5. harbor镜像私服

最新推荐文章于 2022-12-07 23:08:12 发布

hzw@sirius

最新推荐文章于 2022-12-07 23:08:12 发布

阅读量528

点赞数

分类专栏：从零开始安装kubernetes 文章标签： docker nginx linux

本文链接：https://blog.csdn.net/qq_19655405/article/details/117252046

版权

从零开始安装kubernetes 专栏收录该内容

33 篇文章 11 订阅

订阅专栏

操作节点：node200.hzw.com 172.10.10.200

harbor镜像私服

下载harbor包

从github上获取：https://github.com/goharbor/harbor/releases
在这里插入图片描述

下载完离线安装包后传到目标节点

安装harbor

了解一点：
harbor启动后是多个容器的，其启动方式是使用docker-compose来进行编排的
上面下载的离线安装包，其实包含了启动harbor需要的所有镜像

安装docker-compose

因为harbor的install.sh中是使用docker-compose启动harbor的

下载docker-compose二进制运行程序
https://github.com/docker/compose/releases
拷贝到二进制程序到/usr/bin下并授执行权限
cp docker-compose-Linux-x86_64 /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose
docker-compose -version

解压安装harbor

1.解压harbor离线安装包到/opt/harbor下
tar -xzvf harbor-offline-installer-v2.1.4-rc1.tgz -C /opt/
2.配置/opt/harbor/harbor.yml

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.ob.com
# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 800
# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /your/certificate/path
  private_key: /your/private/key/path
# 默认管理员密码
harbor_admin_password: Harbor12345
database:
  password: root123
  max_idle_conns: 50
  max_open_conns: 1000
data_volume: /data/harbor
log:
  level: info
  local:
    # 日志轮转归档数量
    rotate_count: 5
    # 日志轮转大小
    rotate_size: 200M
    # 设置日志保存目录
    location: /data/harbor/logs

TODO https后续还要看怎么使用
3.启动安装脚本
配置好harbor.yml配置后，就可以执行install脚本了./opt/harbor/install.sh，安装执行步骤大致如下

[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.4
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.28.5
[Step 2]: loading Harbor images ...
Loaded image: goharbor/prepare:v2.1.4
Loaded image: goharbor/harbor-registryctl:v2.1.4
Loaded image: goharbor/notary-signer-photon:v2.1.4
Loaded image: goharbor/clair-photon:v2.1.4
Loaded image: goharbor/harbor-log:v2.1.4
Loaded image: goharbor/trivy-adapter-photon:v2.1.4
Loaded image: goharbor/chartmuseum-photon:v2.1.4
Loaded image: goharbor/harbor-core:v2.1.4
Loaded image: goharbor/harbor-jobservice:v2.1.4
Loaded image: goharbor/redis-photon:v2.1.4
Loaded image: goharbor/registry-photon:v2.1.4
Loaded image: goharbor/clair-adapter-photon:v2.1.4
Loaded image: goharbor/harbor-portal:v2.1.4
Loaded image: goharbor/harbor-db:v2.1.4
Loaded image: goharbor/nginx-photon:v2.1.4
Loaded image: goharbor/notary-server-photon:v2.1.4
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
[Step 5]: starting Harbor ...
Creating network "harborv214_harbor" with the default driver
Creating harbor-log ... done
Creating registry      ... done
Creating registryctl   ... done
Creating harbor-portal ... done
Creating harbor-db     ... done
Creating redis         ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done
✔ ----Harbor has been installed and started successfully.----

install.sh执行后，实际上在/opt/harbor目录下生成了

变量配置common目录
docker-compose.yml - 启动harbor的docker编排配置文件
后续可以直接使用或修改docker-compose.yml手动使用docker-compose重启harbor容器编排群，比如修改端口映射呀什么的

此时我遇到一个大坑，用两天去解决：**访问harbor时curl: (56) Recv failure: Connection reset by peer **
问题探索解决过程
我在虚拟机上部署的docker，其网络是虚拟网络，虚拟的docker0网桥需要设置成promiscuous模式，至于什么原因，我也不知道。。。
解决： ifconfig docker0 promisc 直接将docker0的mode设置成promiscuous模式，就可以了
注意具体是哪个网桥哦

感受一下：admin/Harbor12345

nginx代理harbor

安装nginx

添加源
到 cd /etc/yum.repos.d/ 目录下
vim nginx.repo

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key

yum makecache
yum install nginx

配置nginx代理harbor服务

vi /etc/nginx/conf.d/harbor.hzwod.com.conf

server {
    listen            80;
    server_name         harbor.hzwod.com;
    client_max_body_size     1000m;
    location / {
        proxy_pass http://127.0.0.1:180;
    }
}

client_max_body_size 1000m; 是为了防止镜像某一层过大导致nginx异常
nginx -t 测试一下nginx配置
systemctl start nginx 启动
systemctl enable nginx 自启
这个时候harbor已经能访问了，但我们还需要通过域名来访问，那就需要在我们自建dns上进行域名映射

域名映射

dns服务上配置，node11（172.10.10.11）上
vi /var/named/hzwod.com.zone
添加记录：harbor IN A 172.10.10.200
在这里插入图片描述 systemctl restart named 重启dns

其他细节参照自建dns那一节内容

docker登录harbor

docker daemon.json
vi /etc/docker/daemon.json
将目标harbor服务域名配置到insecure-registries中，否则docker loging时会通过通过ssl进行登录
我们现在测试暂不使用证书，故这样配置
docker login harbor.hzwod.com
docker tag hello-word:latest harbor.hzwod.com/public/hello-world:v.hzw