docker-compose搭建harbor 2.4.0配置内网https

一、介绍
1、Harbor 简介
Harbor 是 VMware 公司开源的企业级 Docker Registry 项目,其目标是帮助用户迅速搭建一个企业级的 Docker Registry 服务。
它以 Docker 公司开源的 Registry 为基础,提供了管理 UI,基于角色的访问控制(Role Based Access Control),AD/LDAP 集成、以及审计日志(Audit logging) 等企业用户需求的功能,同时还原生支持中文。
2、搭建 Harbor

官方教程:https://goharbor.io/docs/2.4.0/install-config/

Harbor 本地安装支持在线和离线,另外也可以部署到 Kubernetes 中。这里采用本地在线安装方式。
3、部署准备

# 配置 docker-ce 的 yum 源
cat << EOF > /etc/yum.repos.d/docker-ce.repo
[docker-ce-stable]
name=Docker CE Stable - \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
EOF

# 安装 docker(20.10.11-ce+) 和 docker-compose(1.18.0+)
sudo yum install -y docker-ce docker-ce-cli containerd.io bash-completion docker-compose

# 配置 docker 自动提示
cp /usr/share/bash-completion/completions/docker /etc/bash_completion.d/

# 配置开机启动
systemctl enable --now docker

# 查看安装版本
docker --version
Docker version 20.10.11, build 370c289
docker-compose --version
docker-compose version 1.18.0, build 8dd22a9

4、制作证书

# 生成 CA 证书
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=load.iregistry.com" -key ca.key -out ca.crt

# 生成服务证书
openssl genrsa -out load.iregistry.com.key 4096
openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=load.iregistry.com" -key load.iregistry.com.key -out load.iregistry.com.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
IP.1 = 192.168.100.120
DNS.1= load.iregistry.com
EOF

openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in load.iregistry.com.csr -out load.iregistry.com.crt

# 生成 docker 证书
openssl x509 -inform PEM -in load.iregistry.com.crt -out load.iregistry.com.cert
mkdir -p /etc/docker/certs.d/load.iregistry.com/
cp load.iregistry.com.crt  /etc/docker/certs.d/load.iregistry.com/
cp load.iregistry.com.key /etc/docker/certs.d/load.iregistry.com/
cp ca.crt /etc/docker/certs.d/load.iregistry.com/

# 重启 docker
sudo systemctl restart docker

二、部署Harbor 2.4.0版本
1、下载

# 下载在线安装包
cd /usr/local/
curl -O -L https://github.com/goharbor/harbor/releases/download/v2.4.0/harbor-online-installer-v2.4.0.tgz

# 解压
tar -zxvf harbor-online-installer-v2.4.0.tgz

2、修改配置文件

cd harbor && cp harbor.yml.tmpl harbor.yml
vim harbor.yml
hostname: iregistry.baidu-int.com
certificate: /etc/docker/certs.d/iregistry.baidu-int.com/iregistry.baidu-int.com.crt
private_key: /etc/docker/certs.d/iregistry.baidu-int.com/iregistry.baidu-int.com.key
data_volume: /data/harbor

3、初始化配置

[root@harbor harbor]# mkdir /data/harbor/
[root@harbor harbor]# sudo ./prepare
prepare base dir is set to /usr/local/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/conf.d/notary.upstream.conf
Clearing the configuration file: /config/nginx/conf.d/notary.server.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/notary/server-config.postgres.json
Clearing the configuration file: /config/notary/server_env
Clearing the configuration file: /config/notary/signer_env
Clearing the configuration file: /config/notary/signer-config.postgres.json
Clearing the configuration file: /config/notary/notary-signer.crt
Clearing the configuration file: /config/notary/notary-signer.key
Clearing the configuration file: /config/notary/root.crt
Clearing the configuration file: /config/notary/notary-signer-ca.crt
Clearing the configuration file: /config/trivy-adapter/env
Clearing the configuration file: /config/chartserver/env
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

4、安装,包括 Notary, Trivy, 和 Chart Repository Service

[root@harbor harbor]# ./install.sh --with-notary --with-trivy --with-chartmuseum

[Step 0]: checking if docker is installed ...

