实验环境:
| 角色 | IP |
|---|---|
| Harbor | 172.16.3.225/21 |
| Client | 172.16.3.226/21 |
实验步骤:
1)安装Docker,关闭firewalld,Selinux,步骤省略…
[root@k8s-master01 ~]# vim /usr/lib/systemd/system/docker.service
添加:
--insecure-registry=hub.china.com # 因为我们的仓库是不安全的,所以我们需要在这里告诉Docker让他相信我们这个仓库是可呗信用的
[root@k8s-master01 ~]# systemctl daemon-reload
[root@k8s-master01 ~]# systemctl restart docker
Docker-compose下载地址
Harbor仓库下载地址
2) 安装Harbor
[root@k8s-master01 ~]# wget https://github.com/goharbor/harbor/releases/download/v2.1.3/harbor-offline-installer-v2.1.3.tgz
[root@k8s-master01 ~]# wget https://github.com/docker/compose/releases/download/1.25.0-rc4/docker-compose-Linux-x86_64
[root@k8s-master01 ~]# mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
[root@k8s-master01 ~]# chmod a+x /usr/local/bin/docker-compose
[root@k8s-master01 ~]# docker-compose -v
docker-compose version 1.25.0-rc4, build 8f3c9c58
[root@k8s-master01 ~]# tar zxf harbor-offline-installer-v2.1.3.tgz
[root@k8s-master01 ~]# mv harbor /usr/local/
[root@k8s-master01 ~]# cd /usr/local/harbor/
[root@k8s-master01 harbor]# cp harbor.yml.tmpl harbor.yml
[root@k8s-master01 harbor]# cat > harbor.yml << EOF
hostname: hub.china.com
https:
port: 443
certificate: /usr/local/harbor/cert/server.crt
private_key: /usr/local/harbor/cert/server.key
harbor_admin_password: Harbor12345
database:
password: root123
max_idle_conns: 50
max_open_conns: 1000
data_volume: /usr/local/harbor/data
clair:
updaters_interval: 12
trivy:
ignore_unfixed: false
skip_update: false
insecure: false
jobservice:
max_job_workers: 10
notification:
webhook_job_max_retry: 10
chart:
absolute_url: disabled
log:
level: info
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: 2.0.0
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- clair
- trivy
EOF
[root@k8s-master01 harbor]# mkdir cert
[root@k8s-master01 harbor]# cd cert/
3)创建https证书以及配置相关目录权限
[root@k8s-master01 cert]# openssl genrsa -des3 -out server.key 2048 # 生成私钥
[root@k8s-master01 cert]# openssl req -new -key server.key -out server.csr # 创建证书的请求,server.csr
[root@k8s-master01 cert]# cp server.key server.key.org # 私钥备份
[root@k8s-master01 cert]# openssl rsa -in server.key.org -out server.key # 转换成证书,退出密码
[root@k8s-master01 cert]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt # 签名证书
[root@k8s-master01 ~]# chmod a+x *
[root@k8s-master01 cert]# cd ..
[root@k8s-master01 harbor]# ./prepare # 在启用之前可以先检测一下配置是否有问题
[root@k8s-master01 harbor]# ./install.sh
4)在自己主机上添加一下Host
C:\Windows\System32\drivers\etc\host
172.16.3.225 hub.china.com
访问一下域名https://hub.china.com
默认用户:admin 密码:Harbor12345
5)新建一个私有的项目上传一个镜像看一下是否可以pull下来
创建一个私有test项目里面有一个busybox镜像
[root@bogon harbor]# echo "172.16.3.225 hub.china.com" >> /etc/hosts
[root@bogon harbor]# docker login hub.china.com
[root@bogon harbor]# docker pull busybox
[root@bogon harbor]# docker tag busybox:latest hub.china.com/test/busybox:latest
[root@bogon harbor]# docker push hub.china.com/test/busybox:latest
在Client机器上login然后下载私有仓库里的镜像
[root@bogon ~]# echo "172.16.3.225 hub.china.com" >> /etc/hosts
[root@bogon ~]# docker login hub.china.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@bogon ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@bogon ~]# docker pull hub.china.com/test/busybox:latest
latest: Pulling from test/busybox
e5d9363303dd: Pull complete
Digest: sha256:0415f56ccc05526f2af5a7ae8654baec97d4a614f24736e8eef41a4591f08019
Status: Downloaded newer image for hub.china.com/test/busybox:latest
hub.china.com/test/busybox:latest
[root@bogon ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hub.china.com/test/busybox latest b97242f89c8a 8 days ago 1.23MB
如果可以下载下来说明实验没有问题。