部署 harbor 私有仓库
下载 docker-compose-1.12.0
# wget https://github.com/docker/compose/releases/download/1.12.0/docker-compose-Linux-x86_64
# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
# chmod a+x /usr/bin/docker-compose
下载 harbor-1.1.2
# wget --continue https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-offline-installer-v1.1.2.tgz
# tar -xzvf harbor-offline-installer-v1.1.2.tgz
# cd harbor
导入离线安装包中 harbor 相关的 docker images:
# docker load -i harbor.v1.1.2.tar.gz
dd60b611baaa: Loading layer [==================================================>] 133.2MB/133.2MB
0bfc226dc2e8: Loading layer [==================================================>] 1.536kB/1.536kB
66c3231118d2: Loading layer [==================================================>] 17.69MB/17.69MB
fe2c778bb727: Loading layer [==================================================>] 17.69MB/17.69MB
Loaded image: vmware/harbor-jobservice:v1.1.2
fe4c16cbf7a4: Loading layer [==================================================>] 128.9MB/128.9MB
c4a8b7411af4: Loading layer [==================================================>] 60.57MB/60.57MB
3f117c44afbb: Loading layer [==================================================>] 3.584kB/3.584kB
3569f62067e2: Loading layer [==================================================>] 17.86MB/17.86MB
Loaded image: vmware/nginx:1.11.5-patched
Loaded image: photon:1.0
4a050fccec52: Loading layer [==================================================>] 12.16MB/12.16MB
d918d73369ec: Loading layer [==================================================>] 17.3MB/17.3MB
22898836924e: Loading layer [==================================================>] 15.87kB/15.87kB
Loaded image: vmware/notary-photon:server-0.5.0
a39bd6a7f897: Loading layer [==================================================>] 10.95MB/10.95MB
6f79b8337a1f: Loading layer [==================================================>] 17.3MB/17.3MB
74bbd0e81dd0: Loading layer [==================================================>] 15.87kB/15.87kB
Loaded image: vmware/notary-photon:signer-0.5.0
2df722677b4c: Loading layer [==================================================>] 7.062MB/7.062MB
e5338f288c70: Loading layer [==================================================>] 7.062MB/7.062MB
Loaded image: vmware/harbor-adminserver:v1.1.2
b79e6c985050: Loading layer [==================================================>] 21.26MB/21.26MB
568e827ac2db: Loading layer [==================================================>] 7.168kB/7.168kB
e120e08d1ae8: Loading layer [==================================================>] 12.92MB/12.92MB
c678c146825f: Loading layer [==================================================>] 9.728kB/9.728kB
835ee5702bce: Loading layer [==================================================>] 2.56kB/2.56kB
eaf7ac0e9e24: Loading layer [==================================================>] 21.26MB/21.26MB
Loaded image: vmware/harbor-ui:v1.1.2
c8ef72937018: Loading layer [==================================================>] 67.93MB/67.93MB
01e57c31fb31: Loading layer [==================================================>] 3.584kB/3.584kB
ae8312f0516f: Loading layer [==================================================>] 3.072kB/3.072kB
47b646017cc6: Loading layer [==================================================>] 3.072kB/3.072kB
Loaded image: vmware/harbor-log:v1.1.2
5d6cbe0dbcf9: Loading layer [==================================================>] 129.2MB/129.2MB
435f2dfbd884: Loading layer [==================================================>] 344.6kB/344.6kB
814d7b59f0cc: Loading layer [==================================================>] 4.657MB/4.657MB
aae399245bd0: Loading layer [==================================================>] 1.536kB/1.536kB
21e2ae955f72: Loading layer [==================================================>] 33.84MB/33.84MB
a2d0f7b84059: Loading layer [==================================================>] 25.09kB/25.09kB
819fa6af55b8: Loading layer [==================================================>] 3.584kB/3.584kB
78914c99a468: Loading layer [==================================================>] 167.7MB/167.7MB
36e79c658afb: Loading layer [==================================================>] 6.144kB/6.144kB
f73503aca003: Loading layer [==================================================>] 9.216kB/9.216kB
a21b39f6da59: Loading layer [==================================================>] 1.536kB/1.536kB
2f0fcce131fa: Loading layer [==================================================>] 7.68kB/7.68kB
cbf999ad70ad: Loading layer [==================================================>] 4.608kB/4.608kB
8005207f317c: Loading layer [==================================================>] 4.608kB/4.608kB
Loaded image: vmware/harbor-db:v1.1.2
