日期: 2021 年 7 月 12 日

自架 Harbor Registry，並設定為k8s image來源，相關步驟如下

1.安裝docker-compose
sudo apt install docker-compose

2.安裝harbor

wget https://github.com/goharbor/harbor/releases/download/v2.2.3/harbor-offline-installer-v2.2.3.tgz
tar xvf harbor-offline-installer-v2.2.3.tgz

3.安裝harbor在docker上

1) 建路徑

mkdir -p /docker_data
mv harbor /docker_data

cd /docker_data/harbor
tree .

2) 設定安裝檔

cp harbor.yml.tmpl harbor.yml
vi harbor.yml

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 192.168.56.3

# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 81

# https related config
#https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path

3) 準備設定檔

./prepare –help
./prepare –with-trivy –with-chartmuseum –with-trivy

4) 開始安裝

./install.sh

4.連到harbor web

帳號為「admin」，密碼預設為「Harbor12345」
建立testproj專案

5.設定Docker image

1) 由於registry未採用SSL加密，docker服務須要push image要設定insecure-registry

vi /etc/docker/daemon.json加上insecure-registries

{
“exec-opts": [“native.cgroupdriver=systemd"],
“log-driver": “json-file",
“log-opts": {
“max-size": “100m"
},
“storage-driver": “overlay2″,
“insecure-registries" : [“192.168.56.3:81″]
}

2) 重啟docker 服務

systemctl daemon-reload
systemctl restart docker
docker-compose stop
docker-compose up -d

3) 確認image位址

docker info |grep -A1 Insecure

6.登入image registry

docker login -u admin http://192.168.56.3:81
密碼預設為「Harbor12345」

7.建立image至registry

docker pull nginx
docker tag nginx:latest 192.168.56.3:81/testproj/nginx:v1
docker push 192.168.56.3:81/testproj/nginx:v1

8.由自建registry建k8s cluster pod

1) kubectl create deployment nginx –image=192.168.56.3:81/testproj/nginx:v1

2) 確認由自建registry建k8s cluster pod

kubectl describe pod/nginx-65979d9ddb-xmmgg

9.由於Bug，導致開機無法正常啟動Harbor服務，可由service來設定

cd /etc/systemd/system

vi harbor.service

[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemdresolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /docker_data/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /docker_data/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target

systemctl daemon-reload; systemctl enable harbor.service

於kubernets (k8s) 裝 wordpress，並將資料庫及相關檔案持久化(放實體路徑)，
以下為執行的步驟

1.設定DB的環境變數

1) vi mydb_env

MYSQL_ROOT_PASSWORD=Redhat1!
TZ="Asia/Taipei"

2) 設定configmaps

kubectl create cm mydb-env –from-env-file=mydb_env

3) 查看configmaps設定結果

kubectl describe cm mydb-env

2.設定DB密碼-secret

1) 設定secret

kubectl create secret generic mydb-pwd –from-literal=MYSQL_ROOT_PASSWORD=Redhat1!

2) 查看secret

kubectl describe secret mydb-pwd

3.建mydb deployment未指定DB密碼，故啟動失敗

kubectl create deployment mydb --image=mariadb --port 3306

4.設定環境變數

1) 將deployment mydb設定檔存成檔案

kubectl get deployments mydb -o yaml > deployment_mydb.yaml

2) 設定環境變數

vi deployment_mydb.yaml

      containers:
      - image: mariadb
        imagePullPolicy: Always
        name: mariadb
        ports:
        - containerPort: 3306
          protocol: TCP
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        env:
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              key: MYSQL_ROOT_PASSWORD
              name: mydb-pwd
        - name: TZ
          valueFrom:
            configMapKeyRef:
              key: TZ
              name: mydb-env

3) 重建deployment

kubectl delete deployment mydb
kubectl apply -f deployment_mydb.yaml

註: 可直接由 kubectl edit deployments mydb 做編輯

5.將資料庫放在host server

1) 於host server建 /data/db (mkdir /data/db)

