harbor私有仓库部署

Harbor 简介

    Harbor是构建企业级私有docker镜像的仓库的开源解决方案，它是Docker Registry的更高级封装，它除了提供友好的Web UI界面，角色和用户权限管理，用户操作审计等功能外，它还整合了K8s的插件(Add-ons)仓库，即Helm通过chart方式下载，管理，安装K8s插件，而chartmuseum可以提供存储chart数据的仓库【注:helm就相当于k8s的yum】。另外它还整合了两个开源的安全组件，一个是Notary，另一个是Clair，Notary类似于私有CA中心，而Clair则是容器安全扫描工具，它通过各大厂商提供的CVE漏洞库来获取最新漏洞信息，并扫描用户上传的容器是否存在已知的漏洞信息，这两个安全功能对于企业级私有仓库来说是非常具有意义的。

1. 安装docker

yum -y install docker-ce

systemctl  restart docker && systemctl enable docker

要想用其他节点都要添加

cat > /etc/docker/daemon.json <<EOF

{

  "insecure-registries":["https://hub.wql.com"]　　#仓库域名

}

EOF

mkdir -p /etc/systemd/system/docker.service.d

systemctl daemon-reload && systemctl restart docker && systemctl enable docker

2.安装docker编排工具compose

最好自己网站下载，容易报错

下载地址：

curl -L https://github.com/docker/compose/releases/download/1.9.0/docker-compose-`uname -s`-`uname -m`  > /usr/local/bin/docker-compose

https://github.com/docker/compose/releases/tag/1.14.0-rc2

https://github.com/docker/compose/releases/tag/1.25.0-rc4

wget https://github.com/docker/compose/releases/tag/1.14.0-rc2/docker-compose-Linux-x86_64

yum -y install  lrzsz

mv  docker-compose  /usr/local/bin

Chmod a+x /usr/local/bin/docker-compose

3.安装harbor

下载地址：  Harbor  官方地址： https://github.com/vmware/harbor/releases

包地址：https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-offline-installer-v1.2.0.tgz

tar -zxvf  harbor-offline-installer-v1.2.0.tgz

 mv harbor /usr/local/

 cd /usr/local/harbor/

[root@harbor harbor]# vim harbor.cfg

 5 hostname = hub.wql.com 域名

 9 ui_url_protocol = https 协议

24 ssl_cert = /data/cert/server.crt 　　#创建一下/data/cert 目录

 mkdir -p /data/cert

4. 创建证书

cd /data/cert

]# openssl genrsa -des3 -out server.key 2048

Enter pass phrase for server.key: 这里输入密码，随便填

Verifying - Enter pass phrase for server.key:

[root@harbor cert]#  openssl req -new -key server.key -out server.csr #创建证书请求

Enter pass phrase for server.key: 输入密码

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN 国家

State or Province Name (full name) []:BJ 城市

Locality Name (eg, city) [Default City]:BJ 地方

Organization Name (eg, company) [Default Company Ltd]:wql 机构

Organizational Unit Name (eg, section) []:wql 组织

Common Name (eg, your name or your server's hostname) []:hub.wql.com 邮箱

Email Address []:wqlong0821@163.com 管理员邮箱

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []: 是否改密码（这里直接回车）

An optional company name []:



cp server.key server.key.org 备份一下

openssl rsa -in server.key.org -out server.key 转换证书（去掉密码）

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt 签名

chmod  a+x * 赋权

共4个

5.运行脚本进行安装

cd /usr/local/harbor/

./install.sh

vim  /etc/hosts

192.168.4.10    master01

192.168.4.50    node01

192.168.4.51    node02

192.168.4.53    hub.wql.com

6.验证浏览器访问

https://hub.wql.com/

请注意，默认管理员用户名 / 密码为 admin / Harbor12345

要在/usr/local/harbor/目录

重启harbor

./prepare 

 docker-compose down 　　//关闭docker-compose

 docker-compose up -d 　　//开启docker-compose

7.命令行登录测试

~]# docker login https://hub.wql.com

Username: admin　　#用户名

Password:　　#密码

WARNING! Your password will be stored unencrypted in /root/.docker/config.json.

Configure a credential helper to remove this warning.

See https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

8.推送镜像

 把镜像打标签，并上传harbor

docker tag   nginx:v1  hub.wql.com/library/nginx:v1

docker push   hub.wql.com/library/nginx:v1

下载测试

docker pull hub.wql.com/library/nginx:v1

kubectl  run nginx1-deployment --image=hub.wql.com/library/nginx:v1  --port=80 --replicas=1

kubectl  get pod

kubectl  get pod -o wide

 curl 10.244.3.24