众客华禹

搜索
查看: 605|回复: 0

docker-compose搭建harbor 2.4.0配置内网https

[复制链接]

70

主题

70

帖子

378

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
378
发表于 2021-12-28 18:02:21 | 显示全部楼层 |阅读模式
一、介绍
1、Harbor 简介

Harbor 是 VMware 公司开源的企业级 Docker Registry 项目,其目标是帮助用户迅速搭建一个企业级的 Docker Registry 服务。
它以 Docker 公司开源的 Registry 为基础,提供了管理 UI,基于角色的访问控制(Role Based Access Control),AD/LDAP 集成、以及审计日志(Audit logging) 等企业用户需求的功能,同时还原生支持中文。
2、搭建 Harbor
官方教程:https://goharbor.io/docs/2.4.0/install-config/
Harbor 本地安装支持在线和离线,另外也可以部署到 Kubernetes 中。这里采用本地在线安装方式。
3、部署准备
  1. # 配置 docker-ce 的 yum 源
  2. cat << EOF > /etc/yum.repos.d/docker-ce.repo
  3. [docker-ce-stable]
  4. name=Docker CE Stable - $basearch
  5. baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable
  6. enabled=1
  7. gpgcheck=1
  8. gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
  9. EOF

  10. # 安装 docker(20.10.11-ce+) 和 docker-compose(1.18.0+)
  11. sudo yum install -y docker-ce docker-ce-cli containerd.io bash-completion docker-compose

  12. # 配置 docker 自动提示
  13. cp /usr/share/bash-completion/completions/docker /etc/bash_completion.d/

  14. # 配置开机启动
  15. systemctl enable --now docker

  16. # 查看安装版本
  17. docker --version
  18. Docker version 20.10.11, build 370c289
  19. docker-compose --version
  20. docker-compose version 1.18.0, build 8dd22a9
复制代码
4、制作证书
  1. # 生成 CA 证书
  2. openssl genrsa -out ca.key 4096
  3. openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=load.iregistry.com" -key ca.key -out ca.crt

  4. # 生成服务证书
  5. openssl genrsa -out load.iregistry.com.key 4096
  6. openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=load.iregistry.com" -key load.iregistry.com.key -out load.iregistry.com.csr

  7. cat > v3.ext <<-EOF
  8. authorityKeyIdentifier=keyid,issuer
  9. basicConstraints=CA:FALSE
  10. keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
  11. extendedKeyUsage = serverAuth
  12. subjectAltName = @alt_names

  13. [alt_names]
  14. IP.1 = 192.168.100.120
  15. DNS.1= load.iregistry.com
  16. EOF

  17. openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in load.iregistry.com.csr -out load.iregistry.com.crt

  18. # 生成 docker 证书
  19. openssl x509 -inform PEM -in load.iregistry.com.crt -out load.iregistry.com.cert
  20. mkdir -p /etc/docker/certs.d/load.iregistry.com/
  21. cp load.iregistry.com.crt  /etc/docker/certs.d/load.iregistry.com/
  22. cp load.iregistry.com.key /etc/docker/certs.d/load.iregistry.com/
  23. cp ca.crt /etc/docker/certs.d/load.iregistry.com/

  24. # 重启 docker
  25. sudo systemctl restart docker
复制代码
二、部署Harbor 2.4.0版本
1、下载

  1. # 下载在线安装包
  2. cd /usr/local/
  3. curl -O -L https://github.com/goharbor/harbor/releases/download/v2.4.0/harbor-online-installer-v2.4.0.tgz

  4. # 解压
  5. tar -zxvf harbor-online-installer-v2.4.0.tgz
复制代码
2、修改配置文件
  1. cd harbor && cp harbor.yml.tmpl harbor.yml
  2. vim harbor.yml
  3. hostname: iregistry.baidu-int.com
  4. certificate: /etc/docker/certs.d/iregistry.baidu-int.com/iregistry.baidu-int.com.crt
  5. private_key: /etc/docker/certs.d/iregistry.baidu-int.com/iregistry.baidu-int.com.key
  6. data_volume: /data/harbor
复制代码
3、初始化配置
  1. [root@harbor harbor]# mkdir /data/harbor/
  2. [root@harbor harbor]# sudo ./prepare
  3. prepare base dir is set to /usr/local/harbor
  4. Clearing the configuration file: /config/portal/nginx.conf
  5. Clearing the configuration file: /config/log/logrotate.conf
  6. Clearing the configuration file: /config/log/rsyslog_docker.conf
  7. Clearing the configuration file: /config/nginx/conf.d/notary.upstream.conf
  8. Clearing the configuration file: /config/nginx/conf.d/notary.server.conf
  9. Clearing the configuration file: /config/nginx/nginx.conf
  10. Clearing the configuration file: /config/core/env
  11. Clearing the configuration file: /config/core/app.conf
  12. Clearing the configuration file: /config/registry/passwd
  13. Clearing the configuration file: /config/registry/config.yml
  14. Clearing the configuration file: /config/registry/root.crt
  15. Clearing the configuration file: /config/registryctl/env
  16. Clearing the configuration file: /config/registryctl/config.yml
  17. Clearing the configuration file: /config/db/env
  18. Clearing the configuration file: /config/jobservice/env
  19. Clearing the configuration file: /config/jobservice/config.yml
  20. Clearing the configuration file: /config/notary/server-config.postgres.json
  21. Clearing the configuration file: /config/notary/server_env
  22. Clearing the configuration file: /config/notary/signer_env
  23. Clearing the configuration file: /config/notary/signer-config.postgres.json
  24. Clearing the configuration file: /config/notary/notary-signer.crt
  25. Clearing the configuration file: /config/notary/notary-signer.key
  26. Clearing the configuration file: /config/notary/root.crt
  27. Clearing the configuration file: /config/notary/notary-signer-ca.crt
  28. Clearing the configuration file: /config/trivy-adapter/env
  29. Clearing the configuration file: /config/chartserver/env
  30. Generated configuration file: /config/portal/nginx.conf
  31. Generated configuration file: /config/log/logrotate.conf
  32. Generated configuration file: /config/log/rsyslog_docker.conf
  33. Generated configuration file: /config/nginx/nginx.conf
  34. Generated configuration file: /config/core/env
  35. Generated configuration file: /config/core/app.conf
  36. Generated configuration file: /config/registry/config.yml
  37. Generated configuration file: /config/registryctl/env
  38. Generated configuration file: /config/registryctl/config.yml
  39. Generated configuration file: /config/db/env
  40. Generated configuration file: /config/jobservice/env
  41. Generated configuration file: /config/jobservice/config.yml
  42. Generated and saved secret to file: /data/secret/keys/secretkey
  43. Successfully called func: create_root_cert
  44. Generated configuration file: /compose_location/docker-compose.yml
  45. Clean up the input dir
复制代码
4、安装,包括 Notary, Trivy, 和 Chart Repository Service
  1. [root@harbor harbor]#  sudo ./install.sh --with-notary --with-trivy --with-chartmuseum

  2. [Step 0]: checking if docker is installed ...

  3. Note: docker version: 20.10.11

  4. [Step 1]: checking docker-compose is installed ...

  5. Note: docker-compose version: 1.18.0

  6. [Step 2]: loading Harbor images ...
  7. Loaded image: goharbor/nginx-photon:v2.4.0
  8. Loaded image: goharbor/registry-photon:v2.4.0
  9. Loaded image: goharbor/harbor-portal:v2.4.0
  10. Loaded image: goharbor/harbor-jobservice:v2.4.0
  11. Loaded image: goharbor/notary-server-photon:v2.4.0
  12. Loaded image: goharbor/notary-signer-photon:v2.4.0
  13. Loaded image: goharbor/trivy-adapter-photon:v2.4.0
  14. Loaded image: goharbor/prepare:v2.4.0
  15. Loaded image: goharbor/harbor-core:v2.4.0
  16. Loaded image: goharbor/harbor-exporter:v2.4.0
  17. Loaded image: goharbor/harbor-log:v2.4.0
  18. Loaded image: goharbor/harbor-db:v2.4.0
  19. Loaded image: goharbor/harbor-registryctl:v2.4.0
  20. Loaded image: goharbor/redis-photon:v2.4.0
  21. Loaded image: goharbor/chartmuseum-photon:v2.4.0

  22. [Step 3]: preparing environment ...

  23. [Step 4]: preparing harbor configs ...
  24. prepare base dir is set to /usr/local/harbor
  25. Clearing the configuration file: /config/portal/nginx.conf
  26. Clearing the configuration file: /config/log/logrotate.conf
  27. Clearing the configuration file: /config/log/rsyslog_docker.conf
  28. Clearing the configuration file: /config/nginx/nginx.conf
  29. Clearing the configuration file: /config/core/env
  30. Clearing the configuration file: /config/core/app.conf
  31. Clearing the configuration file: /config/registry/passwd
  32. Clearing the configuration file: /config/registry/config.yml
  33. Clearing the configuration file: /config/registryctl/env
  34. Clearing the configuration file: /config/registryctl/config.yml
  35. Clearing the configuration file: /config/db/env
  36. Clearing the configuration file: /config/jobservice/env
  37. Clearing the configuration file: /config/jobservice/config.yml
  38. Generated configuration file: /config/portal/nginx.conf
  39. Generated configuration file: /config/log/logrotate.conf
  40. Generated configuration file: /config/log/rsyslog_docker.conf
  41. Generated configuration file: /config/nginx/nginx.conf
  42. Generated configuration file: /config/core/env
  43. Generated configuration file: /config/core/app.conf
  44. Generated configuration file: /config/registry/config.yml
  45. Generated configuration file: /config/registryctl/env
  46. Generated configuration file: /config/registryctl/config.yml
  47. Generated configuration file: /config/db/env
  48. Generated configuration file: /config/jobservice/env
  49. Generated configuration file: /config/jobservice/config.yml
  50. loaded secret from file: /data/secret/keys/secretkey
  51. Successfully called func: create_root_cert
  52. Successfully called func: create_cert
  53. Copying certs for notary signer
  54. Copying nginx configuration file for notary
  55. Generated configuration file: /config/nginx/conf.d/notary.upstream.conf
  56. Generated configuration file: /config/nginx/conf.d/notary.server.conf
  57. Generated configuration file: /config/notary/server-config.postgres.json
  58. Generated configuration file: /config/notary/server_env
  59. Generated and saved secret to file: /data/secret/keys/defaultalias
  60. Generated configuration file: /config/notary/signer_env
  61. Generated configuration file: /config/notary/signer-config.postgres.json
  62. Creating harbor-log ... done
  63. Generated configuration file: /config/chartserver/env
  64. Generated configuration file: /compose_location/docker-compose.yml
  65. Clean up the input dir


