一、安装
1、安装基础工具
yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git iproute lrzsz bash-completion tree bridge-utils unzip bind-utils gcc
2、安装依赖
yum install -y yum-utils device-mapper-persistent-data lvm2
3、设置Docker源
配置一个稳定(stable)的仓库、仓库配置会保存到/etc/yum.repos.d/docker-ce.repo文件中
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
4、安装Docker CE
更新Yum安装的相关Docke软件包&安装Docker CE
yum update -y && yum install docker-ce
5、配置daemon.json文件
创建目录
mkdir /etc/docker
配置daemon.json文件
cat > /etc/docker/daemon.json <<EOF
{"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"},"registry-mirrors": ["https://98zyayk8.mirror.aliyuncs.com"]}
EOF
说明"registry-mirrors": ["https://98zyayk8.mirror.aliyuncs.com"]是配置镜像加速器
6、启动Docker
systemctl daemon-reload && systemctl restart docker && systemctl enable docker
7、验证是否安装成功
docker --version
二、docker-compose安装
1、下载地址
https://github.com/docker/compose/releases
2、授权并移动
[root@centos ~]# ll
total 490428
-rw-------. 1 root root 1228 Oct 29 20:55 anaconda-ks.cfg
-rw-r--r--. 1 root root 11737584 Sep 21 2020 docker-compose
-rw-r--r--. 1 root root 490451083 Sep 21 2020 harbor-offline-installer-v1.2.0.tgz
[root@centos ~]# chmod +x docker-compose
[root@centos ~]# mv docker-compose /usr/local/sbin/docker-compose
[root@centos ~]#
3、查看是否安装成功
[root@centos ~]# docker-compose version
docker-compose version 1.23.1, build b02f1306
docker-py version: 3.5.0
CPython version: 3.6.7
OpenSSL version: OpenSSL 1.1.0f 25 May 2017
三、Harbor安装
1、下载地址
2、安装
解压
[root@centos ~]# tar -zxvf harbor-offline-installer-v1.2.0.tgz
进入目录
[root@centos ~]# ll
total 478964
-rw-------. 1 root root 1228 Oct 29 20:55 anaconda-ks.cfg
drwxr-xr-x. 3 root root 263 Jan 8 18:33 harbor
-rw-r--r--. 1 root root 490451083 Sep 21 2020 harbor-offline-installer-v1.2.0.tgz
[root@centos ~]# cd harbor/
修改配置
[root@centos harbor]# vim harbor.cfg
创建证书目录
[root@centos harbor]# mkdir -p /data/cert/
进入目录
[root@centos harbor]# cd !$
cd /data/cert/
[root@centos cert]#
生成证书私钥
[root@centos cert]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.......+++
................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
这里需要输入密码:Harbor12345
证书的服务
[root@centos cert]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:SZ
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:ZZQ
Organizational Unit Name (eg, section) []:ZZQ
Common Name (eg, your name or your server's hostname) []:harbor.register
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
备份私钥
[root@centos cert]# cp server.key server.key.org
[root@centos cert]# ll
total 12
-rw-r--r--. 1 root root 997 Jan 8 20:14 server.csr
-rw-r--r--. 1 root root 1743 Jan 8 20:13 server.key
-rw-r--r--. 1 root root 1743 Jan 8 20:14 server.key.org
转换为证书
[root@centos cert]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key
给证书签名
[root@centos cert]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=SZ/L=SZ/O=ZZQ/OU=ZZQ/CN=harbor.register
Getting Private key
给所有的证书授权
[root@centos cert]# chmod 755 *
[root@centos cert]# ll
total 16
-rwxr-xr-x. 1 root root 1176 Jan 8 20:29 server.crt
-rwxr-xr-x. 1 root root 989 Jan 8 20:27 server.csr
-rwxr-xr-x. 1 root root 1675 Jan 8 20:28 server.key
-rwxr-xr-x. 1 root root 1743 Jan 8 20:28 server.key.or
修改hosts
[root@centos cert]# echo "192.168.23.170 harbor.register" >> /etc/hosts
[root@centos cert]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.23.170 harbor.register
[root@centos cert]#
修改宿主机C:\Windows\System32\drivers\etc\hosts配置
安装
[root@centos cert]# /root/harbor/install.sh
[Step 0]: checking installation environment ...
