harbor私有仓库与图形管理界面portainer

1、harbor仓库

• 概述

  

• 部署安装条件

  

• 部署harbor

  • 安装docker和docker-compose

• 配置https证书

  # 创建ca私钥
  openssl genrsa -out ca.key 4096
  # 创建ca证书
  openssl req -x509 -new -nodes -sha512 -days 3650 \
   -subj "/C=CN/ST=Tianjin/L=Tianjin/O=example/OU=Personal/CN=unistack.com" \
   -key ca.key \
   -out ca.crt
  # 创建服务签名
  openssl genrsa -out unistack.com.key 4096
  # 创建csr请求
  openssl req -sha512 -new \
      -subj "/C=CN/ST=Tianjin/L=Tianjin/O=example/OU=Personal/CN=unistack.com" \
      -key unistack.com.key \
      -out unistack.com.csr
  # 创建v3 extension file
  cat > v3.ext <<-EOF
  authorityKeyIdentifier=keyid,issuer
  basicConstraints=CA:FALSE
  keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
  extendedKeyUsage = serverAuth
  subjectAltName = @alt_names
  
  [alt_names]
  DNS.1=unistack.com
  DNS.2=unistack.harbor.com
  EOF
  # 使用v3.ext给服务证书签名
  openssl x509 -req -sha512 -days 3650 \
      -extfile v3.ext \
      -CA ca.crt -CAkey ca.key -CAcreateserial \
      -in unistack.com.csr \
      -out unistack.com.crt
  # 向Harbor提供证书
  mkdir -p /data/cert
  cp unistack.com.csr /data/cert/
  cp unistack.com.crt /data/cert/
  # 向docker提供证书
  //生成docker用cert
  openssl x509 -inform PEM -in unistack.com.crt -out unistack.com.cert
  //创建unistack.com目录
  cp yourdomain.com.cert /etc/docker/certs.d/unistack.com/
  cp yourdomain.com.key /etc/docker/certs.d/unistack.com/
  cp ca.crt /etc/docker/certs.d/unistack.com/
  //重启docker
  systemctl restart docker
  

• 安装harbor

  # 上传harbor离线包，解压
  tar xf harbor-offline-installer-v2.3.2.tgz
  # 复制模板文件
  cp harbor.yml.tmpl harbor.yml
  # 修改harbor.yml
  //修改域名
  hostname: unistack.com
  //修改https证书路径
    certificate: /data/cert/unistack.com.crt
    private_key: /data/cert/unistack.com.key
  //修改密码
  harbor_admin_password: Harbor12345
  

• docker客户端添加可信任镜像仓库

  [root@node201 harbor]# vim /etc/docker/daemon.json 
  {
  "insecure-registries":["unistack"]
  }
  

• 重启docker

• 登陆harbor仓库

  [root@node201 harbor]# docker login reg.lynn.com
  Username: admin
  Password: 
  WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
  Configure a credential helper to remove this warning. See
  https://docs.docker.com/engine/reference/commandline/login/#credentials-store
  
  Login Succeeded
  

• 推送命令：

  # docker tag centos:7 reg.lynn.com/library/centos:7
  # docker push reg.lynn.com/library/centos:7
  # docker pull reg.lynn.com/library/centos:7
  

• 配置主从

  

  

  

  

• harbor维护

  

2、图形化管理界面portainer

• 部署

  # docker volume create portainer_data
  # docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
  

• 管理远程主机