二进制安装habor
参考:https://github.com/opsnull/follow-me-install-kubernetes-cluster/blob/master/11.%E9%83%A8%E7%BD%B2Harbor-Registry.md
官方地址 compose https://github.com/docker/compose/releases habor https://github.com/vmware/harbor/releases
1.安装 docker-compose 和 harbor
# 下载docker-compose 1.24.0 curl -L https://github.com/docker/compose/releases/download/1.24.0/docker-compose-Linux-x86_64 -o docker-compose-Linux-x86_64 cp docker-compose-Linux-x86_64 /opt/k8s/bin/docker-compose chmod a+x /opt/k8s/bin/docker-compose #安装 docker-compose cp docker-compose-Linux-x86_64 /opt/k8s/bin/docker-compose chmod 755 /opt/k8s/bin/docker-compose #harbor-offline-installer-v1.7.5 wget --continue https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.5.tgz # 解压安装包 tar zxvf harbor-offline-installer-v1.7.5.tgz # 导入镜像 /opt/k8s/bin/docker load -i harbor/harbor.v1.7.5.tar.gz
2.创建 habor nginx 使用的 x509 证书
$ cat > harbor-csr.json <<EOF { "CN": "harbor", "hosts": [ "127.0.0.1", "10.120.5.85", "10.120.5.86" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "BeiJing", "L": "BeiJing", "O": "k8s", "OU": "xxaxcfa234m" } ] } EOF
- hosts 指定使用该证书的节点,如果后续使用域名访问,还需要添加域名
3.生成证书和私钥
cfssl gencert -ca=/etc/kubernetes/cert/ca.pem \ -ca-key=/etc/kubernetes/cert/ca-key.pem \ -config=/etc/kubernetes/cert/ca-config.json \ -profile=kubernetes harbor-csr.json | cfssljson -bare harbor
配置证书
[k8s@e120005085 cert]$ ls harbor* harbor.csr harbor-csr.json harbor-key.pem harbor.pem [k8s@e120005085 cert]$ sudo mkdir -p /etc/harbor/ssl [k8s@e120005085 cert]$ sudo cp harbor*.pem /etc/harbor/ssl
4.配置文件
[k8s@e120005085]$ cd /home/k8s/k8s/harbor/harbor
[k8s@e120005085 harbor]$ sudo diff harbor.cfg.bak harbor.cfg 8c8 < hostname = reg.mydomain.com --- > hostname = 10.0.0.1 12c12,13 < ui_url_protocol = http --- > #ui_url_protocol = http > ui_url_protocol = https 24,25c25,28 < ssl_cert = /data/cert/server.crt < ssl_cert_key = /data/cert/server.key --- > #ssl_cert = /data/cert/server.crt > #ssl_cert_key = /data/cert/server.key > ssl_cert = /etc/harbor/ssl/harbor.pem > ssl_cert_key = /etc/harbor/ssl/harbor-key.pem
5.开始安装 harbor
[root@e120005085 harbor]# sh install.sh [Step 0]: checking installation environment ... Note: docker version: 18.09.5 Note: docker-compose version: 1.24.0 [Step 1]: loading Harbor images ... Loaded image: goharbor/harbor-adminserver:v1.7.5 Loaded image: goharbor/harbor-portal:v1.7.5 Loaded image: goharbor/harbor-db:v1.7.5 Loaded image: goharbor/registry-photon:v2.6.2-v1.7.5 Loaded image: goharbor/harbor-migrator:v1.7.5 Loaded image: goharbor/harbor-core:v1.7.5 Loaded image: goharbor/harbor-log:v1.7.5 Loaded image: goharbor/redis-photon:v1.7.5 Loaded image: goharbor/nginx-photon:v1.7.5 Loaded image: goharbor/harbor-registryctl:v1.7.5 Loaded image: goharbor/chartmuseum-photon:v0.8.1-v1.7.5 Loaded image: goharbor/harbor-jobservice:v1.7.5 Loaded image: goharbor/notary-server-photon:v0.6.1-v1.7.5 Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.7.5 Loaded image: goharbor/clair-photon:v2.0.8-v1.7.5 [Step 2]: preparing environment ... Generated and saved secret to file: /data/secretkey Generated configuration file: ./common/config/nginx/nginx.conf Generated configuration file: ./common/config/adminserver/env Generated configuration file: ./common/config/core/env Generated configuration file: ./common/config/registry/config.yml Generated configuration file: ./common/config/db/env Generated configuration file: ./common/config/jobservice/env Generated configuration file: ./common/config/jobservice/config.yml Generated configuration file: ./common/config/log/logrotate.conf Generated configuration file: ./common/config/registryctl/env Generated configuration file: ./common/config/core/app.conf Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt The configuration files are ready, please use docker-compose to start the service. [Step 3]: checking existing instance of Harbor ... [Step 4]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating registry ... done Creating harbor-db ... done Creating redis ... done Creating harbor-adminserver ... done Creating registryctl ... done Creating harbor-core ... done Creating harbor-jobservice ... done Creating harbor-portal ... done Creating nginx ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://10.0.0.1. For more details, please visit https://github.com/goharbor/harbor .
6. 日志和数据目录
使用 docker logs 或者 docker-compose logs 看不到日志
# 日志目录 [e120005085]$ ls /var/log/harbor adminserver.log jobservice.log mysql.log proxy.log registry.log ui.log # 数据目录,包括数据库、镜像仓库 [e120005085]$ ls /data/ ca_download config database job_logs registry secretkey
7.其他操作
$ # 停止 harbor $ docker-compose down -v $ # 修改配置 $ vim harbor.cfg $ # 更修改的配置更新到 docker-compose.yml 文件 $ ./prepare Clearing the configuration file: ./common/config/ui/app.conf Clearing the configuration file: ./common/config/ui/env Clearing the configuration file: ./common/config/ui/private_key.pem Clearing the configuration file: ./common/config/db/env Clearing the configuration file: ./common/config/registry/root.crt Clearing the configuration file: ./common/config/registry/config.yml Clearing the configuration file: ./common/config/jobservice/app.conf Clearing the configuration file: ./common/config/jobservice/env Clearing the configuration file: ./common/config/nginx/cert/admin.pem Clearing the configuration file: ./common/config/nginx/cert/admin-key.pem Clearing the configuration file: ./common/config/nginx/nginx.conf Clearing the configuration file: ./common/config/adminserver/env loaded secret from file: /data/secretkey Generated configuration file: ./common/config/nginx/nginx.conf Generated configuration file: ./common/config/adminserver/env Generated configuration file: ./common/config/ui/env Generated configuration file: ./common/config/registry/config.yml Generated configuration file: ./common/config/db/env Generated configuration file: ./common/config/jobservice/env Generated configuration file: ./common/config/jobservice/app.conf Generated configuration file: ./common/config/ui/app.conf Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt The configuration files are ready, please use docker-compose to start the service. $ sudo chmod -R 666 common ## 防止容器进程没有权限读取生成的配置 $ # 启动 harbor $ docker-compose up -d