Harbor Deployment (Docker-compose)
前期准备
-
禁用swap分区
-
修改主机名和时间同步
-
关闭防火墙和关闭selinux
-
安装 Docker
以上步骤参照 K8S Deployment HA
- 安装 Docker-compose
# https://github.com/docker/compose/releases
wget -c https://github.com/docker/compose/releases/download/v2.26.1/docker-compose-linux-aarch64
mv docker-compose-linux-aarch64 /usr/bin/docker-compose && chmod a+x /usr/bin/docker-compose && docker-compose --version
创建stl证书
# 模拟域名,公司可以申请域名
# 10.83.195.6 bigdata.harbor.com
# 一般使用公司证书,模拟使用
mkdir -p /opt/k8s/helm/stl && cd /opt/k8s/helm/stl
# 生成 CA 证书私钥
openssl genrsa -out ca.key 4096
# 生成 CA 证书
openssl req -x509 -new -nodes -sha512 -days 36500 \
-subj "/C=CN/ST=Guangdong/L=Shenzhen/O=harbor/OU=harbor/CN=bigdata.harbor.com" \
-key ca.key \
-out ca.crt
# 创建域名证书,生成私钥
openssl genrsa -out bigdata.harbor.com.key 4096
# 生成证书签名请求 CSR
openssl req -sha512 -new \
-subj "/C=CN/ST=Guangdong/L=Shenzhen/O=harbor/OU=harbor/CN=bigdata.harbor.com" \
-key bigdata.harbor.com.key \
-out bigdata.harbor.com.csr
# 生成 x509 v3 扩展
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=bigdata.harbor.com
DNS.2=*.bigdata.harbor.com
DNS.3=hostname
EOF
#创建 Harbor 访问证书
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in bigdata.harbor.com.csr \
-out bigdata.harbor.com.crt
Harbor 部署
下载
# https://github.com/goharbor/harbor/releases
mkdir -p /data/harbor && cd /data/harbor && wget -c https://github.com/goharbor/harbor/releases/download/v2.10.1/harbor-offline-installer-v2.10.1.tgz
tar -zxvf harbor-offline-installer-v2.10.1.tgz
cp harbor.yml.tmpl harbor.yml
修改配置
vim harbor.yml
hostname: 10.83.195.6
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /opt/k8s/helm/stl/bigdata.harbor.com.crt
private_key: /opt/k8s/helm/stl/bigdata.harbor.com.key
harbor_admin_password: admin@123 # harbor web
data_volume: /data/harbor/data # 镜像存储路径
安装
./install.sh
# ✔ ----Harbor has been installed and started successfully.----
推送镜像
vim /etc/docker/daemon.json
# insecure-registries harbor地址
{
"registry-mirrors": ["https://ogeydad1.mirror.aliyuncs.com"],
"insecure-registries": ["https://10.83.195.6"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
# 重启 docker
systemctl reload docker && systemctl restart docker
docker-compose restart
# 拉取镜像
docker pull nginx:1.16
# 打标签
docker image tag nginx:1.16 10.83.195.6/bigdata/nginx:1.16
# 登录仓库
docker login https://10.83.195.6
# admin/admin@123
# Login Succeeded
# 推镜像到Harbor
docker push 10.83.195.6/bigdata/nginx:1.16