企业级私有仓库Harbor安装部署

系统环境

操作系统:CentOS 7.6
IP地址:10.0.11.20
域名: reg.ik8s.cc
安装要求:
  1. 做好服务器时间同步
  2. 因为是在内网使用,所以需在要访问reg.ik8s.cc的主机上配置hosts解析,或者配置内网dns进行域名解析

安装docker


   $ sudo yum install -y yum-utils openssl openssl-devel
   $ sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
   $ sudo yum makecache
   $ sudo yum install docker-ce

配置docker(信任我们搭建的镜像仓库,否则提交镜像会报错)


$ sudo vim /etc/docker/daemon.json

{
   "insecure-registries":["reg.ik8s.cc"]
}

安装docker compose

$ sudo curl -L "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
$ sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

安装Harbor

  • 安装包下载

$ wget https://github.com/goharbor/harbor/releases/download/v1.9.3/harbor-offline-installer-v1.9.3.tgz
$ sudo tar xf harbor-offline-installer-v1.9.3.tgz
  • 创建https证书
    此处使用自签的证书
$ sudo mkdir /etc/harbor/ssl && cd /etc/harbor/ssl
$ sudo openssl genrsa -out ca.key 4096
$ sudo openssl req -x509 -new -nodes -sha512 -days 3650\
               -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=reg.ik8s.cc" -key ca.key -out ca.crt
$ sudo openssl genrsa -out reg.ik8s.cc.key 4096
$ sudo openssl req -sha512 -new \
               -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=reg.ik8s.cc.com" \
               -key reg.ik8s.cc.key \
               -out reg.ik8s.cc.csr
$ sudo cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=reg.ik8s.cc
DNS.2=ik8s.cc
DNS.3=hostname
EOF
$ sudo openssl x509 -req -sha512 -days 3650 \
               -extfile v3.ext \
               -CA ca.crt -CAkey ca.key -CAcreateserial \
               -in reg.ik8s.cc.csr \
               -out reg.ik8s.cc.crt
$ sudo openssl x509 -inform PEM -in reg.ik8s.cc.crt -out reg.ik8s.cc.cert
  • 为Harbor配置服务端证书和key
    • 为docker配置证书,key和CA
    • Docker守护程序将.crt文件解释为CA证书,并将.cert文件解释为客户端证书。因此要做一下证书转换
      $ sudo openssl x509 -inform PEM -in reg.ik8s.cc.crt -out reg.ik8s.cc.cert
      $ sudo mkdir -p /etc/docker/certs.d/reg.ik8s.cc/
      $ sudo cp reg.ik8s.cc.cert /etc/docker/certs.d/reg.ik8s.cc/
      $ sudo cp reg.ik8s.cc.key /etc/docker/certs.d/reg.ik8s.cc/
      $ sudo cp ca.crt /etc/docker/certs.d/reg.ik8s.cc/
  • 配置Harbor配置文件
# vim harbor.yml

hostname: reg.ik8s.cc
# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80
# https related config
https:
# https port for harbor, default is 443
  port: 443
# The path of cert and key files for nginx
  certificate: /etc/harbor/ssl/reg.ik8s.cc.crt
  private_key: /etc/harbor/ssl/reg.ik8s.cc.key
  • 使用prepare脚本进行配置
$ sudo ./prepare
  • 启动服务(如果运行了docker compose服务需要先停止)

$ sudo docker-compose up -d

访问服务

  • 浏览器访问:https://reg.ik8s.cc
  • 默认用户名和密码(生产环境要修改):
    • user: admin
    • passwd: Harbor12345

参考文档:
1.https://yq.aliyun.com/articles/110806?spm=5176.8351553.0.0.63dd1991ZH3AH5
2.https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
3.https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
4.https://docs.docker.com/compose/install/


文章作者: BY 木易杨
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 BY 木易杨 !
评论
 上一篇
时间管理 时间管理
此篇文章是根据国外一片博客的个人总结 时间管理之60-30-10法则 时间管理的本质是分轻重缓急,在合适的时间做合适的事,学会60-30-10法则,可以让你从无序的生活中解脱出来。 将一天中60%时间用于高价值的活动,30%时间给低价值
2020-04-01 BY 木易杨
下一篇 
Welcome Welcome
欢迎访问我的个人博客,最近正使用Hexo对博客进行重构,欢迎批评指正!
2019-11-26 Jemmy yang