docker仓库harbor的搭建及使用
https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
1、设置FQDN
# 设置hostname 为kube-master
hostnamectl set-hostname kube-master
vi /etc/hosts # 域名解析
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.31.10 kube-master.com kube-master
[root@kube-master harbor]# hostname -f
kube-master.harbor.com
[root@kube-master harbor]#
[root@kube-master harbor]# hostname
kube-master
2、下载harbor安装文件并解压
#offline
wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.2-rc1.tgz
tar -xvf tar -xvf harbor-offline-installer-v1.8.2-rc1.tgz
#online:
https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-online-installer-v1.8.1.tgz
3、修改harbor.yml文件
hostname: kube-master.harbor.com
4、安装docker和docker-compose
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum-config-manager --enable docker-ce-nightly
sudo yum-config-manager --enable docker-ce-test
sudo yum-config-manager --disable docker-ce-nightly
sudo yum install docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
sudo docker run hello-world
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose5、./install.sh
执行完毕就可以通过网页登陆
http://kube-master.com/
但是不能docker login kube-master.com出现问题
Error response from daemon: Get https://kube-master.com/v2/: dial tcp 192.168.31.10:443: connect: connection refused
原因是docker默认是https协议,需要启动,当然不启动可以通过添加
IMPORTANT: The default installation of Harbor uses HTTP - as such, you will need to add the option --insecure-registry to your client's Docker daemon and restart the Docker service.
6、添加证书启动https
编辑脚本文件执行后自动将证书和key放到对应的目录中
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=kube-master.com" \
-key ca.key \
-out ca.crt
openssl genrsa -out kube-master.com.key 4096
openssl req -sha512 -new \
-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=kube-master.com" \
-key kube-master.com.key \
-out kube-master.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=kube-master.com
DNS.2=kube-master
DNS.3=kube-master
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in kube-master.com.csr \
-out kube-master.com.crt
mkdir /data/cert -p
cp kube-master.com.crt kube-master.com.key /data/cert/
openssl x509 -inform PEM -in kube-master.com.crt -out kube-master.com.cert
mkdir /etc/docker/certs.d/kube-master.com -p
cp kube-master.com.cert kube-master.com.key ca.crt /etc/docker/certs.d/kube-master.com/
7、配置harbor.yml
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /data/cert/kube-master.com.crt
private_key: /data/cert/kube-master.com.key8、重新配置,并重启docker-compose
./prepare
docker-compose down -v
docker-compose up -d9、测试
docker login kube-master.com ok
网页输入https://kube-master.com ok
10、如果希望在别的主机上登录需要设置host解析,linux设置开头说过,windows设置如下:
修改C:\Windows\System32\drivers\etc\hosts的权限后
修改文件内容
192.168.31.12 kube-master.com
然后打开CMD,执行ipconfig /flushdns
执行完之后能看到成功提示,然后在网页打开https://kube-master.com即可
11、push&pull example
拷贝证书到你想要部署的机器上 /etc/docker/certs.d/kube-master..com/
docker login baicells-harbor.com
docker tag ubuntu:14.04 kube-master..com/library/ubuntu:14.04
docker push kube-master.com/library/ubuntupush:
docker login kube-master.com
docker pull kube-master.com/library/ubuntu:14.04