基于https(SAN签发证书)离线部署harbor私有仓库
一、环境准备
root@easzlab-k8s-harbor-01:~# cat /etc/issue Ubuntu 20.04.4 LTS \n \l root@easzlab-k8s-harbor-01:~# uname -a Linux easzlab-k8s-harbor-01 5.4.0-128-generic #144-Ubuntu SMP Tue Sep 20 11:00:04 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux root@easzlab-k8s-harbor-01:~# root@easzlab-k8s-harbor-01:~# root@easzlab-k8s-harbor-01:~# docker version Client: Version: 20.10.17 API version: 1.41 Go version: go1.17.11 Git commit: 100c701 Built: Mon Jun 6 22:56:42 2022 OS/Arch: linux/amd64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 20.10.17 API version: 1.41 (minimum version 1.12) Go version: go1.17.11 Git commit: a89b842 Built: Mon Jun 6 23:01:45 2022 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.6.6 GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1 runc: Version: 1.1.2 GitCommit: v1.1.2-0-ga916309f docker-init: Version: 0.19.0 GitCommit: de40ad0 root@easzlab-k8s-harbor-01:~# docker-compose version docker-compose version 1.28.6, build 5db8d86f docker-py version: 4.4.4 CPython version: 3.7.10 OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019 root@easzlab-k8s-harbor-01:~# root@easzlab-k8s-harbor-01:~# ll -h total 703M -rw-r--r-- 1 root root 74M Jul 26 19:06 docker-20.10.17-binary-install.tar.gz -rw-r--r-- 1 root root 630M Jul 8 16:02 harbor-offline-installer-v2.5.3.tgz root@easzlab-k8s-harbor-01:~#
二、安装docker、docker-compose
root@easzlab-k8s-harbor-01:~# mkdir /docker root@easzlab-k8s-harbor-01:~# tar -xf docker-20.10.17-binary-install.tar.gz root@easzlab-k8s-harbor-01:~# ll -h docker/ total 225M drwxr-xr-x 3 root root 4.0K Jul 26 19:21 ./ drwxr-xr-x 7 root root 4.0K Oct 15 10:57 ../ -rwxr-xr-x 1 root root 38M Jul 26 19:21 containerd* -rw-r--r-- 1 root root 647 Apr 11 2021 containerd.service -rwxr-xr-x 1 root root 7.3M Jul 26 19:21 containerd-shim* -rwxr-xr-x 1 root root 9.5M Jul 26 19:21 containerd-shim-runc-v2* -rwxr-xr-x 1 root root 23M Jul 26 19:21 ctr* -rw-r--r-- 1 root root 356 Jul 18 19:09 daemon.json drwxrwxr-x 2 1000 docker 4.0K Jun 7 07:03 docker/ -rw-r--r-- 1 root root 62M Jun 7 16:42 docker-20.10.17.tgz -rwxr-xr-x 1 root root 12M Dec 7 2021 docker-compose-Linux-x86_64_1.28.6* -rwxr-xr-x 1 root root 58M Jul 26 19:21 dockerd* -rwxr-xr-x 1 root root 689K Jul 26 19:21 docker-init* -rwxr-xr-x 1 root root 2.9K Jul 21 15:29 docker-install.sh* -rwxr-xr-x 1 root root 2.5M Jul 26 19:21 docker-proxy* -rw-r--r-- 1 root root 1.7K Apr 11 2021 docker.service -rw-r--r-- 1 root root 197 Apr 11 2021 docker.socket -rw-r--r-- 1 root root 454 Apr 11 2021 limits.conf -rwxr-xr-x 1 root root 14M Jul 26 19:21 runc* -rw-r--r-- 1 root root 257 Apr 11 2021 sysctl.conf root@easzlab-k8s-harbor-01:~# root@easzlab-k8s-harbor-01:~# cd docker/ root@easzlab-k8s-harbor-01:~/docker# cat docker-install.sh #!/bin/bash DIR=`pwd` PACKAGE_NAME="docker-20.10.17.tgz" DOCKER_FILE=${DIR}/${PACKAGE_NAME} centos_install_docker(){ grep "Kernel" /etc/issue &> /dev/null if [ $? -eq 0 ];then /bin/echo "当前系统是`cat /etc/redhat-release`,即将开始系统初始化、配置docker-compose与安装docker" && sleep 1 systemctl stop firewalld && systemctl disable firewalld && echo "防火墙已关闭" && sleep 1 systemctl stop NetworkManager && systemctl disable NetworkManager && echo "NetworkManager" && sleep 1 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux && setenforce 0 && echo "selinux 已关闭" && sleep 1 \cp ${DIR}/limits.conf /etc/security/limits.conf \cp ${DIR}/sysctl.conf /etc/sysctl.conf /bin/tar xvf ${DOCKER_FILE} \cp docker/* /usr/bin mkdir /etc/docker && \cp daemon.json /etc/docker \cp containerd.service /lib/systemd/system/containerd.service \cp docker.service /lib/systemd/system/docker.service \cp docker.socket /lib/systemd/system/docker.socket \cp ${DIR}/docker-compose-Linux-x86_64_1.28.6 /usr/bin/docker-compose groupadd docker && useradd docker -s /sbin/nologin -g docker id -u magedu &> /dev/null if [ $? -ne 0 ];then useradd magedu usermod magedu -G docker else usermod magedu -G docker fi systemctl enable containerd.service && systemctl restart containerd.service systemctl enable docker.service && systemctl restart docker.service systemctl enable docker.socket && systemctl restart docker.socket fi } ubuntu_install_docker(){ grep "Ubuntu" /etc/issue &> /dev/null if [ $? -eq 0 ];then /bin/echo "当前系统是`cat /etc/issue`,即将开始系统初始化、配置docker-compose与安装docker" && sleep 1 \cp ${DIR}/limits.conf /etc/security/limits.conf \cp ${DIR}/sysctl.conf /etc/sysctl.conf /bin/tar xvf ${DOCKER_FILE} \cp docker/* /usr/bin mkdir /etc/docker && \cp daemon.json /etc/docker \cp containerd.service /lib/systemd/system/containerd.service \cp docker.service /lib/systemd/system/docker.service \cp docker.socket /lib/systemd/system/docker.socket \cp ${DIR}/docker-compose-Linux-x86_64_1.28.6 /usr/bin/docker-compose #ulimit -n 1000000 #/bin/su -c - jack "ulimit -n 1000000" /bin/echo "docker 安装完成!" && sleep 1 groupadd docker && useradd docker -r -m -s /sbin/nologin -g docker id -u magedu &> /dev/null if [ $? -ne 0 ];then groupadd -r magedu useradd -r -m -g magedu magedu usermod magedu -G docker else usermod magedu -G docker fi systemctl enable containerd.service && systemctl restart containerd.service systemctl enable docker.service && systemctl restart docker.service systemctl enable docker.socket && systemctl restart docker.socket fi } main(){ centos_install_docker ubuntu_install_docker } main root@easzlab-k8s-harbor-01:~/docker# root@easzlab-k8s-harbor-01:~/docker# vi daemon.json #删除"insecure-registries"选项 root@easzlab-k8s-harbor-01:~/docker# cat daemon.json { "graph": "/var/lib/docker", "storage-driver": "overlay2", "registry-mirrors": ["https://9916w1ow.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"], "live-restore": false, "log-opts": { "max-file": "5", "max-size": "100m" } } root@easzlab-k8s-harbor-01:~/docker# root@easzlab-k8s-harbor-01:~/docker# bash docker-install.sh #安装docker、docker-compose服务
三、签发CA证书
#生成CA证书私钥
openssl genrsa -out ca.key 4096
#生成CA证书
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=magedu.com" -key ca.key -out ca.crt
#生成服务端证书私钥 openssl genrsa -out magedu.net.key 4096
#生成证书签名请求(CSR) openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=magedu.net" -key magedu.net.key -out magedu.net.csr #生成一个x509 v3扩展文件
cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=magedu.com DNS.2=harbor.magedu.net DNS.3=harbor.magedu.local EOF
#使用该v3.ext文件为Harbor主机生成证书 openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in magedu.net.csr -out magedu.net.crt #执行完后自动生成ca.srl、magedu.net.csr两个文件
修改harbor.yml文件key路径
root@easzlab-k8s-harbor-01:/apps/harbor# egrep -v "^$|^#" harbor.yml |head -10
hostname: harbor.magedu.net
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /apps/harbor/certs/magedu.net.crt
private_key: /apps/harbor/certs/magedu.net.key
root@easzlab-k8s-harbor-01:/apps/harbor#
证书转换(可选)
