004 企业私有仓库harbor搭建

Harbor 私有仓库搭建

系统环境

1. OS: CentOS stream 8
2. Harbor: harbor-online-installer-v2.1.5.tgz https://github.com/goharbor/harbor/releases

harbor基本配置

1. 软件包解压

   [root@k8s-master01 ~]# tar -xzvf harbor-online-installer-v2.1.5.tgz
   

2. 移动软件包到目标目录

   [root@k8s-master01 ~]# mv harbor /opt
   

3. 进入目标软件包

   [root@k8s-master01 ~]# cd /opt/harbor/
   

4. 复制配置文件

   [root@k8s-master01 harbor]# cp harbor.yml.tmpl harbor.yml
   

5. 修改相应配置

   [root@k8s-master01 harbor]# vim harbor.yml
   
   5 hostname: harbor.zkhy.com   # 修改为自己的域名
   ...
   17 certificate: /data/certs/harbor.zkhy.com.crt    # 注意修改
   18 private_key: /data/certs/harbor.zkhy.com.key    # 注意修改
   ...
   36 harbor_admin_password: xxxxxxxx  # 是否修改自行决定
   

制作签名证书

1. 创建存放数字证书的目录, harbor.yml 配置文件会从这个目录中读取证书文件

   [root@k8s-master01 harbor]# mkdir -p /data/certs && cd /data/certs
   

2. 创建CA根证书

   [root@k8s-master01 certs]# openssl req -newkey rsa:4096 \
   -nodes -sha256 \
   -keyout ca.key \
   -x509 -days 36500 \
   -out ca.crt \
   -subj "/C=CN/L=BJ/O=zkhy_harbor/CN=harbor-registry"
   
   Generating a RSA private key
   ......++++
   ..........................................................++++
   writing new private key to 'ca.key'
   

3. 生成一个证书签名, 设置访问域名为harbor.zkhy.com（修改为自己的域名）

   [root@k8s-master01 certs]# openssl req -newkey rsa:4096 \
   -nodes -sha256 \
   -keyout harbor.zkhy.com.key \
   -out server.csr \
   -subj  "/C=CN/L=BJ/O=zkhy_harbor/CN=harbor.zhky.com"
   
   Generating a RSA private key
   ...............................++++
   ................................................................................................................................................++++
   writing new private key to 'harbor.zkhy.com.key'
   -----
   
   

4. 生成主机的证书

   [root@k8s-master01 certs]# openssl x509 -req \
   -days 36500 \
   -in server.csr \
   -CA ca.crt \
   -CAkey ca.key \
   -CAcreateserial \
   -out harbor.zkhy.com.crt
   
   Signature ok
   subject=C = CN, L = BJ, O = zkhy_harbor, CN = harbor.zhky.com
   Getting CA Private Key
   

5. 查看证书

   [root@k8s-master01 certs]# ls
   
   ca.crt  ca.key  ca.srl  harbor.zkhy.com.crt  harbor.zkhy.com.key  server.csr
   

安装docker-compose

注： docker-compose 请使用23及以上版本, 23以下版本可能会报错

compose版本库

1. 下载响应的版本

2. 拷贝至 /user/bin 目录

3. 重命名为 docker-compose

4. 赋予可执行应权限 chmod a+x docker-compose

   [root@k8s-master01 ~]# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
   [root@k8s-master01 ~]# chmod a+x /usr/bin/docker-compose
   [root@k8s-master01 ~]# docker-compose version
   
   docker-compose version 1.29.2, build 5becea4c
   docker-py version: 5.0.0
   CPython version: 3.7.10
   OpenSSL version: OpenSSL 1.1.0l  10 Sep 2019
   

域名解析配置

# linux
# vim /etc/hosts
# 文件末尾添加 192.168.74.134 harbor.zkhy.com # 根据实际情况配置

# windows 
# 修改C:\Windows\System32\drivers\etc 目录下的hosts文件,
# 文件末尾添加 192.168.74.134 harbor.zkhy.com # 根据实际情况配置

注： 凡是使用本harbor的机器都要添加本配置或局域网内配置域名解析

daemon.json 文件配置

# 编辑, 没有自动创建
[root@k8s-master01 ~]# vim /etc/docker/daemon.json

# 添加
{
    "registry-mirrors": ["https://6rm6idob.mirror.aliyuncs.com"],
    "insecure-registries": ["harbor.zkhy.com"]  # 主要添加内容
}
注： 需要登录的机器上需要配置改行配置

# daemon.json 重新加载
[root@k8s-master01 ~]# systemctl daemon-reload

# 重启服务
[root@k8s-master01 ~]# systemctl restart docker

Harbor服务部署

[root@k8s-master01 certs]# cd /opt/harbor/
[root@k8s-master01 harbor]# ./prepare 

prepare base dir is set to /opt/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. ...
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

[root@k8s-master01 harbor]# docker-compose down -v

Removing network harbor_harbor
WARNING: Network harbor_harbor not found.

[root@k8s-master01 harbor]# docker-compose up -d

注：An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

参考：docker-compose up 启动容器服务超时错误：ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

浏览器登录

1. 输入 harbor.zkhy.com 会遇到证书问题，高级 >> 直接进入即可

2. 输入配置文件harbor.yml中的用户名-密码, 即可进入,内容页

终端登录

docker login harbor.zkhy.com

# 输入用户名 密码 即可

镜像推送(需要终端登录harbor)

# 镜像标记
docker tag SOURCE_IMAGE[:TAG] hub.zkhy.com/library/REPOSITORY[:TAG]

# 镜像推送
docker push hub.zkhy.com/library/REPOSITORY[:TAG]