下载Harborv1.8.1
下载在线包
wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-online-installer-v1.8.1.tgz
由于文件使用的谷歌云,可能要使用特殊的手段才能下载
下面是几个文件内容
主要修改地方
hostname: docker.test.com
开启https
https:
port: 443
certificate: /apps/registrs/cert/docker.test.com.crt
private_key: /apps/registrs/cert/docker.test.com.key
证书存储地址
data_volume: /apps/registrs
修改成自己服务器存储地址
vi harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: docker.test.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# # https port for harbor, default is 443
port: 443
# # The path of cert and key files for nginx
certificate: /apps/registrs/cert/docker.test.com.crt
private_key: /apps/registrs/cert/docker.test.com.key
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345
# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123
# The default data volume
data_volume: /apps/registrs
# Harbor Storage settings by default is using /data dir on local filesystem
# Uncomment storage_service setting If you want to using external storage
# storage_service:
# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
# ca_bundle:
# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
# filesystem:
# maxthreads: 100
# # set disable to true when you want to disable registry redirect
# redirect:
# disabled: false
# Clair configuration
clair:
# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
updaters_interval: 12
# Config http proxy for Clair, e.g. http://my.proxy.com:3128
# Clair doesn't need to connect to harbor internal components via http proxy.
http_proxy:
https_proxy:
no_proxy: 127.0.0.1,localhost,core,registry
jobservice:
# Maximum number of job workers in job service
max_job_workers: 10
chart:
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled
# Log configurations
log:
# options are debug, info, warning, error, fatal
level: info
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
rotate_count: 50
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
# are all valid.
rotate_size: 200M
# The directory on your host that store log
location: /var/log/harbor
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 1.8.0
# Uncomment external_database if using external database.
# external_database:
# harbor:
# host: harbor_db_host
# port: harbor_db_port
# db_name: harbor_db_name
# username: harbor_db_username
# password: harbor_db_password
# ssl_mode: disable
# clair:
# host: clair_db_host
# port: clair_db_port
# db_name: clair_db_name
# username: clair_db_username
# password: clair_db_password
# ssl_mode: disable
# notary_signer:
# host: notary_signer_db_host
# port: notary_signer_db_port
# db_name: notary_signer_db_name
# username: notary_signer_db_username
# password: notary_signer_db_password
# ssl_mode: disable
# notary_server:
# host: notary_server_db_host
# port: notary_server_db_port
# db_name: notary_server_db_name
# username: notary_server_db_username
# password: notary_server_db_password
# ssl_mode: disable
# Uncomment external_redis if using external Redis server
# external_redis:
# host: redis
# port: 6379
# password:
# # db_index 0 is for core, it's unchangeable
# registry_db_index: 1
# jobservice_db_index: 2
# chartmuseum_db_index: 3
# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
# uaa:
# ca_file: /path/to/ca
prepare 文件 不做修改
vi prepare
#!/bin/bash
set +e
# If compling source code this dir is harbor's make dir
# If install harbor via pacakge, this dir is harbor's root dir
if [[ -n "$HARBOR_BUNDLE_DIR" ]]; then
harbor_prepare_path=$HARBOR_BUNDLE_DIR
else
harbor_prepare_path="$( cd "$(dirname "$0")" ; pwd -P )"
fi
echo "prepare base dir is set to ${harbor_prepare_path}"
data_path=$(grep '^[^#]*data_volume:' ${harbor_prepare_path}/harbor.yml | awk '{print $NF}')
# If previous secretkeys exist, move it to new location
previous_secretkey_path=/data/secretkey
previous_defaultalias_path=/data/defaultalias
if [ -f $previous_secretkey_path ]; then
mkdir -p $data_path/secret/keys
mv $previous_secretkey_path $data_path/secret/keys