将转换magedu.net.crt为magedu.net.cert,供Docker、windows客户端使用
Docker守护程序将.crt文件解释为CA证书,并将.cert文件解释为客户端证书
openssl x509 -inform PEM -in magedu.net.crt -out magedu.net.cert
四、安装harbor服务
运行prepare脚本以启用HTTPS
./prepare
[root@docker-compose-harbor harbor]# ./prepare prepare base dir is set to /opt/harbor/harbor Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [root@docker-compose-harbor harbor]#
运行install.sh脚本来启动harbor
./install.sh
root@easzlab-k8s-harbor-01:/apps/harbor# ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 20.10.17 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.18.0 [Step 2]: loading Harbor images ... 103076ba7411: Loading layer [==================================================>] 121.2MB/121.2MB fde3b64438e3: Loading layer [==================================================>] 3.072kB/3.072kB 249a34ecfbe2: Loading layer [==================================================>] 59.9kB/59.9kB 35783e12f32a: Loading layer [==================================================>] 61.95kB/61.95kB Loaded image: goharbor/redis-photon:v2.3.2 7301dee185fe: Loading layer [==================================================>] 8.746MB/8.746MB Loaded image: goharbor/nginx-photon:v2.3.2 4317ca489899: Loading layer [==================================================>] 8.746MB/8.746MB d2169f633d64: Loading layer [==================================================>] 11.64MB/11.64MB cacd32b266bf: Loading layer [==================================================>] 1.688MB/1.688MB Loaded image: goharbor/harbor-portal:v2.3.2 c3ae7e069c68: Loading layer [==================================================>] 7.359MB/7.359MB 0cfc20b693dd: Loading layer [==================================================>] 4.096kB/4.096kB 4fca387754cd: Loading layer [==================================================>] 3.072kB/3.072kB 3c4496c3ec80: Loading layer [==================================================>] 31.52MB/31.52MB 1fc058950d0e: Loading layer [==================================================>] 11.39MB/11.39MB 4ed942b905a4: Loading layer [==================================================>] 43.7MB/43.7MB Loaded image: goharbor/trivy-adapter-photon:v2.3.2 a302c582e666: Loading layer [==================================================>] 6.82MB/6.82MB 4dfdb1a3466a: Loading layer [==================================================>] 67.47MB/67.47MB 678180162221: Loading layer [==================================================>] 3.072kB/3.072kB 7241b7d6bd32: Loading layer [==================================================>] 4.096kB/4.096kB ee4b32ba01a0: Loading layer [==================================================>] 68.26MB/68.26MB Loaded image: goharbor/chartmuseum-photon:v2.3.2 671f3386d963: Loading layer [==================================================>] 6.816MB/6.816MB a832248f5584: Loading layer [==================================================>] 6.219MB/6.219MB 7a2ef1cebf21: Loading layer [==================================================>] 14.47MB/14.47MB 51aa675bbc9d: Loading layer [==================================================>] 29.29MB/29.29MB 7e6d06a2bb53: Loading layer [==================================================>] 22.02kB/22.02kB 799b207a8043: Loading layer [==================================================>] 14.47MB/14.47MB Loaded image: goharbor/notary-signer-photon:v2.3.2 c2660666d3b6: Loading layer [==================================================>] 9.914MB/9.914MB f64ad03ac62f: Loading layer [==================================================>] 3.584kB/3.584kB e0552b870e12: Loading layer [==================================================>] 2.56kB/2.56kB 3c2ef908bb96: Loading layer [==================================================>] 73.35MB/73.35MB f22a7c57e296: Loading layer [==================================================>] 5.632kB/5.632kB 6788f0f8bfd7: Loading layer [==================================================>] 93.7kB/93.7kB cb5eff88e3c0: Loading layer [==================================================>] 11.78kB/11.78kB 9cf98131b83d: Loading layer [==================================================>] 74.25MB/74.25MB 9ffcc54d3726: Loading layer [==================================================>] 2.56kB/2.56kB Loaded image: goharbor/harbor-core:v2.3.2 c01617f475a3: Loading layer [==================================================>] 125.4MB/125.4MB a107f03b1efa: Loading layer [==================================================>] 3.584kB/3.584kB e224182b3157: Loading layer [==================================================>] 3.072kB/3.072kB caa213381dfb: Loading layer [==================================================>] 2.56kB/2.56kB dd7c9a10421f: Loading layer [==================================================>] 3.072kB/3.072kB e104b65b19d1: Loading layer [==================================================>] 3.584kB/3.584kB cca35c852e5b: Loading layer [==================================================>] 19.97kB/19.97kB Loaded image: goharbor/harbor-log:v2.3.2 f85726ba84dc: Loading layer [==================================================>] 6.821MB/6.821MB a056039f5f6d: Loading layer [==================================================>] 4.096kB/4.096kB c90e384ee5a4: Loading layer [==================================================>] 19.02MB/19.02MB 166cfc19ad5d: Loading layer [==================================================>] 3.072kB/3.072kB 9b458167a646: Loading layer [==================================================>] 25.44MB/25.44MB 2a481503dae1: Loading layer [==================================================>] 45.24MB/45.24MB Loaded image: goharbor/harbor-registryctl:v2.3.2 6b9b715ecb6e: Loading layer [==================================================>] 9.914MB/9.914MB 8ac2885dd0bc: Loading layer [==================================================>] 17.72MB/17.72MB 3cd80dd3cb0c: Loading layer [==================================================>] 4.608kB/4.608kB 7c944a564b1f: Loading layer [==================================================>] 18.51MB/18.51MB Loaded image: goharbor/harbor-exporter:v2.3.2 b414ebcb4508: Loading layer [==================================================>] 6.816MB/6.816MB cd880de5aa45: Loading layer [==================================================>] 6.219MB/6.219MB 1031af43c4d0: Loading layer [==================================================>] 15.88MB/15.88MB fcd9b76b6247: Loading layer [==================================================>] 29.29MB/29.29MB a32b5e8b89c2: Loading layer [==================================================>] 22.02kB/22.02kB af9265555a5b: Loading layer [==================================================>] 15.88MB/15.88MB Loaded image: goharbor/notary-server-photon:v2.3.2 Loaded image: goharbor/prepare:v2.3.2 571889b5abe7: Loading layer [==================================================>] 