Note: docker version: 20.10.12
Note: docker-compose version: 1.23.1
[Step 1]: loading Harbor images ...
Loaded image: vmware/registry:2.6.2-photon
Loaded image: photon:1.0
Loaded image: vmware/notary-photon:signer-0.5.0
Loaded image: vmware/clair:v2.0.1-photon
Loaded image: vmware/harbor-ui:v1.2.0
Loaded image: vmware/harbor-log:v1.2.0
Loaded image: vmware/harbor-db:v1.2.0
Loaded image: vmware/nginx-photon:1.11.13
Loaded image: vmware/postgresql:9.6.4-photon
Loaded image: vmware/harbor-adminserver:v1.2.0
Loaded image: vmware/harbor-jobservice:v1.2.0
Loaded image: vmware/notary-photon:server-0.5.0
Loaded image: vmware/harbor-notary-db:mariadb-10.1.10
[Step 2]: preparing environment ...
loaded secret from file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[Step 3]: checking existing instance of Harbor ...
Note: stopping existing Harbor instance ...
Removing harbor-jobservice ... done
Removing nginx ... done
Removing harbor-ui ... done
Removing harbor-db ... done
Removing registry ... done
Removing harbor-adminserver ... done
Removing harbor-log ... done
Removing network harbor_harbor
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db ... done
Creating harbor-adminserver ... done
Creating registry ... done
Creating harbor-ui ... done
Creating harbor-jobservice ... done
Creating nginx ... done
? ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://harbor.register.
For more details, please visit https://github.com/vmware/harbor .
关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
访问
用户名/密码 admin/Harbor12345
停止
[root@centos harbor]# pwd
/root/harbor
[root@centos harbor]# docker-compose stop
启动
[root@centos harbor]# pwd
/root/harbor
[root@centos harbor]# docker-compose start
重启
[root@centos harbor]# pwd
/root/harbor
[root@centos harbor]# docker-compose restart
四、上传镜像
1、上传镜像服务器hosts配置
[root@k8s-master01 ~]# echo "192.168.23.170 harbor.register" >> /etc/hosts
[root@k8s-master01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.23.160 k8s-master01
192.168.23.161 k8s-node01
192.168.23.162 k8s-node02
185.199.108.133 raw.githubusercontent.com
185.199.109.133 raw.githubusercontent.com
185.199.110.133 raw.githubusercontent.com
185.199.111.133 raw.githubusercontent.com
192.168.23.170 harbor.register
[root@k8s-master01 ~]#
2、上传镜像服务置daemon.json配置
"insecure-registries": ["https://harbor.register"]
[root@k8s-master01 ~]# cat /etc/docker/daemon.json
{"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"},"registry-mirrors": ["https://98zyayk8.mirror.aliyuncs.com"],"insecure-registries": ["https://harbor.register"]}
重启docker
[root@k8s-master01 ~]# service docker restart
3、准备镜像
下载镜像
[root@k8s-master01 ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
a2abf6c4d29d: Pull complete
a9edb18cadd1: Pull complete
589b7251471a: Pull complete
186b1aaa4aa6: Pull complete
b4df32aa5a72: Pull complete
a0bcbecc962e: Pull complete
Digest: sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
[root@k8s-master01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rancher/mirrored-flannelcni-flannel v0.16.1 404fc3ab6749 2 days ago 69.9MB
nginx latest 605c77e624dd 9 days ago 141MB
rancher/mirrored-flannelcni-flannel-cni-plugin v1.0.0 cd5235cd7dc2 2 months ago 9.03MB
