Harbor安装

一、安装

1、安装基础工具

yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git iproute lrzsz bash-completion tree bridge-utils unzip bind-utils gcc

2、安装依赖

yum install -y yum-utils device-mapper-persistent-data lvm2

3、设置Docker源

配置一个稳定（stable）的仓库、仓库配置会保存到/etc/yum.repos.d/docker-ce.repo文件中

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

4、安装Docker CE

更新Yum安装的相关Docke软件包&安装Docker CE

yum update -y && yum install docker-ce

5、配置daemon.json文件

 创建目录

mkdir /etc/docker

配置daemon.json文件

cat > /etc/docker/daemon.json <<EOF
{"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"},"registry-mirrors": ["https://98zyayk8.mirror.aliyuncs.com"]}
EOF

说明"registry-mirrors": ["https://98zyayk8.mirror.aliyuncs.com"]是配置镜像加速器

6、启动Docker

systemctl daemon-reload && systemctl restart docker && systemctl enable docker

7、验证是否安装成功

docker --version

二、docker-compose安装

1、下载地址

https://github.com/docker/compose/releases

2、授权并移动

[root@centos ~]# ll
total 490428
-rw-------. 1 root root      1228 Oct 29 20:55 anaconda-ks.cfg
-rw-r--r--. 1 root root  11737584 Sep 21  2020 docker-compose
-rw-r--r--. 1 root root 490451083 Sep 21  2020 harbor-offline-installer-v1.2.0.tgz
[root@centos ~]# chmod +x docker-compose
[root@centos ~]# mv docker-compose /usr/local/sbin/docker-compose
[root@centos ~]# 

3、查看是否安装成功

[root@centos ~]# docker-compose version
docker-compose version 1.23.1, build b02f1306
docker-py version: 3.5.0
CPython version: 3.6.7
OpenSSL version: OpenSSL 1.1.0f  25 May 2017

三、Harbor安装

1、下载地址

Releases · goharbor/harbor · GitHubAn open source trusted cloud native registry project that stores, signs, and scans content. - Releases · goharbor/harborhttps://github.com/goharbor/harbor/releases

2、安装

解压

[root@centos ~]# tar -zxvf  harbor-offline-installer-v1.2.0.tgz

进入目录

[root@centos ~]# ll
total 478964
-rw-------. 1 root root      1228 Oct 29 20:55 anaconda-ks.cfg
drwxr-xr-x. 3 root root       263 Jan  8 18:33 harbor
-rw-r--r--. 1 root root 490451083 Sep 21  2020 harbor-offline-installer-v1.2.0.tgz
[root@centos ~]# cd harbor/

修改配置

[root@centos harbor]# vim harbor.cfg

 创建证书目录

[root@centos harbor]# mkdir -p /data/cert/

进入目录

[root@centos harbor]# cd !$
cd /data/cert/
[root@centos cert]#

生成证书私钥

[root@centos cert]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.......+++
................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

这里需要输入密码：Harbor12345

证书的服务

[root@centos cert]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:SZ
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:ZZQ
Organizational Unit Name (eg, section) []:ZZQ
Common Name (eg, your name or your server's hostname) []:harbor.register
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

备份私钥

[root@centos cert]# cp server.key server.key.org
[root@centos cert]# ll
total 12
-rw-r--r--. 1 root root  997 Jan  8 20:14 server.csr
-rw-r--r--. 1 root root 1743 Jan  8 20:13 server.key
-rw-r--r--. 1 root root 1743 Jan  8 20:14 server.key.org

转换为证书

[root@centos cert]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key

给证书签名

[root@centos cert]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=SZ/L=SZ/O=ZZQ/OU=ZZQ/CN=harbor.register
Getting Private key

给所有的证书授权

[root@centos cert]# chmod 755 *
[root@centos cert]# ll
total 16
-rwxr-xr-x. 1 root root 1176 Jan  8 20:29 server.crt
-rwxr-xr-x. 1 root root  989 Jan  8 20:27 server.csr
-rwxr-xr-x. 1 root root 1675 Jan  8 20:28 server.key
-rwxr-xr-x. 1 root root 1743 Jan  8 20:28 server.key.or

修改hosts

[root@centos cert]# echo "192.168.23.170 harbor.register" >> /etc/hosts
[root@centos cert]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.23.170 harbor.register
[root@centos cert]#

修改宿主机C:\Windows\System32\drivers\etc\hosts配置

 安装

[root@centos cert]# /root/harbor/install.sh 

[Step 0]: checking installation environment ...

