镜像仓库Harbor安装

最新推荐文章于 2024-10-10 17:29:14 发布

运维勺子

最新推荐文章于 2024-10-10 17:29:14 发布

阅读量695

点赞数

分类专栏： Docker 文章标签：运维

本文链接：https://blog.csdn.net/weixin_44280843/article/details/127006012

版权

Docker 专栏收录该内容

6 篇文章 0 订阅

订阅专栏

一、下载Harbor安装包

在 GitHub 下载最新的 Harbor 离线包，并上传至 Harbor 服务器，官方下载地址：https://github.com/goharbor/harbor/releases/

二、由于 Harbor 是采用 docker-compose 一键部署的，所以 Harbor 服务器也需要安装 Docker

配置docker的yum源：
[root@harbor ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@harbor ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@harbor ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@harbor ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo

安装docker：
[root@harbor ~]# yum install docker-ce-19.03.* docker-ce-cli-19.03.* -y

启动docker：
[root@harbor ~]# systemctl daemon-reload && systemctl enable --now docker

三、安装Compose

[root@harbor harbor]# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 12.1M  100 12.1M    0     0  2619k      0  0:00:04  0:00:04 --:--:-- 3756k

[root@harbor harbor]# chmod +x /usr/local/bin/docker-compose
[root@harbor harbor]# docker-compose -v
docker-compose version 1.29.2, build 5becea4c

四、安装完成后，将下载的 Harbor 离线包解压并载入 Harbor 镜像

[root@harbor harbor]# pwd
/opt/harbor
[root@harbor harbor]# ls
harbor-offline-installer-v2.5.3.tgz
解压：
[root@harbor harbor]# tar xf harbor-offline-installer-v2.5.3.tgz 
[root@harbor harbor]# ls
harbor  harbor-offline-installer-v2.5.3.tgz
[root@harbor harbor]# cd harbor
[root@harbor harbor]# ls
common.sh  harbor.v2.5.3.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare

harbor.v2.5.3.tar.gz（docker所用的镜像都放到这个压缩包里）
需要加载这个压缩包的镜像到本地：
[root@harbor harbor]# docker load -i harbor.v2.5.3.tar.gz

五、Harbor 默认提供了一个配置文件模板，需要更改如下

[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor harbor]# ls
common.sh  harbor.v2.5.3.tar.gz  harbor.yml  harbor.yml.tmpl  install.sh  LICENSE  prepare
[root@harbor harbor]# vim harbor.yml
第一处修改：
hostname: 192.168.126.136
# hostname：Harbor 的访问地址，可以是域名或者 IP，生产推荐使用域名，并且带有证书；
# 如果配置域名使用https，需要修改证书文件的位置：
  certificate: /your/certificate/path
  private_key: /your/private/key/path
# 如果没有证书需要将https相关配置注释
# https related config
#https:
#  # https port for harbor, default is 443
#  port: 443
#  # The path of cert and key files for nginx
#  certificate: /your/certificate/path
#  private_key: /your/private/key/path

第二处修改：修改 Harbor 的数据目录
# The default data volume
data_volume: /data/harbor

第三处：登录密码，按需修改即可
harbor_admin_password: Harbor12345

六、创建 Harbor 数据目录并进行预配置

[root@harbor harbor]# mkdir /data/harbor /var/log/harbor -p

预检查
[root@harbor harbor]# ./prepare 
prepare base dir is set to /opt/harbor/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

警告：建议使用https

7、执行安装

[root@harbor harbor]# ./install.sh 
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating redis         ... done
Creating registryctl   ... done
Creating registry      ... done
Creating harbor-db     ... done
Creating harbor-core   ... done
Creating nginx             ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----


[root@harbor harbor]# docker ps -a
CONTAINER ID        IMAGE                                COMMAND                  CREATED             STATUS                   PORTS                       NAMES
604d232dcee1        goharbor/harbor-jobservice:v2.5.3    "/harbor/entrypoint.…"   3 minutes ago       Up 3 minutes (healthy)                               harbor-jobservice
1d5fb24d525b        goharbor/nginx-photon:v2.5.3         "nginx -g 'daemon of…"   3 minutes ago       Up 3 minutes (healthy)   0.0.0.0:80->8080/tcp        nginx
55633f61f767        goharbor/harbor-core:v2.5.3          "/harbor/entrypoint.…"   3 minutes ago       Up 3 minutes (healthy)                               harbor-core
ee60376b20d4        goharbor/harbor-db:v2.5.3            "/docker-entrypoint.…"   3 minutes ago       Up 3 minutes (healthy)                               harbor-db
36237b1c2960        goharbor/registry-photon:v2.5.3      "/home/harbor/entryp…"   3 minutes ago       Up 3 minutes (healthy)                               registry
5a57c978dba1        goharbor/harbor-registryctl:v2.5.3   "/home/harbor/start.…"   3 minutes ago       Up 3 minutes (healthy)                               registryctl
8c0b09563f77        goharbor/redis-photon:v2.5.3         "redis-server /etc/r…"   3 minutes ago       Up 3 minutes (healthy)                               redis
bf20695bac91        goharbor/harbor-portal:v2.5.3        "nginx -g 'daemon of…"   3 minutes ago       Up 3 minutes (healthy)                               harbor-portal
f2a6f8392c6a        goharbor/harbor-log:v2.5.3           "/bin/sh -c /usr/loc…"   3 minutes ago       Up 3 minutes (healthy)   127.0.0.1:1514->10514/tcp   harbor-log

8、如果配置不是https协议，Docker 都需要添加 insecure-registries 配置

[root@k8s-master01 ~]# vim /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "insecure-registries": ["192.168.126.136"]   # harbor地址
}

 
[root@k8s-master01 ~]# systemctl daemon-reload
[root@k8s-master01 ~]# systemctl restart docker

九、访问域名或者IP

十、在Harbor上创建一个项目

十一、测试推送push本地镜像到Harbor

[root@k8s-master01 ~]# docker images
REPOSITORY                                                       TAG           IMAGE ID       CREATED         SIZE
quay.io/prometheus-operator/prometheus-operator                  v0.53.1       97af0514d789   7 months ago    49.4MB

给该镜像tag打上标签：
[root@k8s-master01 ~]# docker tag quay.io/prometheus-operator/prometheus-operator:v0.53.1 192.168.126.136/kubernetes/prometheus-operator:v0.53.1
[root@k8s-master01 ~]# docker images
REPOSITORY                                                       TAG           IMAGE ID       CREATED         SIZE
192.168.126.136/kubernetes/prometheus-operator                   v0.53.1       97af0514d789   7 months ago    49.4MB
quay.io/prometheus-operator/prometheus-operator                  v0.53.1       97af0514d789   7 months ago    49.4MB

登录harbor仓库：
[root@k8s-master01 ~]# docker login 192.168.126.136
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

推送镜像：
[root@k8s-master01 ~]# docker push 192.168.126.136/kubernetes/prometheus-operator:v0.53.1
The push refers to repository [192.168.126.136/kubernetes/prometheus-operator]
ec156de230ea: Pushed 
d0042e16727e: Pushed 
64cac9eaf0da: Pushed 
v0.53.1: digest: sha256:ebb1bf081f46269ea32c75def18e1bad637d32020b87d341ad58b3a5c9b9ee79 size: 949