k8s.gcr.io/coredns latest a4ca41631cc7 3 months ago 46.8MB
k8s.gcr.io/kube-apiserver v1.22.2 e64579b7d886 3 months ago 128MB
registry.aliyuncs.com/google_containers/kube-apiserver v1.22.2 e64579b7d886 3 months ago 128MB
k8s.gcr.io/kube-controller-manager v1.22.2 5425bcbd23c5 3 months ago 122MB
registry.aliyuncs.com/google_containers/kube-controller-manager v1.22.2 5425bcbd23c5 3 months ago 122MB
k8s.gcr.io/kube-proxy v1.22.2 873127efbc8a 3 months ago 104MB
registry.aliyuncs.com/google_containers/kube-proxy v1.22.2 873127efbc8a 3 months ago 104MB
k8s.gcr.io/kube-scheduler v1.22.2 b51ddc1014b0 3 months ago 52.7MB
registry.aliyuncs.com/google_containers/kube-scheduler v1.22.2 b51ddc1014b0 3 months ago 52.7MB
k8s.gcr.io/etcd 3.5.0-0 004811815584 6 months ago 295MB
registry.aliyuncs.com/google_containers/etcd 3.5.0-0 004811815584 6 months ago 295MB
registry.aliyuncs.com/google_containers/coredns v1.8.4 8d147537fb7d 7 months ago 47.6MB
k8s.gcr.io/pause 3.5 ed210e3e4a5b 9 months ago 683kB
registry.aliyuncs.com/google_containers/pause 3.5 ed210e3e4a5b 9 months ago 683kB
查看推送规则
标记镜像
[root@k8s-master01 ~]# docker tag nginx harbor.register/nginx/nginx:v1
[root@k8s-master01 ~]# dicker images
-bash: dicker: command not found
[root@k8s-master01 ~]# dicker images
-bash: dicker: command not found
[root@k8s-master01 ~]# docker images;
REPOSITORY TAG IMAGE ID CREATED SIZE
rancher/mirrored-flannelcni-flannel v0.16.1 404fc3ab6749 2 days ago 69.9MB
nginx latest 605c77e624dd 9 days ago 141MB
harbor.register/nginx/nginx v1 605c77e624dd 9 days ago 141MB
rancher/mirrored-flannelcni-flannel-cni-plugin v1.0.0 cd5235cd7dc2 2 months ago 9.03MB
k8s.gcr.io/coredns latest a4ca41631cc7 3 months ago 46.8MB
k8s.gcr.io/kube-apiserver v1.22.2 e64579b7d886 3 months ago 128MB
registry.aliyuncs.com/google_containers/kube-apiserver v1.22.2 e64579b7d886 3 months ago 128MB
registry.aliyuncs.com/google_containers/kube-controller-manager v1.22.2 5425bcbd23c5 3 months ago 122MB
k8s.gcr.io/kube-controller-manager v1.22.2 5425bcbd23c5 3 months ago 122MB
k8s.gcr.io/kube-scheduler v1.22.2 b51ddc1014b0 3 months ago 52.7MB
registry.aliyuncs.com/google_containers/kube-scheduler v1.22.2 b51ddc1014b0 3 months ago 52.7MB
k8s.gcr.io/kube-proxy v1.22.2 873127efbc8a 3 months ago 104MB
registry.aliyuncs.com/google_containers/kube-proxy v1.22.2 873127efbc8a 3 months ago 104MB
k8s.gcr.io/etcd 3.5.0-0 004811815584 6 months ago 295MB
registry.aliyuncs.com/google_containers/etcd 3.5.0-0 004811815584 6 months ago 295MB
registry.aliyuncs.com/google_containers/coredns v1.8.4 8d147537fb7d 7 months ago 47.6MB
k8s.gcr.io/pause 3.5 ed210e3e4a5b 9 months ago 683kB
registry.aliyuncs.com/google_containers/pause 3.5
登陆私有仓库
用户名/密码 admin/Harbor12345
[root@k8s-master01 ~]# docker login https://harbor.register/
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@k8s-master01 ~]#
上传镜像
[root@k8s-master01 ~]# docker push harbor.register/nginx/nginx:v1
The push refers to repository [harbor.register/nginx/nginx]
d874fd2bc83b: Pushed
32ce5f6a5106: Pushed
f1db227348d0: Pushed
b8d6e692a25e: Pushed
e379e8aedd4d: Pushed
2edcec3590a4: Pushed
v1: digest: sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3 size: 1570
查看推送结果