部署docker镜像仓库——harbor仓库

实验环境：

harbor服务器系统：CentOS Linux release 7.6

harbor服务器IP：192.168.56.105

harbor版本：v1.5.0

docker版本：Docker version 17.03.0-ce

另外为了测试pull镜像，使用了另一台kube-node1机器：192.168.56.106

 

部署过程：

1、下载安装包

下载地址：http://harbor.orientsoft.cn/

2.Install Docker CE

2.1安装依赖包

[root@kube-master ~]# yum -y install iptables-services

[root@kube-master ~]# systemctl start iptables

[root@kube-master ~]# systemctl enable iptables

[root@kube-master ~]# iptables -F

[root@kube-master ~]# service iptables save

[root@kube-master ~]# yum update

下载docker

https://download.docker.com/linux/centos/7/x86_64/stable/Packages/

我们选择docker-ce-17.03.0

[root@kube-master ~]# mkdir docker

将下载好的docker-ce-17.03.0.ce-1.el7.centos.x86_64.rpm 和docker-ce-selinux-17.03.0.ce-1.el7.centos.noarch.rpm

移动到docker目录下

[root@kube-master ~]# mv docker* docker

[root@kube-master docker]# yum -y install *

 

启动docker-ce和开机自启动

systemctl start docker && systemctl enable docker

 

2.2配置镜像加速

[root@kube-master docker]# cp /lib/systemd/system/docker.service /etc/systemd/system/docker.service

[root@kube-master docker]# chmod a+x /etc/systemd/system/docker.service

 

[root@kube-master docker]# vi /etc/systemd/system/docker.service

ExecStart=/usr/bin/dockerd --registry-mirror=https://c1s8aycr.mirror.aliyuncs.com

 

2.3重启docker：

[root@kube-master ~]# systemctl daemon-reload

[root@kube-master ~]# systemctl restart docker

 

[root@kube-master docker]# ps -ef | grep docker

root 3667 1 0 19:49 ? 00:00:00 /usr/bin/dockerd --registry-mirror=https://c1s8aycr.mirror.aliyuncs.com

说明加速服务配置成功

 

 

3.安装docker-compose

curl -L https://github.com/docker/compose/releases/download/1.8.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose # chmod +x /usr/local/bin/docker-compose

 

4.安装harhor

4.1将tar包解压到当前文件夹

[root@kube-master ~]# tar zxvf harbor-offline-installer-v1.5.0.tgz

[root@kube-master ~]# mv harbor /usr/local/

 

4.2创建证书

#创建证书目录

[root@kube-master ~]# mkdir -p /data/cert

[root@kube-master ~]# cd /data/cert

#创建CA根证书

[root@kube-master ~]# openssl genrsa -des3 -out server.key 2048

[root@kube-master ~]# openssl req -new -key server.key -out server.csr

 

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:BJ

Locality Name (eg, city) [Default City]:BJ

Organization Name (eg, company) [Default Company Ltd]:JD

Organizational Unit Name (eg, section) []:JD

Common Name (eg, your name or your server's hostname) []:hub.jike.com

Email Address []:[email protected]

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

 

[root@kube-master ~]# cp server.key server.key.org

[root@kube-master ~]# openssl rsa -in server.key.org -out server.key

[root@kube-master ~]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

 

[root@kube-master cert]# vi /usr/local/harbor/harbor.cfg

#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname = hub.jike.com   #The protocol for accessing the UI and token/notification service, by default it is http. #It can be set to https if ssl is enabled on nginx. ui_url_protocol = https

 

 

[root@kube-master cert]# cd /usr/local/harbor/

[root@kube-master harbor]# ./install.sh

 

5.界面访问

https://hub.jike.com/harbor/sign-in

用户名：admin

password: Harbor12345

 

6.测试使用

6.1添加验证

[root@kube-master harbor]# vi /etc/docker/daemon.json

{

"insecure-registries": ["hub.jike.com"]

}

6.2重启docker：

[root@kube-master ~]# systemctl daemon-reload

[root@kube-master ~]# systemctl restart docker

 

6.3用robin用户登录后创建一个kubernetes_es项目：

6.4创建镜像并推送到仓库

docker 拉取最新的nginx镜像

[root@kube-master harbor]# docker pull nginx

打标签并上传到私有仓库

[root@kube-master ~]# docker tag nginx:latest hub.jike.com/kubernetes_es/nginx:v1

需要登录

docker login hub.jike.com

Username: robin

Password:

Login Succeeded

[root@kube-master ~]# docker push hub.jike.com/kubernetes_es/nginx:v1

 

6.5在kube-node1机器上测试pull命令

1)、验证docker配置文件

[root@kube-node1 harbor]# vi /etc/docker/daemon.json

{

"insecure-registries": ["hub.jike.com"]

}

2). 修改/etc/hosts文件,添加 如下一行

192.168.56.105 hub.jike.com

 

3).重启docker：

[root@kube-master ~]# systemctl daemon-reload

[root@kube-master ~]# systemctl restart docker

 

4).pull镜像

[root@kube-node1 ~]# docker pull hub.jike.com/kubernetes_es/nginx:v1