由于k8s拉取镜像速度很慢,因此做了此文章。
文章内容分别做了docker仓库搭建以及客户端验证。
特别说明:
此文章直接复制脚本内容就可以搭建成功(前提是你的etc下也有一个harbor的安装包如果没有可以自己网上下载或者找博主私信)。
系统环境:
centos7
IP | 节点名称 |
---|---|
192.168.182.150 | master |
192.168.182.151 | node-1 |
1、修改主机名称,关闭防火墙,关闭selinux。
所有节点执行(主机名称需要在相应节点执行)
hostnamectl set-hostname master
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
2、解压harbor软件、安装docker、安装docker-compose。
master节点执行。
cd /etc
tar -zxf harbor-offline-installer-v1.10.1.tgz
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce -y
curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose -v
3、修改harbor内容。
mastet节点执行
cat /etc/harbor/harbor.yml
1 # Configuration file of Harbor
2
3 # The IP address or hostname to access admin UI and registry service.
4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
5 hostname: www.www.com
6
7 # http related config
8 http:
9 # port for http, default is 80. If https enabled, this port will redirect to https port
10 port: 80
11
12 # https related config
13 https:
14 # https port for harbor, default is 443
15 port: 443
16 # The path of cert and key files for nginx
17 certificate: /etc/harbor/ssl/www.www.crt
18 private_key: /etc/harbor/ssl/www.www.com.key
19
20 # Uncomment external_url if you want to enable external proxy
21 # And when it enabled the hostname will no longer used
22 # external_url: https://reg.mydomain.com:8433
23
24 # The initial password of Harbor admin
25 # It only works in first time to install harbor
26 # Remember Change the admin password from UI after launching Harbor.
27 harbor_admin_password: Harbor12345
28
29 # Harbor DB configuration
30 database:
31 # The password for the root user of Harbor DB. Change this before any production use.
32 password: root123
33 # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
34 max_idle_conns: 50
35 # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
36 # Note: the default number of connections is 100 for postgres.
37 max_open_conns: 100
38
39 # The default data volume
40 data_volume: /data
4、配置所需证书、创建所需目录。
master节点执行
mkdir /data
mkdir /etc/harbor/ssl
cd /etc/harbor/ssl
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.www.com.key -out www.www.com.csr
openssl x509 -req -days 365 -in www.www.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.www.crt
上面证书要注意域名和国家。
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:www.www.com
最后一条命令显示如下成功。
Signature ok
subject=/C=CN/L=Default City/O=Default Company Ltd/CN=www.www.com
Getting CA Private Key
5、安装并启动harbor,修改docker国内源。
master节点执行。
systemctl start docker
vim /etc/docker/daemon.json
{"registry-mirrors":["https://t5t8q6wn.mirror.aliyuncs.com"]}
systemctl daemon-reload
systemctl restart docker
./prepare
./install.sh
6、配置开机启动harbor。
master节点执行
cat /etc/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
#需要注意harbor的安装位置
ExecStart=/usr/local/bin/docker-compose -f /etc/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /etc/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
[root@master harbor]# systemctl daemon-reload
systemctl enable harbor
systemctl enable docker
7、web界面访问(去配置文件找密码)。
8、创建项目。
9、创建用户(我在截图之前创建了一个用户所以显示用户存在,大家在实验的时候不会出现问题)。
10、把www用户加入到项目。
11、客户端安装docker创建目录。
node-1节点执行
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce -y
mkdir /etc/docker/certs.d/www.www.com -p
12、master节点拷贝证书到node-1节点、master节点创建相应目录、master节点登录harbor用户。
master节点执行。
echo '192.168.182.150 www.www.com' >> /etc/hosts
scp www.www.crt root@192.168.182.151:///etc/docker/certs.d/www.www.com
mdkir -p /etc/docker/certs.d/www.www.com
cd /etc/docker/certs.d/www.www.com
cp -a /etc/harbor/ssl/www.www.crt .
docker login www.www.com -uwww -pAbc123..
13、master上传镜像到harbor。
master节点执行
docker pull nginx
docker tag nginx www.www.com/www/nginx:v1
docker push www.www.com/www/nginx:v1
14、web界面查看harbor仓库。
15、客户端启动docker、登录harbor。
node-1节点执行
systemctl start docker
systemctl enable docker
echo '192.168.182.150 www.www.com' >> /etc/hosts
[root@node-1 www.www.com]# docker login www.www.com -uwww -pAbc123..
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
16、客户端下载harbor镜像仓库验证。
node-1节点执行。
docker pull www.www.com/www/nginx:v1
v1: Pulling from www/nginx
a076a628af6f: Pull complete
0732ab25fa22: Pull complete
d7f36f6fe38f: Pull complete
f72584a26f32: Pull complete
7125e4df9063: Pull complete
Digest: sha256:0b159cd1ee1203dad901967ac55eee18c24da84ba3be384690304be93538bea8
Status: Downloaded newer image for www.www.com/www/nginx:v1
www.www.com/www/nginx:v1
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
www.www.com/www/nginx v1 f6d0b4767a6c 2 weeks ago 133MB