Kubernetes Harbor部署
official docs
Harbor Installation Prerequisites
harbor releases
harbor
docker engine
docker-compose
[root@master ~]# sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
process
# 1. download harbor-offline-installer-version.tgz
wget https://github.com/goharbor/harbor/releases/download/v2.2.2/harbor-offline-installer-v2.2.2.tgz
tar xzvf harbor-offline-installer-v2.2.2.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml
[root@master harbor]# ls
common common.sh harbor.v2.2.2.tar.gz harbor.yml harbor.yml.tmpl input install.sh LICENSE prepare
# 2. configure https access to harbor(optional)
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Shanghai/L=Shanghai/O=susu/OU=susu/CN=susu.com" \
-key ca.key \
-out ca.crt
openssl genrsa -out susu.com.key 4096
openssl req -sha512 -new \
-subj "/C=CN/ST=Shanghai/L=Shanghai/O=susu/OU=susu/CN=susu.com" \
-key susu.com.key \
-out susu.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=susu.com
DNS.2=susu
DNS.3=master
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in susu.com.csr \
-out susu.com.crt
cp susu.com.crt /data/cert/
cp susu.com.key /data/cert/
openssl x509 -inform PEM -in susu.com.crt -out susu.com.cert
cp susu.com.cert /etc/docker/certs.d/susu.com/
cp susu.com.key /etc/docker/certs.d/susu.com/
cp ca.crt /etc/docker/certs.d/susu.com/
systemctl restart docker
# 3. configure the harbor yaml file
# 如果不需要https,注释相关项即可。
vim harbor.yml
hostname: susu.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /data/cert/susu.com.crt
private_key: /data/cert/susu.com.key
# 4. install harbor
[root@master harbor]# ./prepare
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@master harbor]# vim harbor.yml
[root@master harbor]# docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating registry ... done
Creating registryctl ... done
Creating harbor-db ... done
Creating redis ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
[root@master harbor]# docker login susu.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@master harbor]# docker tag 192.168.1.2/kubernetes-local/alpine:3.6 susu.com/kubernetes-local/alpine:3.6
[root@master harbor]# docker push susu.com/kubernetes-local/alpine
The push refers to repository [susu.com/kubernetes-local/alpine]
721384ec99e5: Pushed
3.6: digest: sha256:36c3a913e62f77a82582eb7ce30d255f805c3d1e11d58e1f805e14d33c2bc5a5 size: 528
[root@master harbor]# docker rmi susu.com/kubernetes-local/alpine:3.6
Untagged: susu.com/kubernetes-local/alpine:3.6
Untagged: susu.com/kubernetes-local/alpine@sha256:36c3a913e62f77a82582eb7ce30d255f805c3d1e11d58e1f805e14d33c2bc5a5
[root@master harbor]# docker pull susu.com/kubernetes-local/alpine:3.6
3.6: Pulling from kubernetes-local/alpine
Digest: sha256:36c3a913e62f77a82582eb7ce30d255f805c3d1e11d58e1f805e14d33c2bc5a5
Status: Downloaded newer image for susu.com/kubernetes-local/alpine:3.6
susu.com/kubernetes-local/alpine:3.6
reference
WARNING: No any other purpose,keeping reminded! So sorry to offended,if necessary, contact me and I do change what I had done to protect your privileges!