部署harbor私有镜像仓库的简单记录

前面部署了K8S群集,harbor私有镜像仓库准备提供给K8S使用

部署harbor私有镜像仓库服务器的IP为:192.168.99.73,K8S群集三个节点的IP为:192.168.99.101,192.168.99.102,192.168.99.103

 

一、下载安装工具并导入镜像

[[email protected] harbor]# wget https://github.com/docker/compose/releases/download/1.21.2/docker-compose-Linux-x86_64

[[email protected] harbor]# cp docker-compose-Linux-x86_64 /opt/k8s/bin/docker-compose

[[email protected] harbor]# chmod a+x  /opt/k8s/bin/docker-compose
[[email protected] harbor]# export PATH=/opt/k8s/bin:$PATH

[[email protected] harbor]# wget  --continue https://storage.googleapis.com/harbor-releases/release-1.5.0/harbor-offline-installer-v1.5.1.tgz

[[email protected] harbor]# tar -xzvf harbor-offline-installer-v1.5.1.tgz

[[email protected] harbor]# cd harbor/

[[email protected] harbor]# ls
common  docker-compose.clair.yml  docker-compose.notary.yml  docker-compose.yml  ha  harbor.cfg  harbor.v1.5.1.tar.gz  install.sh  LICENSE  NOTICE  prepare
[[email protected] harbor]# docker load -i harbor.v1.5.1.tar.gz

大约这样

 

 

 

 

二、创建证书和编辑配置

请求文件

[[email protected] harbor]# cat harbor-csr.json
{
  "CN": "harbor",
  "hosts": [
    "127.0.0.1",
    "192.168.99.73"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "k8s",
      "OU": "4Paradigm"
    }
  ]
}

生成证书的脚本：

注意，这个脚本将会在K8S的节点上面执行，因为K8S的证书在节点上面，再把文件拷贝至harbor私有镜像仓库服务器指定的目录

[[email protected] harbor]# cat 2.sh
#!/bin/bash
cfssl gencert -ca=/etc/kubernetes/cert/ca.pem \
  -ca-key=/etc/kubernetes/cert/ca-key.pem \
  -config=/etc/kubernetes/cert/ca-config.json \
  -profile=kubernetes harbor-csr.json | cfssljson -bare harbor

[[email protected] harbor]# sh 2.sh

在公共盘操作，方便直接拷贝

[[email protected] harbor]# mkdir -p /etc/harbor/ssl
[[email protected] harbor]# cp harbor*.pem /etc/harbor/ssl  

备份即将编辑的文件
[[email protected] harbor]# cp harbor.cfg{,.bak}

[[email protected] harbor]# cp prepare{,.bak}

[[email protected] harbor]# vimdiff harbor.cfg harbor.cfg.bak

 

vimdiff prepare prepare.bak

 

 

 

三、安装和登录

[[email protected] harbor]# mkdir /data
[[email protected] harbor]# chmod 777 /var/run/docker.sock /data
[[email protected] harbor]# yum install python -y

[[email protected] harbor]# ./install.sh

部署过程中磁盘空间不够了,部署前需保证有充足的磁盘空间

添加磁盘,扩展lvm后再接着玩

在K8S节点上执行相同的操作,拷贝CA证书

mkdir -p /etc/docker/certs.d/192.168.99.73

cp /etc/kubernetes/cert/ca.pem /etc/docker/certs.d/192.168.99.73/ca.crt

登录,默认用户名admin  默认密码  Harbor12345

[[email protected] ~]# docker login 192.168.99.73
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
 

WEB界面登陆: