k8s 安装 Harbor 镜像仓库

4/26/2020 - 2:36 AM

k8s 安装 Harbor 镜像仓库

Rendered
Source

配置 docker 认可私有仓库安全证书：

vi /etc/docker/daemon.json
# 如下内容，添加： "insecure-registries": ["https://hub.hsl.com"]
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "insecure-registries": ["https://hub.hsl.com"]
}

# 重启 docker 生效
systemctl restart docker

安装 docker-compose

curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

Harbor 安装：官方地址：官方地址：https://github.com/vmware/harbor/releases

# 下载 Harbor
wget https://github.com/goharbor/harbor/releases/download/v2.0.0-rc1/harbor-offline-installer-v2.0.0-rc1.tgz
# 解压 Harbor 软件包到 /usr/local/harbor
tar -zxvf harbor-offline-installer-v2.0.0-rc1.tgz -C /usr/local/
# 配置 harbor.yml
cp -a harbor.yml.tmpl harbor.yml
vi /usr/local/harbor/harbor.yml 
# 修改参数：
hostname = hub.hsl.com
certificate: /data/cert/server.crt
private_key: /data/cert/server.key

harbor_admin_password: Harbor12345

创建 https 权限证书以及配置相关目录

mkdir -p /data/cert/
cd !$   # cd /data/cert/

# 生成私钥 server.key
openssl genrsa -des3 -out server.key 2048
# 创建证书请求 csr : CN
openssl req -new -key server.key -out server.csr
# Country Name (2 letter code) [XX]:CN
# State or Province Name (full name) []:BJ
# Locality Name (eg, city) [Default City]:BJ
# Organization Name (eg, company) [Default Company Ltd]:HSL
# Organizational Unit Name (eg, section) []:HSL
# Common Name (eg, your name or your server's hostname) []:hub.hsl.com

# 备份私钥 && 去除密码
cp server.key server.key.org && openssl rsa -in server.key.org -out server.key 

# 签名生成证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

# 赋予权限
chmod -R 777 /data/cert/*

安装 Harbor

cd /usr/local/harbor
./install.sh

# 安装完成后 个性 hosts 测试
echo "192.168.66.100 hub.hsl.com" >> /etc/hosts

# 浏览器打开 hub.hsl.com 测试（可以使用 firefox 浏览器跳过https安全限制）
如果要用 chrome 访问，参考：https://segmentfault.com/a/1190000012394467

使用 docker 登录测试

docker login https://hub.hsl.com
# 默认账户密码： admin:Harbor12345

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

k8s 安装 Harbor 镜像仓库

配置 docker 认可私有仓库安全证书：

安装 docker-compose

Harbor 安装：官方地址：官方地址：https://github.com/vmware/harbor/releases

创建 https 权限证书以及配置相关目录

安装 Harbor

使用 docker 登录测试