fi
if [ -f $previous_defaultalias_path ]; then
mkdir -p $data_path/secret/keys
mv $previous_defaultalias_path $data_path/secret/keys
fi
# Clean up input dir
rm -rf ${harbor_prepare_path}/input
# Create a input dirs
mkdir -p ${harbor_prepare_path}/input
input_dir=${harbor_prepare_path}/input
set -e
# Copy harbor.yml to input dir
if [[ ! "$1" =~ ^\-\- ]] && [ -f "$1" ]
then
cp $1 $input_dir/harbor.yml
else
cp ${harbor_prepare_path}/harbor.yml $input_dir/harbor.yml
fi
# Create secret dir
secret_dir=${data_path}/secret
config_dir=$harbor_prepare_path/common/config
# Run prepare script
docker run --rm -v $input_dir:/input \
-v $harbor_prepare_path:/compose_location \
-v $config_dir:/config \
-v $secret_dir:/secret \
goharbor/prepare:v1.8.1 $@
echo "Clean up the input dir"
# Clean up input dir
rm -rf ${harbor_prepare_path}/input
install.sh 文件也不做任何修改
vi install.sh
#!/bin/bash
set +e
set -o noglob
#
# Set Colors
#
bold=$(tput bold)
underline=$(tput sgr 0 1)
reset=$(tput sgr0)
red=$(tput setaf 1)
green=$(tput setaf 76)
white=$(tput setaf 7)
tan=$(tput setaf 202)
blue=$(tput setaf 25)
#
# Headers and Logging
#
underline() { printf "${underline}${bold}%s${reset}\n" "$@"
}
h1() { printf "\n${underline}${bold}${blue}%s${reset}\n" "$@"
}
h2() { printf "\n${underline}${bold}${white}%s${reset}\n" "$@"
}
debug() { printf "${white}%s${reset}\n" "$@"
}
info() { printf "${white}➜ %s${reset}\n" "$@"
}
success() { printf "${green}✔ %s${reset}\n" "$@"
}
error() { printf "${red}✖ %s${reset}\n" "$@"
}
warn() { printf "${tan}➜ %s${reset}\n" "$@"
}
bold() { printf "${bold}%s${reset}\n" "$@"
}
note() { printf "\n${underline}${bold}${blue}Note:${reset} ${blue}%s${reset}\n" "$@"
}
set -e
set +o noglob
usage=$'Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https.
Please set --with-clair if needs enable Clair in Harbor
Please set --with-chartmuseum if needs enable Chartmuseum in Harbor'
item=0
# notary is not enabled by default
with_notary=$false
# clair is not enabled by default
with_clair=$false
# chartmuseum is not enabled by default
with_chartmuseum=$false
while [ $# -gt 0 ]; do
case $1 in
--help)
note "$usage"
exit 0;;
--with-notary)
with_notary=true;;
--with-clair)
with_clair=true;;
--with-chartmuseum)
with_chartmuseum=true;;
*)
note "$usage"
exit 1;;
esac
shift || true
done
workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $workdir
# The hostname in harbor.yml has not been modified
if grep '^[[:blank:]]*hostname: reg.mydomain.com' &> /dev/null harbor.yml
then
warn "$usage"
exit 1
fi
function check_docker {
if ! docker --version &> /dev/null
then
error "Need to install docker(17.06.0+) first and run this script again."
exit 1
fi
# docker has been installed and check its version
if [[ $(docker --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
then
docker_version=${BASH_REMATCH[1]}
docker_version_part1=${BASH_REMATCH[2]}
docker_version_part2=${BASH_REMATCH[3]}
# the version of docker does not meet the requirement
if [ "$docker_version_part1" -lt 17 ] || ([ "$docker_version_part1" -eq 17 ] && [ "$docker_version_part2" -lt 6 ])
then
error "Need to upgrade docker package to 17.06.0+."
exit 1
else
note "docker version: $docker_version"
fi
else
error "Failed to parse docker version."
exit 1
fi
}
function check_dockercompose {
if ! docker-compose --version &> /dev/null
then
error "Need to install docker-compose(1.18.0+) by yourself first and run this script again."
exit 1
fi
# docker-compose has been installed, check its version
if [[ $(docker-compose --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
then
docker_compose_version=${BASH_REMATCH[1]}
docker_compose_version_part1=${BASH_REMATCH[2]}
docker_compose_version_part2=${BASH_REMATCH[3]}
# the version of docker-compose does not meet the requirement
if [ "$docker_compose_version_part1" -lt 1 ] || ([ "$docker_compose_version_part1" -eq 1 ] && [ "$docker_compose_version_part2" -lt 18 ])
then
error "Need to upgrade docker-compose package to 1.18.0+."
