搭建Harbor仓库

admin • 2021年1月29日 pm5:32 • k8s • 阅读 2589

1.基础环境准备

1.1关闭防火墙和selinux

 systemctl stop firewalld
 systemctl disable firewalld
 setenforce 0
 sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

1.2主机名

hostnamectl set-hostname harbor

1.3依赖包安装

yum install -y yum-utils device-mapper-persistent-data lvm2

1.4docker ce软件源添加

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

1.5更新缓存

yum makecache fast

1.6安装docker-ce

yum -y install docker-ce

1.7启动docker-ce

systemctl start docker

1.8安装docker-compose

curl -L https://github.com/docker/compose/releases/download/1.16.1/docker-compose-uname -s-uname -m -o /usr/local/bin/docker-compose
 chmod +x /usr/local/bin/docker-compose
 yum install bash-completion
 curl -L https://raw.githubusercontent.com/docker/compose/1.16.1/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose

1.9查看compose版本

docker-compose --version

2.安装harbor

2.1安装

wget -P /usr/local/src/  https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-online-installer-v1.2.0.tgz
 tar zxf harbor-online-installer-v1.2.0.tgz  -C /usr/local/

2.2修改harbor.cfg配置

hostname = 192.168.1.154
 ui_url_protocol = https
 ssl_cert = /etc/certs/ca.crt
 ssl_cert_key = /etc/certs/ca.key

2.3新建ca证书

mkdir /etc/certs
 openssl genrsa -out /etc/certs/ca.key 2048
 openssl req -x509 -new -nodes -key /etc/certs/ca.key -subj "/CN=192.168.38.23" -days 5000 -out /etc/certs/ca.crt

2.4执行安装

./install.sh

2.5启动harbor

docker-compose up -d

2.6复制证书到客户端(例如k8s、openshift环境)

scp /etc/certs/ca.crt root@192.168.1.150:/etc/docker/certs.d/192.168.1.154/
 scp /etc/certs/ca.crt root@192.168.1.151:/etc/docker/certs.d/192.168.1.154/
 scp /etc/certs/ca.crt root@192.168.1.152:/etc/docker/certs.d/192.168.1.154/
 scp /etc/certs/ca.crt root@192.168.1.20:/etc/docker/certs.d/192.168.1.154/
 scp /etc/certs/ca.crt root@192.168.1.21:/etc/docker/certs.d/192.168.1.154/
 scp /etc/certs/ca.crt root@192.168.1.22:/etc/docker/certs.d/192.168.1.154/
 scp /etc/certs/ca.crt root@192.168.1.237:/etc/docker/certs.d/192.168.1.154/

需要注意的是(避免踩坑):客户端处需要新增一个daemon.json配置，然后重启docker

 docker版:"insecure-registries": ["192.168.1.154"]
 docker-ce版:"insecure-registries": ["https://192.168.1.154"]

至此部署完毕，下一篇将会结合k8s\openshift环境使用harbor

原创文章，作者：admin，如若转载，请注明出处：https://www.starz.top/2021/01/29/%e6%90%ad%e5%bb%baharbor%e4%bb%93%e5%ba%93/

向erotik进行回复取消回复

评论列表（4条）

erotik 2021年2月27日下午2:46

Awesome post. I am a regular visitor of your blog and appreciate you taking the time to maintain the excellent site. I will be a frequent visitor for a long time. Jammie Care Marta

回复
erotik 2021年3月2日上午2:47

Having read this I believed it was extremely informative. I appreciate you spending some time and energy to put this short article together. I once again find myself personally spending a lot of time both reading and leaving comments. But so what, it was still worth it! Alice Jack Yacov

回复
erotik 2021年3月2日上午9:53

I am really impressed along with your writing skills as smartly as with the layout to your blog. Sande Lorin Antonin Chiquita Iorgos Meyers

回复
girl teens posing in bras 2021年3月5日下午4:07

I think that is among the so much important info for me. And i am glad studying your article. But want to observation on some general things, The website style is perfect, the articles is really nice : D. Excellent job, cheers| Lorenza Adolpho Vedetta

回复