1.096MB/1.096MB b8a1c2a0e296: Loading layer [==================================================>] 5.888MB/5.888MB 99e396e6432d: Loading layer [==================================================>] 173.6MB/173.6MB 58ae8b6bde55: Loading layer [==================================================>] 15.34MB/15.34MB c61cba7d6edf: Loading layer [==================================================>] 4.096kB/4.096kB 811ccbc829a3: Loading layer [==================================================>] 6.144kB/6.144kB f35f22870f37: Loading layer [==================================================>] 3.072kB/3.072kB 2b725cdc2563: Loading layer [==================================================>] 2.048kB/2.048kB f2ac0b4b02e3: Loading layer [==================================================>] 2.56kB/2.56kB db59c776f906: Loading layer [==================================================>] 2.56kB/2.56kB b0306a6e97d4: Loading layer [==================================================>] 2.56kB/2.56kB 46283a1471c9: Loading layer [==================================================>] 8.704kB/8.704kB Loaded image: goharbor/harbor-db:v2.3.2 d7d543260996: Loading layer [==================================================>] 9.914MB/9.914MB fb7ca2ddf03a: Loading layer [==================================================>] 3.584kB/3.584kB 23c842c0e703: Loading layer [==================================================>] 2.56kB/2.56kB 07d33224975b: Loading layer [==================================================>] 82.47MB/82.47MB c1ab2a452194: Loading layer [==================================================>] 83.26MB/83.26MB Loaded image: goharbor/harbor-jobservice:v2.3.2 242e29e7d4c6: Loading layer [==================================================>] 6.821MB/6.821MB 8fcdb8b505d0: Loading layer [==================================================>] 4.096kB/4.096kB f5f2693cdb62: Loading layer [==================================================>] 3.072kB/3.072kB 09c19ab2448d: Loading layer [==================================================>] 19.02MB/19.02MB 3a12ffe8175d: Loading layer [==================================================>] 19.81MB/19.81MB Loaded image: goharbor/registry-photon:v2.3.2 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /opt/harbor/harbor Clearing the configuration file: /config/portal/nginx.conf Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/registry/passwd Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/db/env Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Creating harbor-log ... done Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir Creating redis ... done Creating harbor-core ... done Creating network "harbor_harbor" with the default driver Creating nginx ... done Creating harbor-portal ... Creating registry ... Creating registryctl ... Creating harbor-db ... Creating redis ... Creating harbor-core ... Creating nginx ... Creating harbor-jobservice ... ✔ ----Harbor has been installed and started successfully.---- root@easzlab-k8s-harbor-01:/apps/harbor#
