02:19Z

name: default

namespace: default

selfLink: /api/v1/namespaces/default/serviceaccounts/default

uid: 49eb802c-dd3b-11e6-b735-005056943bc9

secrets:

- name: default-token-wl2bb

imagePullSecrets:

- name: harbortest

注意：要去掉resourcesVersion：那一行

4.4kubectl replace serviceaccount default -f ./sa.yaml

新的serviceaccount创建成功

l是否可用，部署一个k8s-dashboard的pod

在pod的yaml文件中增加如下字段即可完成harbor作为k8s私有镜像仓库。

spec:

imagePullSecrets:

- name:harbortest

containers:

- name: kubernetes-dashboard

image:

10.142.21.113/library/kubernetes-dashboard-amd64

详细yaml文件如下：

kind:Deployment

apiVersion:extensions/v1beta1

metadata:

labels:

app: kubernetes-dashboard

name: kubernetes-dashboard

namespace: kube-system

spec:

replicas: 1

selector:

matchLabels:

app: kubernetes-dashboard

template:

metadata:

labels:

app: kubernetes-dashboard

# Comment the following annotation ifDashboard must not be deployed on master

annotations:

scheduler.alpha.kubernetes.io/tolerations: |

[

{

"key":"dedicated",

"operator":"Equal",

"value":"master",

"effect":"NoSchedule"

}

]

spec:

imagePullSecrets:

- name:harbortest

containers:

- name: kubernetes-dashboard

image:

10.142.21.113/library/kubernetes-dashboard-amd64#gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1

imagePullPolicy: Always

ports:

- containerPort: 9090

protocol: TCP

args:

# Uncomment the following line tomanually specify Kubernetes API server Host

# If not specified, Dashboard will attemptto auto discover the API server and connect

# to it. Uncomment only if thedefault does not work.

---apiserver-host=http://10.142.21.110:8080

livenessProbe:

httpGet:

path: /

port: 9090

initialDelaySeconds: 30

timeoutSeconds: 30

---

kind:Service

apiVersion:v1

metadata:

labels:

app: kubernetes-dashboard

name: kubernetes-dashboard

namespace: kube-system

spec:

type: NodePort

ports:

- port: 80

targetPort: 9090

selector:

app: kubernetes-dashboard

l部署过程中可能遇到的问题：

私有镜像仓库信任问题：

vi /usr/lib/systemd/system/docker.service

以上是直接修改每个节点上deamon启动配置

docker -d --insecure-registry 10.142.21.113-H fd:// $OPTIONS $DOCKER_STORAGE_OPTIONS

LimitNOFILE=1048576

LimitNPROC=1048576

�j���v