使用Harbor搭建Docker私有仓库

ip:192.168.0.145

环境设置

防火墙，selinux等，可以使用本章开头的那个shell脚本

其他主机的hosts文件也都添加上

ip hub.aaa.com

windows系统的hosts也修改

安装docker,启动，开机启动

其他主机也都加上这个

vim /etc/docker/daemon.json

{
    "exec-opts": ["native.cgroupdriver=systemd"],
    "log-driver": "json-file",
    "log-opts": {
        "max-size": "100m"
    },
    "insecure-registries": ["https://hub.aaa.com"] # 仓库地址
}

添加后重启docker

下载配置docker-compose

官方地址：https://docs.docker.com/compose/install/

sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version

下载harbor软件

官方地址:https://github.com/goharbor/harbor/releases

官方说明文档：https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

证书文档：https://github.com/goharbor/harbor/blob/master/docs/configure_https.md

wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.0.tgz
tar -zxv -f harbor-offline-installer-v1.9.0.tgz -C /usr/local/
cd /usr/local/harbor
vim harbor.yml

# 可以使用80端口或443端口
hostname: hub.aaa.com
https:
   port: 443
   certificate: /usr/local/harbor/cert
   private_key: /usr/local/harbor/cert
# 其余保持默认
# 创建上述俩目录
mkdir -p /usr/local/harbor/cert/

# 创建整数
cd /usr/local/harbor/cert
openssl genrsa -out ca.key 4096

# 这一步注意域名，其他信息比如地区城市等可以酌情修改
openssl req -x509 -new -nodes -sha512 -days 3650 \
    -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=hub.aaa.com" \
    -key ca.key \
    -out ca.crt

openssl genrsa -out hub.aaa.com.key 4096

openssl req -sha512 -new \
    -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=hub.aaa.com" \
    -key hub.aaa.com.key \
    -out hub.aaa.com.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=hub.aaa.com
EOF

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in hub.aaa.com.csr \
    -out hub.aaa.com.crt

chmod a+x *

# 再次编辑配置文件，配置上证书
vim /usr/local/harbor/harbor.yml

   certificate: /usr/local/harbor/cert/hub.aaa.com.crt
   private_key: /usr/local/harbor/cert/hub.aaa.com.key

# 校验
cd /usr/local/harbo
./prepare

# 安装
./install.sh

# 安装之后的提示
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis         ... done
Creating registry      ... done
Creating harbor-portal ... done
Creating harbor-db     ... done
Creating registryctl   ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://hub.aaa.com.
For more details, please visit https://github.com/goharbor/harbor .

# 查看
docker ps -a

# 打开浏览器访问https://hub.aaa.com
# 用户名：admin
# 密码：Harbor12345
# 可以在harbor.yml文件中查看修改

# 其他K8S节点登陆验证
docker login https://hub.aaa.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

# 退出登陆
docker logout https://hub.aaa.com

测试

# 其他节点主机下载镜像推送到仓库,使用的是一个测试的镜像
docker pull wangyanglinux/myapp:v1

# web页面，项目，library,镜像仓库，右上角有一个推送镜像：
# 在项目中标记镜像：docker tag SOURCE_IMAGE[:TAG] hub.aaa.com/library/IMAGE[:TAG]
# 推送镜像到当前项目：docker push hub.aaa.com/library/IMAGE[:TAG]

# 给镜像重新打标签
docker tag wangyanglinux/myapp:v1 hub.aaa.com/library/myapp:v1

# 需要先登陆，然后才能push
docker push hub.aaa.com/library/myapp:v1

# 此时在web界面就可以查看到推送过来的镜像