root@easzlab-k8s-harbor-01:/apps/harbor# docker images REPOSITORY TAG IMAGE ID CREATED SIZE goharbor/harbor-exporter v2.5.3 d9a8cfa37cf8 3 months ago 87.2MB goharbor/chartmuseum-photon v2.5.3 788b207156ad 3 months ago 225MB goharbor/redis-photon v2.5.3 5dc5331f3de8 3 months ago 154MB goharbor/trivy-adapter-photon v2.5.3 27798821348a 3 months ago 251MB goharbor/notary-server-photon v2.5.3 c686413b72ce 3 months ago 112MB goharbor/notary-signer-photon v2.5.3 a3bc1def3f94 3 months ago 109MB goharbor/harbor-registryctl v2.5.3 942de6829d43 3 months ago 136MB goharbor/registry-photon v2.5.3 fb1278854b91 3 months ago 77.9MB goharbor/nginx-photon v2.5.3 91877cbc147a 3 months ago 44.3MB goharbor/harbor-log v2.5.3 ca36fb3b68a6 3 months ago 161MB goharbor/harbor-jobservice v2.5.3 75e6a7496590 3 months ago 227MB goharbor/harbor-core v2.5.3 93a775677473 3 months ago 203MB goharbor/harbor-portal v2.5.3 d78f9bbad9ee 3 months ago 52.6MB goharbor/harbor-db v2.5.3 bd50ae1eccdf 3 months ago 224MB goharbor/prepare v2.5.3 15102b9ebde6 3 months ago 166MB root@easzlab-k8s-harbor-01:/apps/harbor# docker-compose ps -a Name Command State Ports ------------------------------------------------------------------------------------------------------------------------------------------------ harbor-core /harbor/entrypoint.sh Up (healthy) harbor-db /docker-entrypoint.sh 96 13 Up (healthy) harbor-jobservice /harbor/entrypoint.sh Up (healthy) harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp harbor-portal nginx -g daemon off; Up (healthy) nginx nginx -g daemon off; Up (healthy) 0.0.0.0:80->8080/tcp,:::80->8080/tcp, 0.0.0.0:443->8443/tcp,:::443->8443/tcp redis redis-server /etc/redis.conf Up (healthy) registry /home/harbor/entrypoint.sh Up (healthy) registryctl /home/harbor/start.sh Up (healthy) root@easzlab-k8s-harbor-01:/apps/harbor# root@easzlab-k8s-harbor-01:/apps/harbor# netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:34179 0.0.0.0:* LISTEN 830/containerd tcp 0 0 127.0.0.1:1514 0.0.0.0:* LISTEN 1381/docker-proxy tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/init tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1425/docker-proxy tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 715/systemd-resolve tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 930/sshd: /usr/sbin tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 962550/sshd: root@p tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1402/docker-proxy tcp6 0 0 :::111 :::* LISTEN 1/init tcp6 0 0 :::80 :::* LISTEN 1432/docker-proxy tcp6 0 0 :::22 :::* LISTEN 930/sshd: /usr/sbin tcp6 0 0 ::1:6010 :::* LISTEN 962550/sshd: root@p tcp6 0 0 :::443 :::* LISTEN 1409/docker-proxy root@easzlab-k8s-harbor-01:/apps/harbor#
五、验证服务访问
在本地C:\Windows\System32\drivers\etc\hosts添加ip短域名解析,即可通过域名访问
通过域名登录访问:https://harbor.magedu.net admin Harbor12345
从Docker客户端登录Harbor
root@easzlab-deploy:~# echo "172.16.88.166 easzlab-k8s-harbor-01 harbor.magedu.net" >> /etc/hosts #添加客户端本地域名解析 root@easzlab-deploy:~# mkdir -p /etc/docker/certs.d/harbor.magedu.net/ #docker客户端创建harbor证书存放路径 root@easzlab-k8s-harbor-01:/apps/harbor/certs# scp magedu.net.crt root@172.16.88.150:/etc/docker/certs.d/harbor.magedu.net/ #同步harbor证书到docker客户端 root@easzlab-deploy:~# ll -h /etc/docker/certs.d/harbor.magedu.net/ total 12K drwxr-xr-x 2 root root 4.0K Jul 26 19:55 ./ drwxr-xr-x 3 root root 4.0K Jul 26 19:55 ../ -rw-r--r-- 1 root root 2.1K Jul 26 19:55 magedu.net.crt root@easzlab-deploy:~# root@easzlab-deploy:~# systemctl restart docker #重启docker服务
验证登录测试
root@easzlab-deploy:~# docker login https://harbor.magedu.net #第一次登录需要手动输入harbor账号密码 Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded root@easzlab-deploy:~#
验证上传、下载harbor镜像
登录harbor仓库并创建镜像路径
模拟公网拉取镜像打标签上传私有仓库
