1, 准备工作,事先准备https登录的Harbor,和k8s集群
2. 修改master节点hosts文件,添加Harbor的域名解析,不加后面会报错
192.168.169.133 harbor.solomon.com
参考链接: https://blog.csdn.net/u013201439/article/details/81271182 https://blog.csdn.net/weixin_45191791/article/details/109956983 因为节点上要以http的方式手动登录Harbor一次,所以,必须配置insecury-registry参数 vi /usr/lib/systemd/system/docker.service
#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecStart=/usr/bin/dockerd --insecure-registry=192.168.169.133
3. 修改master节点docker的仓库地址
vi /etc/docker/daemon.json
{ "exec-opts": ["native.cgroupdriver=systemd"], "registry-mirrors": ["https://harbor.solomon.com"] }
4. 重启docker服务
systemctl daemon-reload systemctl restart docker
5. 手动登录harbor
docker login -u admin -p Harbor12345 192.168.169.133
6. 查看登录密钥数据
[root@k8s-node1 ~]# cat .docker/config.json { "auths": { "192.168.169.133": { "auth": "YWRtaW46SGFyYm9yMTIzNDU=" } }
7. 对密钥数据进行加密
[root@k8s-master ~]# cat .docker/config.json |base64 ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE2OS4xMzMiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2 U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9Cn0=
8. 在master节点创建secret资源
vim admin-secret.yml apiVersion: v1 kind: Secret Metadata: name: registry-secret type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSIxOTIuMTY4LjE2OS4xMzMiOiB7CgkJCSJhdXRoIjogIllXUnRhVzQ2U0dGeVltOXlNVEl6TkRVPSIKCQl9Cgl9Cn0= # 创建命令 kubectl apply -f admin-secret.yml # 查看创建结果 kubectl apply -f admin-secret.yml