k8s安装harbor
一、离线或在线安装
1、下载压缩包
1.离线安装
https://github.com/goharbor/harbor/releases/download/v2.9.0/harbor-offline-installer-v2.9.0.tgz
2.在线安装
$ https://github.com/goharbor/harbor/releases/download/v2.9.0/harbor-online-installer-v2.9.0.tgz
2、创建证书
1、生成CA证书私钥
openssl genrsa -out ca.key 4096
2、生成CA证书(使用自己的域名)
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=k8s.harbor.com" \
-key ca.key \
-out ca.crt
3、生成私钥
openssl genrsa -out k8s.harbor.com.key 4096
4、生成证书签名csr
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=k8s.harbor.com" \
-key k8s.harbor.com.key \
-out k8s.harbor.com.csr
5、生成 x509 v3 扩展文件
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=k8s.harbor.com
DNS.2=192.168.220.134
EOF
6、使用该文件为harbor主机生成证书。v3.ext
将 CSR 和 CRT 文件名中的 替换为 Harbor 主机名。yourdomain.com
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in k8s.harbor.com.csr \
-out k8s.harbor.com.crt
3、证书目录
crt转换cert
openssl x509 -inform PEM -in k8s.harbor.com.crt -out k8s.harbor.com.cert
将服务器证书,密钥和CA文件复制到Harbor主机上的Docker证书文件夹中
mkdir -p /etc/docker/certs.d/k8s.harbor.com/
cp -r k8s.harbor.com.cert /etc/docker/certs.d/k8s.harbor.com/
cp -r k8s.harbor.com.key /etc/docker/certs.d/k8s.harbor.com/
cp -r ca.crt /etc/docker/certs.d/k8s.harbor.com/
通过 HTTP 连接到 Harbor
重要:如果您的 Harbor 安装使用 HTTP 而不是 HTTPS,则必须将该选项添加到客户端的 Docker 守护程序中。
docker.service
--insecure-registry k8s.harbor.com
/etc/docker/daemon.json
{
"insecure-registries" : ["k8s.harbor.com:5000", "0.0.0.0","192.168.220.134"]
}
systemctl daemon-reload
systemctl restart docker
4、http升级https:
vim harbor.yml
./prepare
docker compose down -v
docker compose up -d
helm安装高可用harbor
https://goharbor.io/docs/2.9.0/install-config/harbor-ha-helm/
http-harbor搭建
1、下载离线包,解压改配置
vim harbor.yml
##修改hostname
hostname: harbor.local
##注释ssl,确认harbor密码
harbor_admin_password: Hahahaha
2、安装harbor
apt install docker.io docker-compose -y
./prepare
cat docker-compose.yml
./install.sh 或者 docker-compose up -d
登录–新建项目(公开)
public-images