root@easzlab-deploy:~# docker pull nginx #公网拉取镜像 Using default tag: latest latest: Pulling from library/nginx bd159e379b3b: Downloading 8d634ce99fb9: Download complete 98b0bbcc0ec6: Download complete 6ab6a6301bde: Download complete f5d8edcd47b1: Download complete fe24ce36f968: Download complete latest: Pulling from library/nginx bd159e379b3b: Pull complete 8d634ce99fb9: Pull complete 98b0bbcc0ec6: Pull complete 6ab6a6301bde: Pull complete f5d8edcd47b1: Pull complete fe24ce36f968: Pull complete Digest: sha256:2f770d2fe27bc85f68fd7fe6a63900ef7076bc703022fe81b980377fe3d27b70 Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest root@easzlab-deploy:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 51086ed63d8c 9 days ago 142MB easzlab/kubeasz 3.3.1 0c40d5a6cf5d 3 months ago 164MB kubernetesui/metrics-scraper v1.0.8 115053965e86 4 months ago 43.8MB easzlab.io.local:5000/kubernetesui/metrics-scraper v1.0.8 115053965e86 4 months ago 43.8MB easzlab/pause 3.7 221177c6082a 7 months ago 711kB easzlab.io.local:5000/easzlab/pause 3.7 221177c6082a 7 months ago 711kB easzlab/metrics-server v0.5.2 f73640fb5061 11 months ago 64.3MB easzlab.io.local:5000/easzlab/metrics-server v0.5.2 f73640fb5061 11 months ago 64.3MB registry 2 b8604a3fe854 11 months ago 26.2MB easzlab/k8s-dns-node-cache 1.21.1 5bae806f8f12 13 months ago 104MB easzlab.io.local:5000/easzlab/k8s-dns-node-cache 1.21.1 5bae806f8f12 13 months ago 104MB root@easzlab-deploy:~# docker tag nginx:latest harbor.magedu.net/baseimages1/nginx:v1.22.0 #将拉取的镜像重新打标签 root@easzlab-deploy:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 51086ed63d8c 9 days ago 142MB harbor.magedu.net/baseimages1/nginx v1.22.0 51086ed63d8c 9 days ago 142MB easzlab/kubeasz 3.3.1 0c40d5a6cf5d 3 months ago 164MB kubernetesui/metrics-scraper v1.0.8 115053965e86 4 months ago 43.8MB easzlab.io.local:5000/kubernetesui/metrics-scraper v1.0.8 115053965e86 4 months ago 43.8MB easzlab/pause 3.7 221177c6082a 7 months ago 711kB easzlab.io.local:5000/easzlab/pause 3.7 221177c6082a 7 months ago 711kB easzlab/metrics-server v0.5.2 f73640fb5061 11 months ago 64.3MB easzlab.io.local:5000/easzlab/metrics-server v0.5.2 f73640fb5061 11 months ago 64.3MB registry 2 b8604a3fe854 11 months ago 26.2MB easzlab/k8s-dns-node-cache 1.21.1 5bae806f8f12 13 months ago 104MB easzlab.io.local:5000/easzlab/k8s-dns-node-cache 1.21.1 5bae806f8f12 13 months ago 104MB root@easzlab-deploy:~# docker push harbor.magedu.net/baseimages1/nginx:v1.22.0 #推送到harbor私有仓库 The push refers to repository [harbor.magedu.net/baseimages1/nginx] d6a3537fc36a: Pushed 819eb3a45632: Pushed 5eda6fa69be4: Pushed 6f4f3ce1dca0: Pushed 58a06a0d345c: Pushed fe7b1e9bf792: Pushed v1.22.0: digest: sha256:bab399017a659799204147065aab53838ca6f5aeed88cf7d329bc4fda1d2bac7 size: 1570 root@easzlab-deploy:~#
查看验证推送的镜像
测试拉取私有仓库镜像
#删除旧的nginx镜像
root@easzlab-deploy:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 51086ed63d8c 9 days ago 142MB harbor.magedu.net/baseimages1/nginx v1.22.0 51086ed63d8c 9 days ago 142MB easzlab/kubeasz 3.3.1 0c40d5a6cf5d 3 months ago 164MB easzlab.io.local:5000/kubernetesui/metrics-scraper v1.0.8 115053965e86 4 months ago 43.8MB kubernetesui/metrics-scraper v1.0.8 115053965e86 4 months ago 43.8MB easzlab/pause 3.7 221177c6082a 7 months ago 711kB easzlab.io.local:5000/easzlab/pause 3.7 221177c6082a 7 months ago 711kB easzlab/metrics-server v0.5.2 f73640fb5061 11 months ago 64.3MB