Kubernetes實錄系列記錄文檔完整目錄參考: Kubernetes實錄-目錄
相關記錄鏈接地址 :
- 第一篇:配置企業級鏡像倉庫Harbor
本篇記錄是我實際配置harbor 1.6.1企業級鏡像倉庫服務的步驟以及遇到的坑(挫折),例如harbor使用離線方式配置下載harbor二進制文件遇到牆等。
主機名稱 | ip地址 | 操作系統 | 角色 | 軟件版本 | 備註 |
---|---|---|---|---|---|
k8sproxy-hzbatst-1 | 10.120.67.25 | CentOS 7.5 | proxy, registry | haproxy docker-ce 18.06.1 docker-compose 1.22.0 harbor 1.6.1 |
零、準備工作(更新配置系統,安裝docker等)
更新,初始化系統以及安裝配置docker-ce可以參考第四篇記錄: 使用kubeadm配置3節點kubernets 1.12.0集羣
一、配置docker-compose
使用docker-compose版本爲1.22.0
curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
二、安裝配置harbor1.6.1[離線]
1. 下載harbor二進制文件包
# 根據實際網絡帶寬使用情況限速下載這裏限速300KB/s,斷點續傳
wget -c --limit-rate=300K https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.6.1.tgz
備註:這個域名storage.googleapis.com解析的IP地址可能不同,導致有些解析到的IP地址不能連接(可能被牆),清楚dns緩存多解析幾次也許就成功了。
2. 配置harbor
~]\# tar zxvf harbor-offline-installer-v1.6.1.tgz -C /opt/app/
~]\# cd /opt/app/harbor
~]\# vi harbor.cfg
...
hostname = 10.120.67.25
# 配置harbor賬戶admin的密碼,用於登錄UI
harbor_admin_password = admin@harbor
# admin具有創建項目的權限,其他賬號沒有權限
project_creation_restriction = adminonly
3. 安裝harbor
~]\# cd /opt/app/harbor
~]\# ./install.sh
... ...
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating redis ... done
Creating harbor-db ... done
Creating registry ... done
Creating harbor-ui ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://10.120.67.25.
For more details, please visit https://github.com/goharbor/harbor .
以上,harbor已經安裝配置完成[非https],可以查看拉取了哪些鏡像,可以打包下來爲以後安裝提高效率
]# docker images |less -S
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/chartmuseum-photon v0.7.1-v1.6.1 f0a2dbee1ff1 10 days ago 350MB
goharbor/harbor-migrator v1.6.1 60e8be845b35 10 days ago 798MB
goharbor/redis-photon v1.6.1 6a67380bb061 10 days ago 210MB
goharbor/clair-photon v2.0.6-v1.6.1 c4fcdbae7df2 10 days ago 302MB
goharbor/notary-server-photon v0.5.1-v1.6.1 f1afd44d9f9b 10 days ago 209MB
goharbor/notary-signer-photon v0.5.1-v1.6.1 83aa51867207 10 days ago 207MB
goharbor/registry-photon v2.6.2-v1.6.1 f4cb5e83f0a4 10 days ago 196MB
goharbor/nginx-photon v1.6.1 9ca888fe33b2 10 days ago 132MB
goharbor/harbor-log v1.6.1 9b1ea3f29465 10 days ago 198MB
goharbor/harbor-jobservice v1.6.1 9ca6fd371ca6 10 days ago 192MB
goharbor/harbor-ui v1.6.1 305ee5b8952c 10 days ago 215MB
goharbor/harbor-adminserver v1.6.1 a3e95f74984e 10 days ago 181MB
goharbor/harbor-db v1.6.1 3bea3bff0190 10 days ago 219MB
# 將相關image保存下來,命令如下
docker save -o goharbo_chartmuseum-photon_v0.7.1-v1.6.1.tar goharbor/chartmuseum-photon:v0.7.1-v1.6.1
... ...
# 下次安裝前可以先導入鏡像
docker load < goharbo_chartmuseum-photon_v0.7.1-v1.6.1.tar
... ...
4. 瀏覽器訪問harbor UI
http://10.120.67.25
賬戶:admin
密碼:admin@harbor
三、配置harbor 證書使用https,[自簽發證書]
1. 配置自簽發證書
mkdir /opt/app/harbor/certs
cd /opt/app/harbor/certs
openssl genrsa -des3 -passout pass:x -out harbor.example.com.pass.key 2048
openssl rsa -passin pass:x -in harbor.example.com.pass.key -out harbor.example.com.key
openssl req -new -key harbor.example.com.key -out harbor.example.com.csr
openssl x509 -req -sha256 -days 365 -in harbor.example.com.csr -signkey harbor.example.com.key -out harbor.example.com.crt
2. 重新配置服務,加載更改後的配置
cd /opt/app/harbor
vi harbor.cfg
... ...
hostname = harbor.example.com
ui_url_protocol = https
ssl_cert = /opt/app/harbor/certs/harbor.example.com.crt
ssl_cert_key = /opt/app/harbor/certs/harbor.example.com.key
~]\# cd /opt/app/harbor
~]\# ./prepare
~]\# ./install.sh
... ...
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis ... done
Creating harbor-adminserver ... done
Creating harbor-db ... done
Creating registry ... done
Creating harbor-ui ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://harbor.example.com.
For more details, please visit https://github.com/goharbor/harbor .
3. https方式訪問harbor
# harbor.example.com 在/etc/hosts文件配置作爲解析。如果有真實域名直接使用dns解析
https://harbor.example.com
賬戶:admin
密碼:admin@harbor