exit 1
else
note "docker-compose version: $docker_compose_version"
fi
else
error "Failed to parse docker-compose version."
exit 1
fi
}
h2 "[Step $item]: checking installation environment ..."; let item+=1
check_docker
check_dockercompose
if [ -f harbor*.tar.gz ]
then
h2 "[Step $item]: loading Harbor images ..."; let item+=1
docker load -i ./harbor*.tar.gz
fi
echo ""
h2 "[Step $item]: preparing environment ..."; let item+=1
if [ -n "$host" ]
then
sed "s/^hostname: .*/hostname: $host/g" -i ./harbor.yml
fi
prepare_para=
if [ $with_notary ]
then
prepare_para="${prepare_para} --with-notary"
fi
if [ $with_clair ]
then
prepare_para="${prepare_para} --with-clair"
fi
if [ $with_chartmuseum ]
then
prepare_para="${prepare_para} --with-chartmuseum"
fi
./prepare $prepare_para
echo ""
if [ -n "$(docker-compose ps -q)" ]
then
note "stopping existing Harbor instance ..."
docker-compose down -v
fi
echo ""
h2 "[Step $item]: starting Harbor ..."
docker-compose up -d
protocol=http
hostname=reg.mydomain.com
if [ -n "$(grep '^[^#]*https:' ./harbor.yml)" ]
then
protocol=https
fi
if [[ $(grep '^[[:blank:]]*hostname:' ./harbor.yml) =~ hostname:[[:blank:]]*(.*) ]]
then
hostname=${BASH_REMATCH[1]}
fi
echo ""
success $"----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at ${protocol}://${hostname}.
For more details, please visit https://github.com/goharbor/harbor .
"
### 卸载旧docker
yum remove docker-ce
修改docker 源 阿里云
cat > /etc/yum.repos.d/docker-ce.repo << EOF
[docker-ce-stable]
name=Docker CE Stable - \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-\$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-edge]
name=Docker CE Edge - \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-edge-debuginfo]
name=Docker CE Edge - Debuginfo \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-\$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-edge-source]
name=Docker CE Edge - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test]
name=Docker CE Test - \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-\$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly]
name=Docker CE Nightly - \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-\$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
EOF
### 安装新版docker
yum install docker-ce -y
### 修改docker 启动文件
vim /usr/lib/systemd/system/docker.service
添加
/usr/bin/dockerd -H fd:// --graph /apps/docker -H unix:///var/run/docker.sock --max-concurrent-downloads=20
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
curl -L https://github.com/docker/compose/releases/download/1.24.0/docker-compose-`uname -s`-`uname -m` -o /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose
给予 install.sh prepare 可 执行权限
chmod +x install.sh prepare
执行 install.sh 安装harbor
./install.sh --with-notary --with-clair --with-chartmuseum
如果中途拉容器很慢可以结束再次执行直到拉取完毕
记得准备nginx 支持的域名证书
docker ps
[root@ceph-2-220 harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
15e1c335701f goharbor/nginx-photon:v1.8.1 "nginx -g 'daemon of…" 16 hours ago Up 16 hours (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
dbc4bc680006 goharbor/harbor-portal:v1.8.1 "nginx -g 'daemon of…" 16 hours ago Up 16 hours (healthy) 80/tcp harbor-portal
f84585de038d goharbor/harbor-jobservice:v1.8.1 "/harbor/start.sh" 16 hours ago Up 16 hours harbor-jobservice
f13bb671d1d0 goharbor/notary-server-photon:v0.6.1-v1.8.1 "/bin/server-start.sh" 16 hours ago Up 16 hours notary-server