easzlab.io.local:5000/easzlab/metrics-server v0.5.2 f73640fb5061 11 months ago 64.3MB registry 2 b8604a3fe854 11 months ago 26.2MB easzlab/k8s-dns-node-cache 1.21.1 5bae806f8f12 13 months ago 104MB easzlab.io.local:5000/easzlab/k8s-dns-node-cache 1.21.1 5bae806f8f12 13 months ago 104MB root@easzlab-deploy:~# docker rmi nginx:latest Untagged: nginx:latest Untagged: nginx@sha256:2f770d2fe27bc85f68fd7fe6a63900ef7076bc703022fe81b980377fe3d27b70 root@easzlab-deploy:~# docker rmi 51086ed63d8c Untagged: harbor.magedu.net/baseimages1/nginx:v1.22.0 Untagged: harbor.magedu.net/baseimages1/nginx@sha256:bab399017a659799204147065aab53838ca6f5aeed88cf7d329bc4fda1d2bac7 Deleted: sha256:51086ed63d8cba3a6a3d94ecd103e9638b4cb8533bb896caf2cda04fb79b862f Deleted: sha256:c22f011a5c63a718e3155ef21b930f5583102384c8e333299913ed660baa230c Deleted: sha256:1235ee8acd48a34c389280d8192ae79ef241d546eeea2f3416b64608d68d8538 Deleted: sha256:80ab7667b1007f2ed4b5387e7585e18d3ca1899c76449240e2890373a8e77285 Deleted: sha256:4833b18722fc3d06feafaa0f61726b1b11baa1daa0ea455e6e2ab66a7c8db283 Deleted: sha256:98b8d2ed046082a8f6c2fb2f34430f5142fea7a7078326d980b323d71640d8ff Deleted: sha256:fe7b1e9bf7922fbc22281bcc6b4f5ac8f1a7b4278929880940978c42fc9d0229 root@easzlab-deploy:~# root@easzlab-deploy:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE easzlab/kubeasz 3.3.1 0c40d5a6cf5d 3 months ago 164MB kubernetesui/metrics-scraper v1.0.8 115053965e86 4 months ago 43.8MB easzlab.io.local:5000/kubernetesui/metrics-scraper v1.0.8 115053965e86 4 months ago 43.8MB easzlab/pause 3.7 221177c6082a 7 months ago 711kB easzlab.io.local:5000/easzlab/pause 3.7 221177c6082a 7 months ago 711kB easzlab/metrics-server v0.5.2 f73640fb5061 11 months ago 64.3MB easzlab.io.local:5000/easzlab/metrics-server v0.5.2 f73640fb5061 11 months ago 64.3MB registry 2 b8604a3fe854 11 months ago 26.2MB easzlab.io.local:5000/easzlab/k8s-dns-node-cache 1.21.1 5bae806f8f12 13 months ago 104MB easzlab/k8s-dns-node-cache 1.21.1 5bae806f8f12 13 months ago 104MB root@easzlab-deploy:~#
#测试harbor镜像拉取
root@easzlab-deploy:~# docker pull harbor.magedu.net/baseimages1/nginx:v1.22.0 v1.22.0: Pulling from baseimages1/nginx bd159e379b3b: Pull complete 8d634ce99fb9: Pull complete 98b0bbcc0ec6: Pull complete 6ab6a6301bde: Pull complete f5d8edcd47b1: Pull complete fe24ce36f968: Pull complete Digest: sha256:bab399017a659799204147065aab53838ca6f5aeed88cf7d329bc4fda1d2bac7 Status: Downloaded newer image for harbor.magedu.net/baseimages1/nginx:v1.22.0 harbor.magedu.net/baseimages1/nginx:v1.22.0 root@easzlab-deploy:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE harbor.magedu.net/baseimages1/nginx v1.22.0 51086ed63d8c 9 days ago 142MB easzlab/kubeasz 3.3.1 0c40d5a6cf5d 3 months ago 164MB kubernetesui/metrics-scraper v1.0.8 115053965e86 4 months ago 43.8MB easzlab.io.local:5000/kubernetesui/metrics-scraper v1.0.8 115053965e86 4 months ago 43.8MB easzlab/pause 3.7 221177c6082a 7 months ago 711kB easzlab.io.local:5000/easzlab/pause 3.7 221177c6082a 7 months ago 711kB easzlab/metrics-server v0.5.2 f73640fb5061 11 months ago 64.3MB easzlab.io.local:5000/easzlab/metrics-server v0.5.2 f73640fb5061 11 months ago 64.3MB registry 2 b8604a3fe854 11 months ago 26.2MB easzlab/k8s-dns-node-cache 1.21.1 5bae806f8f12 13 months ago 104MB easzlab.io.local:5000/easzlab/k8s-dns-node-cache 1.21.1 5bae806f8f12 13 months ago 104MB root@easzlab-deploy:~#