2) 設定hostPath: /data/db

   vi deployment_mydb.yaml

      containers:
      - args:
        - --character-set-server=utf8mb4
        env:
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              key: MYSQL_ROOT_PASSWORD
              name: mydb-pwd
        - name: TZ
          valueFrom:
            configMapKeyRef:
              key: TZ
              name: mydb-env
        image: mariadb
        imagePullPolicy: Always
        name: mariadb
        ports:
        - containerPort: 3306
          protocol: TCP
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
          - mountPath: /var/lib/mysql
            name: mydb-data
      volumes:
      - name: mydb-data
        hostPath:
          path: /data/db
          type: Directory

4) 重建deployment

kubectl delete deployment mydb
kubectl apply -f deployment_mydb.yaml

6.進入pod內操作並建立database wp

kubectl exec -it pod/mydb-5b9dbbbf54-6k8wl — bash
create database wp;

7.設定mydb service (不一定要做此項)

1) kubectl expose deployment mydb –port=3306
2) kubectl get svc => 預設為ClusterIP
3) kubectl edit svc mydb => 將type由ClusterIP改為NodePort

8.設定wordpress環境變數

1) vi wordpress_env

WORDPRESS_DB_NAME=wp
WORDPRESS_DB_USER=root
WORDPRESS_DB_HOST=mydb
WORDPRESS_DB_PASSWORD=Redhat1!
ServerName=localhost

2) 設定configmaps

kubectl create cm wordpress-env –from-env-file=wordpress_env

kubectl get cm wordpress-env
kubectl describe configmaps wordpress-env

9.建立wordpress application

1) 建myweb deployment

kubectl create deployment myweb --image=wordpress

2) 設定環境變數

      containers:
      - image: wordpress
        imagePullPolicy: Always
        name: wordpress
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        env:
        - name: WORDPRESS_DB_NAME
          valueFrom:
            configMapKeyRef:
              key: WORDPRESS_DB_NAME
              name: wordpress-env
        - name: WORDPRESS_DB_USER
          valueFrom:
            configMapKeyRef:
              key: WORDPRESS_DB_USER
              name: wordpress-env
        - name: WORDPRESS_DB_PASSWORD
          valueFrom:
            configMapKeyRef:
              key: WORDPRESS_DB_PASSWORD
              name: wordpress-env
        - name: ServerName
          valueFrom:
            configMapKeyRef:
              key: ServerName
              name: wordpress-env
        - name: WORDPRESS_DB_HOST
          valueFrom:
            configMapKeyRef:
              key: WORDPRESS_DB_HOST
              name: wordpress-env

10.將檔案建在host server

1) 於host server建 /data/wordpress (mkdir /data/wordpress)

2) 設定hostPath: /data/wordpress
kubectl edit deployment myweb

      containers:
      - env:
        - name: WORDPRESS_DB_NAME
          valueFrom:
            configMapKeyRef:
              key: WORDPRESS_DB_NAME
              name: wordpress-env
        - name: WORDPRESS_DB_USER
          valueFrom:
            configMapKeyRef:
              key: WORDPRESS_DB_USER
              name: wordpress-env
        - name: WORDPRESS_DB_PASSWORD
          valueFrom:
            configMapKeyRef:
              key: WORDPRESS_DB_PASSWORD
              name: wordpress-env
        - name: ServerName
          valueFrom:
            configMapKeyRef:
              key: ServerName
              name: wordpress-env
        - name: WORDPRESS_DB_HOST
          valueFrom:
            configMapKeyRef:
              key: WORDPRESS_DB_HOST
              name: wordpress-env
        image: wordpress
        imagePullPolicy: Always
        name: wordpress
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /var/www/html
          name: myweb-data
      volumes:
      - name: myweb-data
        hostPath:
          path: /data/wordpress
          type: Directory

11.建wordpress service

kubectl expose deployment myweb –port=80
kubectl get svc => 預設為ClusterIP
kubectl edit svc myweb => 將type由ClusterIP改為NodePort

12.查看wordpress網站