5563dd968c54 goharbor/chartmuseum-photon:v0.8.1-v1.8.1 "/docker-entrypoint.…" 16 hours ago Up 16 hours (healthy) 9999/tcp chartmuseum
08f93f9a8f21 goharbor/harbor-core:v1.8.1 "/harbor/start.sh" 16 hours ago Up 16 hours (healthy) harbor-core
70d266d7bf26 goharbor/notary-signer-photon:v0.6.1-v1.8.1 "/bin/signer-start.sh" 16 hours ago Up 16 hours notary-signer
32bb83505406 goharbor/clair-photon:v2.0.8-v1.8.1 "/docker-entrypoint.…" 16 hours ago Up 16 hours (healthy) 6060-6061/tcp clair
f549a00846aa goharbor/harbor-db:v1.8.1 "/entrypoint.sh post…" 16 hours ago Up 16 hours (healthy) 5432/tcp harbor-db
cf3146e0ce9b goharbor/redis-photon:v1.8.1 "docker-entrypoint.s…" 16 hours ago Up 16 hours 6379/tcp redis
569652aa4da7 goharbor/registry-photon:v2.7.1-patch-2819-v1.8.1 "/entrypoint.sh /etc…" 16 hours ago Up 16 hours (healthy) 5000/tcp registry
0be5e4aaa3d3 goharbor/harbor-registryctl:v1.8.1 "/harbor/start.sh" 16 hours ago Up 16 hours (healthy) registryctl
3bef982a3f39 goharbor/harbor-log:v1.8.1 "/bin/sh -c /usr/loc…" 16 hours ago Up 16 hours (healthy) 127.0.0.1:1514->10514/tcp harbor-log
[root@ceph-2-220 harbor]# netstat -tnlp| grep docker-prox
tcp 0 0 127.0.0.1:1514 0.0.0.0:* LISTEN 2576614/docker-prox
tcp6 0 0 :::80 :::* LISTEN 2579058/docker-prox
tcp6 0 0 :::443 :::* LISTEN 2579043/docker-prox
tcp6 0 0 :::4443 :::* LISTEN 2579017/docker-prox
https://域名
### 测试 docker 仓库是否正常
[root@ceph-2-220 harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/chartmuseum-photon v0.8.1-v1.8.1 ef41a1168648 10 days ago 113MB
docker tag goharbor/chartmuseum-photon:v0.8.1-v1.8.1 域名/library/chartmuseum-photon:v0.8.1-v1.8.1
library 项目名称必须有
docker login 域名
## 输入账号密码
docker push 域名/library/chartmuseum-photon:v0.8.1-v1.8.1
打开web 页面查看是否上传成功
在其它任何服务器
docker login 域名
docker pull 域名/library/chartmuseum-photon:v0.8.1-v1.8.1
如果正常拉取 docker 私有仓库安装成功
添加 harbor helm-charts 仓库地址
helm repo add --username=admin --password=Harbor12345 myrepo https:/域名/chartrepo
具体的项目地址
helm repo add --username=admin --password=Harbor12345 library https:/域名/chartrepo/library
更新
helm repo update
安装 helm-push 插件
helm plugin install https://github.com/chartmuseum/helm-push
下载一个其它仓储已经有的项目
helm fetch stable/mysql
[root@jenkins ~]# ll mysql*
-rw-r--r-- 1 root root 5536 6月 28 08:48 mysql-0.3.5.tgz
上传到私有仓库
helm push mysql-0.3.5.tgz myrepo
更新repo
helm repo update
查找刚刚push mysql
helm search mysql
[root@jenkins ~]# helm search mysql
NAME CHART VERSION APP VERSION DESCRIPTION
myrepo/library/mysql 0.3.5 Fast, reliable, scalable, and easy to use open-...
repo_name1/mysql-broker 0.1.0 A Helm chart for Kubernetes
stable/mysql 0.3.5 Fast, reliable, scalable, and easy to us
第一个就是 web 页面查看
配置默认storageclass
mysql 使用到动态后端存储 不然mysql 一直不会进行部署
kubectl get storageclass
kubectl patch storageclass nfs-storage -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
取消默认
kubectl patch storageclass nfs-storage -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
kubectl get storageclass
helm install --name-template mysql myrepo/library/mysql
[root@jenkins ~]# helm list
NAME NAMESPACE REVISION UPDATED STATUS CHART
mysql default 1 2019-06-28 08:54:19.825429471 +0800 CST deployed mysql-0.3.5
[root@jenkins ~]# kubectl get service| grep mysql-mysql
mysql-mysql ClusterIP 10.64.160.92 3306/TCP 75m
[root@jenkins ~]# kubectl get pod| grep mysql
mysql-mysql-549d644d4-z2ctk 0/1 Running 0 59s
kubectl get secret --namespace default mysql-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
查看mysql 密码 连接mysql
不出问题一切ok
harbor 安装就完成了