  66. Creating harbor-db ... done
  67. Creating redis ... done
  68. Creating network "harbor_harbor" with the default driver
  69. Creating notary-signer ... done
  70. Creating harbor-core ... done
  71. Creating network "harbor_notary-sig" with the default driver
  72. Creating nginx ... done
  73. Creating registry ...
  74. Creating registryctl ...
  75. Creating redis ...
  76. Creating harbor-portal ...
  77. Creating chartmuseum ...
  78. Creating harbor-db ...
  79. Creating notary-signer ...
  80. Creating trivy-adapter ...
  81. Creating harbor-core ...
  82. Creating notary-server ...
  83. Creating harbor-jobservice ...
  84. Creating nginx ...
  85. ✔ ----Harbor has been installed and started successfully.----
复制代码
5、启停服务
  1. # 进去配置目录
  2. cd /usr/local/harbor

  3. # 构建并后台启动容器
  4. docker-compose up -d

  5. # 查看服务
  6. docker-compose ps

  7. # 启动
  8. docker-compose start

  9. # 停止
  10. docker-compose stop

  11. # 重启
  12. docker-compose restart

  13. # 停止 harbor 服务并删除容器
  14. docker-compose down -v

  15. # 删除相关数据
  16. rm -rf /var/log/harbor/
  17. rm -rf /data/harbor/*
复制代码
6、登录
  1. # 本地添加域名映射
  2. sudo echo "192.168.100.120     load.iregistry.com" >> /etc/hosts

  3. # docker 登录,输入密码:Harbor12345 (默认密码)
  4. docker login -u admin https://load.iregistry.com
复制代码
7、其他node节点主机配置本机harbor仓库
  1. # 各 node 节点,在本地添加域名映射
  2. sudo echo "192.168.100.120   load.iregistry.com" >> /etc/hosts

  3. #  从 master 复制 docker 证书到本地
  4. mkdir -p /etc/docker/certs.d/load.iregistry.com/
  5. scp root@192.168.100.120:/etc/docker/certs.d/load.iregistry.com/* /etc/docker/certs.d/load.iregistry.com/
  6. systemctl restart docker
复制代码
三、推送、拉取镜像
1、推送镜像

  1. # 登录 Harbor
  2. docker login -u test https://load.iregistry.com

  3. # 提交镜像
  4. docker tag hello-world load.iregistry.com/load/hello-world
  5. docker push load.iregistry.com/load/hello-world
复制代码
2、拉取镜像
  1. docker pull load.iregistry.com/load/hello-world
复制代码
3、配置代理 Docker Hub
代理仓库仅能 pull,不能 push用户管理–创建用户
harbor创建用户.png
仓库管理–创建Docker Hub目标

harbor%E9%85%8D%E7%BD%AE%E4%BB%A3%E7%90%86%E4%BB%93%E5%BA%93-1024x572.png

项目–新建项目:docker-hub,镜像代理选中上面创建的Docker Hub目标

harbor%E5%88%9B%E5%BB%BA%E9%A1%B9%E7%9B%AE-1024x562.png

将用户harbor加入docker-hub项目中,设置为项目管理员角色

%E9%A1%B9%E7%9B%AE%E6%B7%BB%E5%8A%A0%E7%94%A8%E6%88%B7-1024x551.png

通过代理拉取Docker Hub中的hello-world镜像

%E9%80%9A%E8%BF%87%E4%BB%A3%E7%90%86%E6%8B%89%E5%8F%96%E9%95%9C%E5%83%8F-1024x166.png

Harbor UI 查看拉取的hello-world镜像

%E4%BD%BF%E7%94%A8%E4%BB%A3%E7%90%86%E6%8B%89%E5%8F%96%E9%95%9C%E5%83%8F-1024x386.png




回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表