Note: docker version: 20.10.11

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.18.0

[Step 2]: loading Harbor images ...
Loaded image: goharbor/nginx-photon:v2.4.0
Loaded image: goharbor/registry-photon:v2.4.0
Loaded image: goharbor/harbor-portal:v2.4.0
Loaded image: goharbor/harbor-jobservice:v2.4.0
Loaded image: goharbor/notary-server-photon:v2.4.0
Loaded image: goharbor/notary-signer-photon:v2.4.0
Loaded image: goharbor/trivy-adapter-photon:v2.4.0
Loaded image: goharbor/prepare:v2.4.0
Loaded image: goharbor/harbor-core:v2.4.0
Loaded image: goharbor/harbor-exporter:v2.4.0
Loaded image: goharbor/harbor-log:v2.4.0
Loaded image: goharbor/harbor-db:v2.4.0
Loaded image: goharbor/harbor-registryctl:v2.4.0
Loaded image: goharbor/redis-photon:v2.4.0
Loaded image: goharbor/chartmuseum-photon:v2.4.0

[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Successfully called func: create_cert
Copying certs for notary signer
Copying nginx configuration file for notary
Generated configuration file: /config/nginx/conf.d/notary.upstream.conf
Generated configuration file: /config/nginx/conf.d/notary.server.conf
Generated configuration file: /config/notary/server-config.postgres.json
Generated configuration file: /config/notary/server_env
Generated and saved secret to file: /data/secret/keys/defaultalias
Generated configuration file: /config/notary/signer_env
Generated configuration file: /config/notary/signer-config.postgres.json
Creating harbor-log ... done
Generated configuration file: /config/chartserver/env
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir


Creating harbor-db ... done
Creating redis ... done
Creating network "harbor_harbor" with the default driver
Creating notary-signer ... done
Creating harbor-core ... done
Creating network "harbor_notary-sig" with the default driver
Creating nginx ... done
Creating registry ... 
Creating registryctl ... 
Creating redis ... 
Creating harbor-portal ... 
Creating chartmuseum ... 
Creating harbor-db ... 
Creating notary-signer ... 
Creating trivy-adapter ... 
Creating harbor-core ... 
Creating notary-server ... 
Creating harbor-jobservice ... 
Creating nginx ... 
✔ ----Harbor has been installed and started successfully.----

5、启停服务

# 进去配置目录
cd /usr/local/harbor

# 构建并后台启动容器
docker-compose up -d

# 查看服务
docker-compose ps

# 启动
docker-compose start

# 停止
docker-compose stop

# 重启
docker-compose restart

# 停止 harbor 服务并删除容器
docker-compose down -v

# 删除相关数据
rm -rf /var/log/harbor/
rm -rf /data/harbor/*

6、登录

# 本地添加域名映射
sudo echo "192.168.100.120     load.iregistry.com" >> /etc/hosts

# docker 登录,输入密码:Harbor12345 (默认密码)
docker login -u admin https://load.iregistry.com

7、其他node节点主机配置本机harbor仓库

# 各 node 节点,在本地添加域名映射
sudo echo "192.168.100.120   load.iregistry.com" >> /etc/hosts

#  从 master 复制 docker 证书到本地
mkdir -p /etc/docker/certs.d/load.iregistry.com/
scp root@192.168.100.120:/etc/docker/certs.d/load.iregistry.com/* /etc/docker/certs.d/load.iregistry.com/

#添加registries
cat /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://2mrc6wis.mirror.aliyuncs.com"],
  "insecure-registries": ["https://load.iregistry.com"]
}
systemctl restart docker

三、推送、拉取镜像
1、推送镜像

# 登录 Harbor
docker login -u test https://load.iregistry.com

# 提交镜像
docker tag hello-world load.iregistry.com/load/hello-world
docker push load.iregistry.com/load/hello-world

2、拉取镜像

docker pull load.iregistry.com/load/hello-world

3、配置代理 Docker Hub
代理仓库仅能 pull,不能 push
用户管理–创建用户
docker-compose搭建Harbor 2.4.0配置内网https 一、介绍 1、Harbor 简介 Harbor 是 VMware 公司开源的企业级 Docker Registry 项目,其目标是帮助用户迅速搭建一个企业级的 Docker Registry 服务。 它以 Docker 公司开源的 Registry 为基础,提供了管理 UI,基于角色的访问控制(Role Based Access Control),AD/LDAP 集成、以及审计日志(Audit logging) 等企业用户需求的功能,同时还原生支持中文。 2、搭建 Harbor(master)