Note: docker version: 20.10.12

Note: docker-compose version: 1.23.1

[Step 1]: loading Harbor images ...
Loaded image: vmware/registry:2.6.2-photon
Loaded image: photon:1.0
Loaded image: vmware/notary-photon:signer-0.5.0
Loaded image: vmware/clair:v2.0.1-photon
Loaded image: vmware/harbor-ui:v1.2.0
Loaded image: vmware/harbor-log:v1.2.0
Loaded image: vmware/harbor-db:v1.2.0
Loaded image: vmware/nginx-photon:1.11.13
Loaded image: vmware/postgresql:9.6.4-photon
Loaded image: vmware/harbor-adminserver:v1.2.0
Loaded image: vmware/harbor-jobservice:v1.2.0
Loaded image: vmware/notary-photon:server-0.5.0
Loaded image: vmware/harbor-notary-db:mariadb-10.1.10


[Step 2]: preparing environment ...
loaded secret from file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.


[Step 3]: checking existing instance of Harbor ...

Note: stopping existing Harbor instance ...
Removing harbor-jobservice  ... done
Removing nginx              ... done
Removing harbor-ui          ... done
Removing harbor-db          ... done
Removing registry           ... done
Removing harbor-adminserver ... done
Removing harbor-log         ... done
Removing network harbor_harbor


[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db          ... done
Creating harbor-adminserver ... done
Creating registry           ... done
Creating harbor-ui          ... done
Creating harbor-jobservice  ... done
Creating nginx              ... done

? ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://harbor.register. 
For more details, please visit https://github.com/vmware/harbor .

关闭防火墙

systemctl stop firewalld && systemctl disable firewalld

访问

https://harbor.register/

用户名/密码  admin/Harbor12345

停止

[root@centos harbor]# pwd
/root/harbor
[root@centos harbor]# docker-compose stop

启动

[root@centos harbor]# pwd
/root/harbor
[root@centos harbor]# docker-compose start

重启

[root@centos harbor]# pwd
/root/harbor
[root@centos harbor]# docker-compose restart

四、上传镜像

1、上传镜像服务器hosts配置

[root@k8s-master01 ~]# echo "192.168.23.170 harbor.register" >> /etc/hosts
[root@k8s-master01 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.23.160 k8s-master01
192.168.23.161 k8s-node01
192.168.23.162 k8s-node02
185.199.108.133 raw.githubusercontent.com
185.199.109.133 raw.githubusercontent.com
185.199.110.133 raw.githubusercontent.com
185.199.111.133 raw.githubusercontent.com
192.168.23.170 harbor.register
[root@k8s-master01 ~]# 

2、上传镜像服务置daemon.json配置

"insecure-registries": ["https://harbor.register"]

[root@k8s-master01 ~]# cat  /etc/docker/daemon.json
{"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"},"registry-mirrors": ["https://98zyayk8.mirror.aliyuncs.com"],"insecure-registries": ["https://harbor.register"]}

重启docker 

[root@k8s-master01 ~]# service docker restart

3、准备镜像

下载镜像

[root@k8s-master01 ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
a2abf6c4d29d: Pull complete 
a9edb18cadd1: Pull complete 
589b7251471a: Pull complete 
186b1aaa4aa6: Pull complete 
b4df32aa5a72: Pull complete 
a0bcbecc962e: Pull complete 
Digest: sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
[root@k8s-master01 ~]# docker images
REPOSITORY                                                        TAG       IMAGE ID       CREATED        SIZE
rancher/mirrored-flannelcni-flannel                               v0.16.1   404fc3ab6749   2 days ago     69.9MB
nginx                                                             latest    605c77e624dd   9 days ago     141MB
rancher/mirrored-flannelcni-flannel-cni-plugin                    v1.0.0    cd5235cd7dc2   2 months ago   9.03MB
k8s.gcr.io/coredns                                                latest    a4ca41631cc7   3 months ago   46.8MB
k8s.gcr.io/kube-apiserver                                         v1.22.2   e64579b7d886   3 months ago   128MB
registry.aliyuncs.com/google_containers/kube-apiserver            v1.22.2   e64579b7d886   3 months ago   128MB
k8s.gcr.io/kube-controller-manager                                v1.22.2   5425bcbd23c5   3 months ago   122MB
registry.aliyuncs.com/google_containers/kube-controller-manager   v1.22.2   5425bcbd23c5   3 months ago   122MB
k8s.gcr.io/kube-proxy                                             v1.22.2   873127efbc8a   3 months ago   104MB
registry.aliyuncs.com/google_containers/kube-proxy                v1.22.2   873127efbc8a   3 months ago   104MB
k8s.gcr.io/kube-scheduler                                         v1.22.2   b51ddc1014b0   3 months ago   52.7MB
registry.aliyuncs.com/google_containers/kube-scheduler            v1.22.2   b51ddc1014b0   3 months ago   52.7MB
k8s.gcr.io/etcd                                                   3.5.0-0   004811815584   6 months ago   295MB
registry.aliyuncs.com/google_containers/etcd                      3.5.0-0   004811815584   6 months ago   295MB
registry.aliyuncs.com/google_containers/coredns                   v1.8.4    8d147537fb7d   7 months ago   47.6MB
k8s.gcr.io/pause                                                  3.5       ed210e3e4a5b   9 months ago   683kB
registry.aliyuncs.com/google_containers/pause                     3.5       ed210e3e4a5b   9 months ago   683kB

查看推送规则

 标记镜像

[root@k8s-master01 ~]# docker tag nginx harbor.register/nginx/nginx:v1
[root@k8s-master01 ~]# dicker images
-bash: dicker: command not found
[root@k8s-master01 ~]# dicker images
-bash: dicker: command not found
[root@k8s-master01 ~]# docker images;
REPOSITORY                                                        TAG       IMAGE ID       CREATED        SIZE
rancher/mirrored-flannelcni-flannel                               v0.16.1   404fc3ab6749   2 days ago     69.9MB
nginx                                                             latest    605c77e624dd   9 days ago     141MB
harbor.register/nginx/nginx                                       v1        605c77e624dd   9 days ago     141MB
rancher/mirrored-flannelcni-flannel-cni-plugin                    v1.0.0    cd5235cd7dc2   2 months ago   9.03MB
k8s.gcr.io/coredns                                                latest    a4ca41631cc7   3 months ago   46.8MB
k8s.gcr.io/kube-apiserver                                         v1.22.2   e64579b7d886   3 months ago   128MB
registry.aliyuncs.com/google_containers/kube-apiserver            v1.22.2   e64579b7d886   3 months ago   128MB
registry.aliyuncs.com/google_containers/kube-controller-manager   v1.22.2   5425bcbd23c5   3 months ago   122MB
k8s.gcr.io/kube-controller-manager                                v1.22.2   5425bcbd23c5   3 months ago   122MB
k8s.gcr.io/kube-scheduler                                         v1.22.2   b51ddc1014b0   3 months ago   52.7MB
registry.aliyuncs.com/google_containers/kube-scheduler            v1.22.2   b51ddc1014b0   3 months ago   52.7MB
k8s.gcr.io/kube-proxy                                             v1.22.2   873127efbc8a   3 months ago   104MB
registry.aliyuncs.com/google_containers/kube-proxy                v1.22.2   873127efbc8a   3 months ago   104MB
k8s.gcr.io/etcd                                                   3.5.0-0   004811815584   6 months ago   295MB
registry.aliyuncs.com/google_containers/etcd                      3.5.0-0   004811815584   6 months ago   295MB
registry.aliyuncs.com/google_containers/coredns                   v1.8.4    8d147537fb7d   7 months ago   47.6MB
k8s.gcr.io/pause                                                  3.5       ed210e3e4a5b   9 months ago   683kB
registry.aliyuncs.com/google_containers/pause                     3.5

登陆私有仓库

用户名/密码  admin/Harbor12345

[root@k8s-master01 ~]# docker login https://harbor.register/
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@k8s-master01 ~]# 

上传镜像

[root@k8s-master01 ~]# docker push harbor.register/nginx/nginx:v1
The push refers to repository [harbor.register/nginx/nginx]
d874fd2bc83b: Pushed 
32ce5f6a5106: Pushed 
f1db227348d0: Pushed 
b8d6e692a25e: Pushed 
e379e8aedd4d: Pushed 
2edcec3590a4: Pushed 
v1: digest: sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3 size: 1570

查看推送结果