Harbor的用docker-composeharbor部署

古冷 2018-06-23 480人围观 kubernetesdockercontainer
简单的说,Harbor 是一个企业级的 Docker Registry,可以实现 images 的私有存储和日志统计权限控制等功能,并支持创建多项目(Harbor 提出的概念),基于官方 Registry V2 实现
项目的三个角色
1.项目管理员(project admin)     权限:push/pull/delete/
2.开发者(development)     权限:push/pull
3.客人(guest)     权限:pull
下载docker-coposes
wget https://github.com/docker/compose/releases/download/1.21.2/docker-compose-Linux-x86_64
mv docker-compose-Linux-x86_64 /usr/bin/
mv /usr/bin/docker-compose-Linux-x86_64  /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose


下载harbor离线安装包:
wget  --continue https://github.com/vmware/harbor/releases

https://storage.googleapis.com/harbor-releases/release-1.5.0/harbor-offline-installer-v1.5.0-rc2.tgz

导入 docker images
导入离线安装包中 harbor 相关的 docker images:
tar xf harbor-offline-installer-v1.4.0.tgz
cd harbor/
docker load  -i harbor.v1.4.0.tar.gz
创建 harbor nginx 服务器使用的 TLS 证书
[root@k8s-master1 ssl]# cat ca-config.json
{
 "signing": {
   "default": {
     "expiry": "8760h"
   },
   "profiles": {
     "kubernetes": {
       "usages": [
           "signing",
           "key encipherment",
           "server auth",
           "client auth"
       ],
       "expiry": "8760h"
     }
   }
 }
}
[root@k8s-master1 ssl]# cat ca-csr.json
{
 "CN": "kubernetes",
 "key": {
   "algo": "rsa",
   "size": 2048
 },
 "names": [
   {
     "C": "CN",
     "ST": "BeiJing",
     "L": "BeiJing",
     "O": "k8s",
     "OU": "System"
   }
 ]
}
生成CA
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
$ cat > harbor-csr.json <<EOF{  "CN": "harbor",  "hosts": [    "127.0.0.1",    "$NODE_IP"            #这个使用ssl的本机的ip地址  ],  "key": {    "algo": "rsa",    "size": 2048  },  "names": [    {      "C": "CN",      "ST": "BeiJing",      "L": "BeiJing",      "O": "k8s",      "OU": "System"    }  ]}EOF
cfssl gencert -ca=/etc/kubernetes/ssl/ca.pem \  -ca-key=/etc/kubernetes/ssl/ca-key.pem \  -config=/etc/kubernetes/ssl/ca-config.json \  -profile=kubernetes harbor-csr.json | cfssljson -bare harbor
修改 harbor.cfg 文件
hostname = 192.168.163.130
ui_url_protocol = https
ssl_cert = /etc/harbor/ssl/harbor.pem ssl_cert_key = /etc/harbor/ssl/harbor-key.pem
加载和启动 harbor 镜像
$ ./install.sh

clipboard3.png


遇到的错误:
ERROR: Failed to Setup IP tables: Unable to enable SKIP DNAT rule:  (iptables failed: iptables --wait -t nat -I DOCKER -i br-7f72a78149c3 -j RETURN: iptables: No chain/target/match by that name.
(exit status 1))

clipboard4.png

解决:

systemctl restart  docker.service


访问:

默认的账号密码admin   Harbor12345

clipboard5.png

harbor 运行时产生的文件、目录
$ # 日志目录$ ls /var/log/harbor/2017-04-19/ adminserver.log  jobservice.log  mysql.log  proxy.log  registry.log  ui.log $ # 数据目录,包括数据库、镜像仓库$ ls /data/ ca_download  config  database  job_logs registry  secretkey
docker 客户端登陆
将签署 harbor 证书的 CA 证书拷贝到 /etc/docker/certs.d/192.168.163.130 目录下
mkdir   /etc/docker/certs.d/192.168.163.130
cp /etc/kubernetes/ssl/ca.pem /etc/docker/certs.d/192.168.163.130/ca.crt
docker登陆 harbor
docker login 192.168.163.130 Username: admin                 #这是用户名,或者web新添加的用户名账号 Password:
认证信息自动保存到 ~/.docker/config.json 文件。
配置docker的harbor的地址
[root@k8s-master1 ssl]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],"insecure-registries":["http://192.168.163.130"]
}
systemctl restart  docker.service
push镜像到harbor
docker tag centos 192.168.163.130/aa/centos     #打tag
docker push 192.168.163.130/aa/centos             #上传
web图形界面的使用,复制什么功能只是slave的功能,同步到别的harbor仓库而已
https://www.cnblogs.com/huangjc/p/6270405.html?utm_source=itdadao&utm_medium=referral
其他操作:
$ # 停止 harbor$ docker-compose down -v
# 修改配置$ vim harbor.cfg $ # 更修改的配置更新到 docker-compose.yml 文件
[root@tjwq01-sys-bs003007 harbor]# ./prepareClearing the configuration file: ./common/config/ui/app.conf Clearing the configuration file: ./common/config/ui/env Clearing the configuration file: ./common/config/ui/private_key.pem Clearing the configuration file: ./common/config/db/env Clearing the configuration file: ./common/config/registry/root.crt Clearing the configuration file: ./common/config/registry/config.yml Clearing the configuration file: ./common/config/jobservice/app.conf Clearing the configuration file: ./common/config/jobservice/env Clearing the configuration file: ./common/config/nginx/cert/admin.pem Clearing the configuration file: ./common/config/nginx/cert/admin-key.pem Clearing the configuration file: ./common/config/nginx/nginx.conf Clearing the configuration file: ./common/config/adminserver/env loaded secret from file: /data/secretkey Generated configuration file: ./common/config/nginx/nginx.conf Generated configuration file: ./common/config/adminserver/env Generated configuration file: ./common/config/ui/env Generated configuration file: ./common/config/registry/config.yml Generated configuration file: ./common/config/db/env Generated configuration file: ./common/config/jobservice/env Generated configuration file: ./common/config/jobservice/app.conf Generated configuration file: ./common/config/ui/app.conf Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt The configuration files are ready, please use docker-compose to start the service. $ # 启动 harbor[root@tjwq01-sys-bs003007 harbor]# docker-compose up -d


请发表您的评论
152文章数 1评论数
请关注微信公众号
微信二维码
Powered By Z-BlogPHP