Harbor离线安装
harbor离线安装
安装环境及版本如下:
- 系统centos7.9
- doker版本
docker-ce-20.10.17
- docker-compose版本
v2.10.2
- harbor版本
v2.6.0
- harbor数据路径
/harbor-data
- 访问域名
harbor.domain.com
预安装docker和docker-compose
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl start docker
systemctl enable docker
curl -O https://github.com/docker/compose/releases/download/v2.10.2/docker-compose-linux-x86_64
mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
下载harbor安装包
在页面https://github.com/goharbor/harbor/releases
下载对于版本包,这里以v2.6.0
为例,
harbor-offline-installer-v2.6.0.tgz
harbor-offline-installer-v2.6.0.tgz.asc
验证包
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 644FF454C0B4115C
gpg -v --keyserver hkps://keyserver.ubuntu.com --verify harbor-offline-installer-v2.6.0.tgz.asc
安装
vim /etc/hosts
127.0.0.1 harbor.domain.com
127.0.0.1 harbor.domain
127.0.0.1 harbor
配置https证书
生成证书颁发机构证书
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Guangdong/L=Shenzhen/O=greene/OU=Personal/CN=harbor.domain.com" \
-key ca.key \
-out ca.crt
openssl genrsa -out harbor.domain.com.key 4096
生成服务器证书
openssl req -sha512 -new \
-subj "/C=CN/ST=Guangdong/L=Shenzhen/O=greene/OU=Personal/CN=harbor.domain.com" \
-key harbor.domain.com.key \
-out harbor.domain.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.domain.com
DNS.2=harbor.domain
DNS.3=harbor
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in harbor.domain.com.csr \
-out harbor.domain.com.crt
向Harbor和Docker提供证书
cp harbor.domain.com.crt /etc/ssl/certs/
cp harbor.domain.com.key /etc/ssl/certs/
openssl x509 -inform PEM -in harbor.domain.com.crt -out harbor.domain.com.cert
mkdir -p /etc/docker/certs.d/harbor.domain.com
cp harbor.domain.com.cert /etc/docker/certs.d/harbor.domain.com/
cp harbor.domain.com.key /etc/docker/certs.d/harbor.domain.com/
cp ca.crt /etc/docker/certs.d/harbor.domain.com/
重启docker
systemctl restart docker
配置harbor启动
tar -xvf harbor-offline-installer-v2.6.0.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
修改如下配置即可
hostname: harbor.domain.com
https:
certificate: /etc/ssl/certs/harbor.domain.com.crt
private_key: /etc/ssl/certs/harbor.domain.com.key
开始安装并启动harbor
./install.sh
登录验证,Harbor的用户和默认密码是admin/Harbor12345
docker客户端配置
创建证书目录,将上述harbor服务端的ca.crt
证书拷贝到目录下
mkdir -p /etc/docker/certs.d/harbor.domain.com
重启客户端docker即可
systemctl restart docker
批量拉取和推送指定版本的镜像
#!/bin/bash
# 接收多个 source_image:version 作为参数
source_images_and_versions=("$@")
# 检查是否没有传入 source_image:version
if [ ${#source_images_and_versions[@]} -eq 0 ]; then
echo "Usage: $0 <source_image1:version1> <source_image2:version2> ..."
exit 1
fi
# 循环遍历每个传入的 source_image:version
for image_version in "${source_images_and_versions[@]}"
do
# 分割镜像名称和版本
source_image=$(echo $image_version | cut -d: -f1)
version=$(echo $image_version | cut -d: -f2)
# 拉取指定的源镜像版本
docker pull $source_image:$version
# 获取本地所有版本的源镜像,确保匹配整个单词
local_images=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep -w "$source_image")
# 循环遍历版本列表,为每个版本的源镜像创建新标签,然后推送到仓库
for image in $local_images
do
original_image=$image
new_image="harbor.domain.com/library/$original_image"
# 为原始镜像创建新标签
docker tag $original_image $new_image
# 推送新标签的镜像到仓库
docker push $new_image
# 删除本地新标签的镜像(可选,根据需求)
docker rmi $new_image
docker rmi $original_image
done
done
本文来自博客园,作者:GreeneGe,转载请注明原文链接:https://www.cnblogs.com/greene/p/16654357.html