#创建docker配置文件目录[root@harbor ~]# mkdir /etc/docker/#编辑配置文件,修改docker存储目录,并配置日志限制(可选)[root@harbor ~]# vi /etc/docker/daemon.json{"data-root":"/data/disk01/docker",
"log-driver":"json-file",
"log-opts":{"max-size":"500m", "max-file":"7"}}[root@harbor ~]# cd /etc/docker/[root@harbor docker]# mkdir -p ./certs.d/mydockerhub.com:18443[root@harbor docker]# cp /data/cert/mydockerhub.com.cert /data/cert/mydockerhub.com.key /data/cert/ca.crt ./certs.d/mydockerhub.com:18443/#目录结构如下
/etc/docker/certs.d/
└── mydockerhub.com:18443
├── mydockerhub.com.cert <-- Server certificate signed by CA
├── mydockerhub.com.key <-- Server key signed by CA
└── ca.crt
#启动docker,并配置开机自启[root@harbor dockerhub.dsj.com:18443]# systemctl start docker && systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
#查看docker服务状态[root@harbor dockerhub.dsj.com:18443]# systemctl status docker
#上次harbor离线包 harbor-offline-installer-v2.4.1.tgz [root@harbor ~]# tar xf harbor-offline-installer-v2.4.1.tgz -C /data[root@harbor ~]# cd /data/harbor#创建证书存储目录[root@harbor harbor]# mkdir cert#拷贝证书文件[root@harbor harbor]# cp /data/cert/mydockerhub.com.crt /data/cert/mydockerhub.com.key ./cert/[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml#修改harbor安装配置文件,主要修改以下内容[root@harbor harbor]# vi harbor.yml# Configuration file of Harbor# The IP address or hostname to access admin UI and registry service.# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: mydockerhub.com #harbor的域名# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 18080#http协议端口,设置https协议后会自动跳转到external_url# https related config
https:
# https port for harbor, default is 443
port: 18443#https协议的端口# The path of cert and key files for nginx
certificate: /data/disk01/harbor/cert/mydockerhub.com.crt #crt证书路径
private_key: /data/disk01/harbor/cert/mydockerhub.com.key #key证书路径# # Uncomment following will enable tls communication between all harbor components# internal_tls:# # set enabled to true means internal tls is enabled# enabled: true# # put your cert and key files on dir# dir: /etc/harbor/tls/internal# Uncomment external_url if you want to enable external proxy# And when it enabled the hostname will no longer used
external_url: https://mydockerhub.com:18443 #harbor的访问url# The initial password of Harbor admin# It only works in first time to install harbor# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor_123 #harbor的admin密码# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root_123 #harbor的数据库root密码# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 100# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.# Note: the default number of connections is 1024 for postgres of harbor.
max_open_conns: 900# The default data volume
data_volume: /data/disk01/harbor_data #harbor的数据存储目录# Harbor Storage settings by default is using /data dir on local filesystem# Uncomment storage_service setting If you want to using external storage# storage_service:# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.# ca_bundle:# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/# filesystem:# maxthreads: 100# # set disable to true when you want to disable registry redirect.................................
#导入harbor所需的docker镜像[root@harbor harbor]# docker load -i harbor.v2.4.1.tar.gz#运行安装脚本[root@harbor harbor]# ./prepare[root@harbor harbor]# ./install.sh[Step 0]: checking ifdocker is installed ...
Note: docker version: 20.10.12
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.29.1
[Step 2]: loading Harbor images ...
Loaded image: goharbor/registry-photon:v2.4.1
Loaded image: goharbor/notary-signer-photon:v2.4.1
Loaded image: goharbor/harbor-core:v2.4.1
Loaded image: goharbor/redis-photon:v2.4.1
Loaded image: goharbor/harbor-jobservice:v2.4.1
Loaded image: goharbor/harbor-registryctl:v2.4.1
Loaded image: goharbor/nginx-photon:v2.4.1
Loaded image: goharbor/notary-server-photon:v2.4.1
Loaded image: goharbor/harbor-log:v2.4.1
Loaded image: goharbor/harbor-db:v2.4.1
Loaded image: goharbor/harbor-exporter:v2.4.1
Loaded image: goharbor/trivy-adapter-photon:v2.4.1
Loaded image: goharbor/chartmuseum-photon:v2.4.1
Loaded image: goharbor/prepare:v2.4.1
Loaded image: goharbor/harbor-portal:v2.4.1
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /data/disk01/harbor
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis ... done
Creating harbor-portal ... done
Creating harbor-db ... done
Creating registry ... done
Creating registryctl ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
#查看harbor的状态[root@harbor harbor]# docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------------------------------------------------------------------------------------
harbor-core /harbor/entrypoint.sh Up (healthy)
harbor-db /docker-entrypoint.sh 9613 Up (healthy)
harbor-jobservice /harbor/entrypoint.sh Up (healthy)
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy)127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy)
nginx nginx -g daemon off; Up (healthy)0.0.0.0:18080->8080/tcp,:::18080->8080/tcp, 0.0.0.0:18443->8443/tcp,:::18443->8443/tcp
redis redis-server /etc/redis.conf Up (healthy)
registry /home/harbor/entrypoint.sh Up (healthy)
registryctl /home/harbor/start.sh Up (healthy)#访问测试
https://10.4.11.40:18443/
用户名:admin
密码:Harbor_123
#根据需要创建所需项目及用户
例:创建名为kubesphere、grafana、thanosio、calico的项目用来存储kubesphere部署所需镜像,并创建kubesphere用户授权为该项目的项目管理员角色