<pre srcset= 官方教程:https://goharbor.io/docs/2.4.0/install-config/

Harbor 本地安装支持在线和离线,另外也可以部署到 Kubernetes 中。这里采用本地在线安装方式。 3、部署准备

# 配置 docker-ce 的 yum 源 cat << EOF > /etc/yum.repos.d/docker-ce.repo [docker-ce-stable] name=Docker CE Stable - \$basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/stable enabled=1 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg EOF # 安装 docker(20.10.11-ce+) 和 docker-compose(1.18.0+) sudo yum install -y docker-ce docker-ce-cli containerd.io bash-completion docker-compose # 配置 docker 自动提示 cp /usr/share/bash-completion/completions/docker /etc/bash_completion.d/ # 配置开机启动 systemctl enable --now docker # 查看安装版本 docker --version Docker version 20.10.11, build 370c289 docker-compose --version docker-compose version 1.18.0, build 8dd22a9

4、制作证书

# 生成 CA 证书 openssl genrsa -out ca.key 4096 openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=load.iregistry.com" -key ca.key -out ca.crt # 生成服务证书 openssl genrsa -out load.iregistry.com.key 4096 openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=load.iregistry.com" -key load.iregistry.com.key -out load.iregistry.com.csr cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] IP.1 = 192.168.100.120 DNS.1= load.iregistry.com EOF openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in load.iregistry.com.csr -out load.iregistry.com.crt # 生成 docker 证书 openssl x509 -inform PEM -in load.iregistry.com.crt -out load.iregistry.com.cert mkdir -p /etc/docker/certs.d/load.iregistry.com/ cp load.iregistry.com.crt /etc/docker/certs.d/load.iregistry.com/ cp load.iregistry.com.key /etc/docker/certs.d/load.iregistry.com/ cp ca.crt /etc/docker/certs.d/load.iregistry.com/ # 重启 docker sudo systemctl restart docker

二、部署Harbor 2.4.0版本 1、下载

 # 下载在线安装包 cd /usr/local/ curl -O -L https://github.com/goharbor/harbor/releases/download/v2.4.0/harbor-online-installer-v2.4.0.tgz # 解压 tar -zxvf harbor-online-installer-v2.4.0.tgz

2、修改配置文件

 cd harbor && cp harbor.yml.tmpl harbor.yml vim harbor.yml hostname: iregistry.baidu-int.com certificate: /etc/docker/certs.d/iregistry.baidu-int.com/iregistry.baidu-int.com.crt private_key: /etc/docker/certs.d/iregistry.baidu-int.com/iregistry.baidu-int.com.key data_volume: /data/harbor

3、初始化配置

 [root@harbor harbor]# mkdir /data/harbor/ [root@harbor harbor]# sudo ./prepare prepare base dir is set to /usr/local/harbor Clearing the configuration file: /config/portal/nginx.conf Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/nginx/conf.d/notary.upstream.conf Clearing the configuration file: /config/nginx/conf.d/notary.server.conf Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/registry/passwd Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registry/root.crt Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/db/env Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Clearing the configuration file: /config/notary/server-config.postgres.json Clearing the configuration file: /config/notary/server_env Clearing the configuration file: /config/notary/signer_env Clearing the configuration file: /config/notary/signer-config.postgres.json Clearing the configuration file: /config/notary/notary-signer.crt Clearing the configuration file: /config/notary/notary-signer.key Clearing the configuration file: /config/notary/root.crt Clearing the configuration file: /config/notary/notary-signer-ca.crt Clearing the configuration file: /config/trivy-adapter/env Clearing the configuration file: /config/chartserver/env Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir

4、安装,包括 Notary, Trivy, 和 Chart Repository Service

[root@harbor harbor]# sudo ./install.sh --with-notary --with-trivy --with-chartmuseum [Step 0]: checking if docker is installed ... Note: docker version: 20.10.11 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.18.0 [Step 2]: loading Harbor images ... Loaded image: goharbor/nginx-photon:v2.4.0 Loaded image: goharbor/registry-photon:v2.4.0 Loaded image: goharbor/harbor-portal:v2.4.0 Loaded image: goharbor/harbor-jobservice:v2.4.0 Loaded image: goharbor/notary-server-photon:v2.4.0 Loaded image: goharbor/notary-signer-photon:v2.4.0 Loaded image: goharbor/trivy-adapter-photon:v2.4.0 Loaded image: goharbor/prepare:v2.4.0 Loaded image: goharbor/harbor-core:v2.4.0 Loaded image: goharbor/harbor-exporter:v2.4.0 Loaded image: goharbor/harbor-log:v2.4.0 Loaded image: goharbor/harbor-db:v2.4.0 Loaded image: goharbor/harbor-registryctl:v2.4.0 Loaded image: goharbor/redis-photon:v2.4.0 Loaded image: goharbor/chartmuseum-photon:v2.4.0 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /usr/local/harbor Clearing the configuration file: /config/portal/nginx.conf Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/registry/passwd Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/db/env Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /data/secret/keys/secretkey Successfully called func: create_root_cert Successfully called func: create_cert Copying certs for notary signer Copying nginx configuration file for notary Generated configuration file: /config/nginx/conf.d/notary.upstream.conf Generated configuration file: /config/nginx/conf.d/notary.server.conf Generated configuration file: /config/notary/server-config.postgres.json Generated configuration file: /config/notary/server_env Generated and saved secret to file: /data/secret/keys/defaultalias Generated configuration file: /config/notary/signer_env Generated configuration file: /config/notary/signer-config.postgres.json Creating harbor-log ... done Generated configuration file: /config/chartserver/env Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir Creating harbor-db ... done Creating redis ... done Creating network "harbor_harbor" with the default driver Creating notary-signer ... done Creating harbor-core ... done Creating network "harbor_notary-sig" with the default driver Creating nginx ... done Creating registry ... Creating registryctl ... Creating redis ... Creating harbor-portal ... Creating chartmuseum ... Creating harbor-db ... Creating notary-signer ... Creating trivy-adapter ... Creating harbor-core ... Creating notary-server ... Creating harbor-jobservice ... Creating nginx ... ✔ ----Harbor has been installed and started successfully.----

5、启停服务

 # 进去配置目录 cd /usr/local/harbor # 构建并后台启动容器 docker-compose up -d # 查看服务 docker-compose ps # 启动 docker-compose start # 停止 docker-compose stop # 重启 docker-compose restart # 停止 harbor 服务并删除容器 docker-compose down -v # 删除相关数据 rm -rf /var/log/harbor/ rm -rf /data/harbor/*

6、登录

 # 本地添加域名映射 sudo echo "192.168.100.120 load.iregistry.com" >> /etc/hosts # docker 登录,输入密码:Harbor12345 (默认密码) docker login -u admin https://load.iregistry.com

7、其他node节点主机配置本机harbor仓库

 # 各 node 节点,在本地添加域名映射 sudo echo "192.168.100.120 load.iregistry.com" >> /etc/hosts # 从 master 复制 docker 证书到本地 mkdir -p /etc/docker/certs.d/load.iregistry.com/ scp root@192.168.100.120:/etc/docker/certs.d/load.iregistry.com/* /etc/docker/certs.d/load.iregistry.com/ systemctl restart docker

三、推送、拉取镜像 1、推送镜像

 # 登录 Harbor docker login -u test https://load.iregistry.com # 提交镜像 docker tag hello-world load.iregistry.com/load/hello-world docker push load.iregistry.com/load/hello-world

2、拉取镜像

 docker pull load.iregistry.com/load/hello-world

3、配置代理 Docker Hub 代理仓库仅能 pull,不能 push 用户管理–创建用户 仓库管理–创建Docker Hub目标 项目–新建项目:docker-hub,镜像代理选中上面创建的Docker Hub目标 将用户harbor加入docker-hub项目中,设置为项目管理员角色 通过代理拉取Docker Hub中的hello-world镜像 Harbor UI 查看拉取的hello-world镜像" width="749" height="437">

仓库管理–创建Docker Hub目标

项目–新建项目:docker-hub,镜像代理选中上面创建的Docker Hub目标

将用户harbor加入docker-hub项目中,设置为项目管理员角色

通过代理拉取Docker Hub中的hello-world镜像

Harbor UI 查看拉取的hello-world镜像

© 版权声明
THE END
喜欢就支持一下吧
点赞8 分享
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称表情代码图片

    暂无评论内容