https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
1、設置FQDN
# 設置hostname 爲kube-master
hostnamectl set-hostname kube-master
vi /etc/hosts # 域名解析
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.31.10 kube-master.com kube-master
[root@kube-master harbor]# hostname -f
kube-master.harbor.com
[root@kube-master harbor]#
[root@kube-master harbor]# hostname
kube-master
2、下載harbor安裝文件並解壓
#offline
wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.2-rc1.tgz
tar -xvf tar -xvf harbor-offline-installer-v1.8.2-rc1.tgz
#online:
https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-online-installer-v1.8.1.tgz
3、修改harbor.yml文件
hostname: kube-master.harbor.com
4、安裝docker和docker-compose
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum-config-manager --enable docker-ce-nightly
sudo yum-config-manager --enable docker-ce-test
sudo yum-config-manager --disable docker-ce-nightly
sudo yum install docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
sudo docker run hello-world
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
5、./install.sh
執行完畢就可以通過網頁登陸
但是不能docker login kube-master.com出現問題
Error response from daemon: Get https://kube-master.com/v2/: dial tcp 192.168.31.10:443: connect: connection refused
原因是docker默認是https協議,需要啓動,當然不啓動可以通過添加
IMPORTANT: The default installation of Harbor uses HTTP - as such, you will need to add the option --insecure-registry to your client's Docker daemon and restart the Docker service.
6、添加證書啓動https
編輯腳本文件執行後自動將證書和key放到對應的目錄中
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=kube-master.com" \
-key ca.key \
-out ca.crt
openssl genrsa -out kube-master.com.key 4096
openssl req -sha512 -new \
-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=kube-master.com" \
-key kube-master.com.key \
-out kube-master.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=kube-master.com
DNS.2=kube-master
DNS.3=kube-master
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in kube-master.com.csr \
-out kube-master.com.crt
mkdir /data/cert -p
cp kube-master.com.crt kube-master.com.key /data/cert/
openssl x509 -inform PEM -in kube-master.com.crt -out kube-master.com.cert
mkdir /etc/docker/certs.d/kube-master.com -p
cp kube-master.com.cert kube-master.com.key ca.crt /etc/docker/certs.d/kube-master.com/
7、配置harbor.yml
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /data/cert/kube-master.com.crt
private_key: /data/cert/kube-master.com.key
8、重新配置,並重啓docker-compose
./prepare
docker-compose down -v
docker-compose up -d
9、測試
docker login kube-master.com ok
網頁輸入https://kube-master.com ok
10、如果希望在別的主機上登錄需要設置host解析,linux設置開頭說過,windows設置如下:
修改C:\Windows\System32\drivers\etc\hosts的權限後
修改文件內容
192.168.31.12 kube-master.com
然後打開CMD,執行ipconfig /flushdns
執行完之後能看到成功提示,然後在網頁打開https://kube-master.com即可
11、push&pull example
拷貝證書到你想要部署的機器上 /etc/docker/certs.d/kube-master..com/
docker login baicells-harbor.com
docker tag ubuntu:14.04 kube-master..com/library/ubuntu:14.04
docker push kube-master.com/library/ubuntu
push:
docker login kube-master.com
docker pull kube-master.com/library/ubuntu:14.04