69c25b821c78: Loading layer [==================================================>] 22.79MB/22.79MB
5b403ac6f7ea: Loading layer [==================================================>] 3.584kB/3.584kB
9e2e304b5fe5: Loading layer [==================================================>] 2.048kB/2.048kB
Loaded image: vmware/registry:2.6.1-photon
78dbfa5b7cbc: Loading layer [==================================================>] 130.9MB/130.9MB
5f70bf18a086: Loading layer [==================================================>] 1.024kB/1.024kB
8deec01122be: Loading layer [==================================================>] 344.6kB/344.6kB
574ab36807f2: Loading layer [==================================================>] 1.536kB/1.536kB
d8f2cde2eef8: Loading layer [==================================================>] 20.48kB/20.48kB
eaa3924b054e: Loading layer [==================================================>] 5.12kB/5.12kB
8aa2c772121c: Loading layer [==================================================>] 184.3MB/184.3MB
c3014bbccb0b: Loading layer [==================================================>] 8.704kB/8.704kB
978a35efaa8c: Loading layer [==================================================>] 4.608kB/4.608kB
c2385ae7d6e5: Loading layer [==================================================>] 16.6MB/16.6MB
Loaded image: vmware/harbor-notary-db:mariadb-10.1.10
创建证书
# cd /etc/pki/CA
# vim /etc/pki/tls/openssl.cnf
countryName_default = CN
stateOrProvinceName_default = GuangDong
localityName_default = ShenZhen
0.organizationName_default = k8s
organizationalUnitName_default = System
创建根证书
# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
harbor证书签名请求
# openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor.key -out harbor.csr
# touch index.txt
# echo '01' > serial
解决x509: certificate signed by unknown authority
# echo subjectAltName = IP:192.168.22.137 > extfile.cnf
颁发证书
# openssl ca -in harbor.csr -out harbor.crt -cert ca.crt -keyfile ca.key -extfile extfile.cnf -outdir .
# mkdir /etc/harbor/ssl -p
# cp harbor.crt harbor.key /etc/harbor/ssl
配置 harbor
# vim harbor.cfg
hostname = 192.168.22.137 # 修改为本机IP或者域名
ui_url_protocol = https
ssl_cert = /etc/harbor/ssl/harbor.crt
ssl_cert_key = /etc/harbor/ssl/harbor.key
verify_remote_cert = off
加载和启动 harbor 镜像
# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 17.12.1
Note: docker-compose version: 1.12.0
[Step 1]: loading Harbor images ...
Loaded image: vmware/harbor-jobservice:v1.1.2
Loaded image: vmware/nginx:1.11.5-patched
Loaded image: photon:1.0
Loaded image: vmware/notary-photon:server-0.5.0
Loaded image: vmware/notary-photon:signer-0.5.0
Loaded image: vmware/harbor-adminserver:v1.1.2
Loaded image: vmware/harbor-ui:v1.1.2
Loaded image: vmware/harbor-log:v1.1.2
Loaded image: vmware/harbor-db:v1.1.2
Loaded image: vmware/registry:2.6.1-photon
Loaded image: vmware/harbor-notary-db:mariadb-10.1.10
[Step 2]: preparing environment ...
Clearing the configuration file: ./common/config/adminserver/env
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/jobservice/app.conf
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/nginx/nginx.conf
loaded secret from file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[Step 3]: checking existing instance of Harbor ...
Note: stopping existing Harbor instance ...
Stopping harbor-jobservice ... done
Stopping harbor-ui ... done
Stopping registry ... done
Stopping harbor-adminserver ... done
Stopping harbor-db ... done
Stopping harbor-log ... done
Removing nginx ... done
Removing harbor-jobservice ... done
Removing harbor-ui ... done
Removing registry ... done
Removing harbor-adminserver ... done
Removing harbor-db ... done
Removing harbor-log ... done
Removing network harbor_harbor
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log
Creating harbor-adminserver
Creating registry
Creating harbor-db
Creating harbor-ui
Creating harbor-jobservice
Creating nginx
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://192.168.22.137.
For more details, please visit https://github.com/vmware/harbor .
访问管理界面
浏览器访问 https://192.168.22.137
帐号:admin
密码:Harbor12345 (在harbor.cfg配置文件中)
修改 docker 启动项
解决x509: certificate signed by unknown authority
# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --insecure-registry=192.168.22.137
# systemctl daemon-reload
# systemctl restart docker
登录 docker registry
# docker login -u admin 192.168.22.137
Password:
Login Succeeded
贴标签
# docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.8.3 192.168.22.137/library/kubernetes-dashboard-amd64:v1.8.3
转存image到仓库
# docker push 192.168.22.137/library/kubernetes-dashboard-amd64:v1.8.3
The push refers to repository [192.168.22.137/library/kubernetes-dashboard-amd64]
23ddb8cbb75a: Pushed
v1.8.3: digest: sha256:050620264fb56824b1bc1b9876f9c17875d96bb9fb96d5c34027ddbf65786f62 size: 529
