系统环境
操作系统:CentOS 7.6
IP地址:10.0.11.20
域名: reg.ik8s.cc
安装要求:
1. 做好服务器时间同步
2. 因为是在内网使用,所以需在要访问reg.ik8s.cc的主机上配置hosts解析,或者配置内网dns进行域名解析
安装docker
$ sudo yum install -y yum-utils openssl openssl-devel
$ sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
$ sudo yum makecache
$ sudo yum install docker-ce
配置docker(信任我们搭建的镜像仓库,否则提交镜像会报错)
$ sudo vim /etc/docker/daemon.json
{
"insecure-registries":["reg.ik8s.cc"]
}
安装docker compose
$ sudo curl -L "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
$ sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
安装Harbor
- 安装包下载
$ wget https://github.com/goharbor/harbor/releases/download/v1.9.3/harbor-offline-installer-v1.9.3.tgz
$ sudo tar xf harbor-offline-installer-v1.9.3.tgz
- 创建https证书
此处使用自签的证书
$ sudo mkdir /etc/harbor/ssl && cd /etc/harbor/ssl
$ sudo openssl genrsa -out ca.key 4096
$ sudo openssl req -x509 -new -nodes -sha512 -days 3650\
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=reg.ik8s.cc" -key ca.key -out ca.crt
$ sudo openssl genrsa -out reg.ik8s.cc.key 4096
$ sudo openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=reg.ik8s.cc.com" \
-key reg.ik8s.cc.key \
-out reg.ik8s.cc.csr
$ sudo cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=reg.ik8s.cc
DNS.2=ik8s.cc
DNS.3=hostname
EOF
$ sudo openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in reg.ik8s.cc.csr \
-out reg.ik8s.cc.crt
$ sudo openssl x509 -inform PEM -in reg.ik8s.cc.crt -out reg.ik8s.cc.cert
- 为Harbor配置服务端证书和key
- 为docker配置证书,key和CA
- Docker守护程序将.crt文件解释为CA证书,并将.cert文件解释为客户端证书。因此要做一下证书转换
$ sudo openssl x509 -inform PEM -in reg.ik8s.cc.crt -out reg.ik8s.cc.cert $ sudo mkdir -p /etc/docker/certs.d/reg.ik8s.cc/ $ sudo cp reg.ik8s.cc.cert /etc/docker/certs.d/reg.ik8s.cc/ $ sudo cp reg.ik8s.cc.key /etc/docker/certs.d/reg.ik8s.cc/ $ sudo cp ca.crt /etc/docker/certs.d/reg.ik8s.cc/
- 配置Harbor配置文件
# vim harbor.yml
hostname: reg.ik8s.cc
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /etc/harbor/ssl/reg.ik8s.cc.crt
private_key: /etc/harbor/ssl/reg.ik8s.cc.key
- 使用prepare脚本进行配置
$ sudo ./prepare
- 启动服务(如果运行了docker compose服务需要先停止)
$ sudo docker-compose up -d
访问服务
- 浏览器访问:https://reg.ik8s.cc
- 默认用户名和密码(生产环境要修改):
- user: admin
- passwd: Harbor12345
参考文档:
1.https://yq.aliyun.com/articles/110806?spm=5176.8351553.0.0.63dd1991ZH3AH5
2.https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
3.https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
4.https://docs.docker.com/compose/install/