Harbor 简介
Harbor是构建企业级私有docker镜像的仓库的开源解决方案,它是Docker Registry的更高级封装,它除了提供友好的Web UI界面,角色和用户权限管理,用户操作审计等功能外,它还整合了K8s的插件(Add-ons)仓库,即Helm通过chart方式下载,管理,安装K8s插件,而chartmuseum可以提供存储chart数据的仓库【注:helm就相当于k8s的yum】。另外它还整合了两个开源的安全组件,一个是Notary,另一个是Clair,Notary类似于私有CA中心,而Clair则是容器安全扫描工具,它通过各大厂商提供的CVE漏洞库来获取最新漏洞信息,并扫描用户上传的容器是否存在已知的漏洞信息,这两个安全功能对于企业级私有仓库来说是非常具有意义的。
1.安装docker
yum -y install docker-ce
systemctl restart docker && systemctl enable docker
要想用其他节点都要添加
cat > /etc/docker/daemon.json <
{
"insecure-registries":["https://hub.wql.com"] #仓库域名
}
EOF
mkdir -p /etc/systemd/system/docker.service.d
systemctl daemon-reload && systemctl restart docker && systemctl enable docker
2.安装docker编排工具compose
最好自己网站下载,容易报错
下载地址:
curl -L https://github.com/docker/compose/releases/download/1.9.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
https://github.com/docker/compose/releases/tag/1.14.0-rc2
https://github.com/docker/compose/releases/tag/1.25.0-rc4
wget https://github.com/docker/compose/releases/tag/1.14.0-rc2/docker-compose-Linux-x86_64
yum -y install lrzsz
mv docker-compose /usr/local/bin
Chmod a+x /usr/local/bin/docker-compose
3.安装harbor
下载地址: Harbor官方地址: https://github.com/vmware/harbor/releases
包地址:https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-offline-installer-v1.2.0.tgz
tar -zxvf harbor-offline-installer-v1.2.0.tgz
mv harbor /usr/local/ cd /usr/local/harbor/[root@harbor harbor]# vim harbor.cfg
5hostname = hub.wql.com 域名
9ui_url_protocol = https 协议24ssl_cert = /data/cert/server.crt #创建一下/data/cert 目录
mkdir -p /data/cert
4.创建证书
cd /data/cert
]# openssl genrsa -des3 -outserver.key2048Enter pass phrase for server.key: 这里输入密码,随便填
Verifying - Enter pass phraseforserver.key:
[root@harbor cert]# openssl req
-new-key server.key -out server.csr #创建证书请求
Enter pass phrase forserver.key: 输入密码
You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter
iswhatis called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CN 国家
State or Province Name (full name) []:BJ 城市
Locality Name (eg, city) [Default City]:BJ 地方
Organization Name (eg, company) [Default Company Ltd]:wql 机构
Organizational Unit Name (eg, section) []:wql 组织
Common Name (eg, your name or your server's hostname) []:hub.wql.com 邮箱Email Address []:wqlong0821@163.com 管理员邮箱
Please enter the following 'extra'attributesto be sent with your certificate requestA challenge password []: 是否改密码(这里直接回车)An optional company name []:
cp server.key server.key.org 备份一下openssl rsa
-inserver.key.org -out server.key 转换证书(去掉密码)
openssl x509 -req -days365-inserver.csr -signkey server.key -out server.crt 签名
chmod a+x * 赋权
共4个
5.运行脚本进行安装
cd /usr/local/harbor/./install.sh
vim /etc/hosts
192.168.4.10 master01
192.168.4.50 node01
192.168.4.51 node02
192.168.4.53hub.wql.com
6.验证浏览器访问
请注意,默认管理员用户名 / 密码为 admin / Harbor12345
要在/usr/local/harbor/目录
重启harbor
./prepare
docker-compose down //关闭docker-compose
docker-compose up -d //开启docker-compose
7.命令行登录测试
~]# docker login https://hub.wql.com
Username: admin #用户名
Password: #密码
WARNING! Your password will be stored unencryptedin/root/.docker/config.json.
Configure a credential helper to remove this warning.
See https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin
Succeeded
8.推送镜像
把镜像打标签,并上传harbor
docker tag nginx:v1 hub.wql.com/library/nginx:v1
docker push hub.wql.com/library/nginx:v1
下载测试
docker pull hub.wql.com/library/nginx:v1
kubectl run nginx1-deployment --image=hub.wql.com/library/nginx:v1 --port=80--replicas=1kubectl get pod
kubectl getpod -o wide
curl 10.244.3.24
