Kubernetes实录系列记录文档完整目录参考: Kubernetes实录-目录
相关记录链接地址 :
- 第一篇:配置企业级镜像仓库Harbor
本篇记录是我实际配置harbor 1.6.1企业级镜像仓库服务的步骤以及遇到的坑(挫折),例如harbor使用离线方式配置下载harbor二进制文件遇到墙等。
主机名称 | ip地址 | 操作系统 | 角色 | 软件版本 | 备注 |
---|---|---|---|---|---|
k8sproxy-hzbatst-1 | 10.120.67.25 | CentOS 7.5 | proxy, registry | haproxy docker-ce 18.06.1 docker-compose 1.22.0 harbor 1.6.1 |
零、准备工作(更新配置系统,安装docker等)
更新,初始化系统以及安装配置docker-ce可以参考第四篇记录: 使用kubeadm配置3节点kubernets 1.12.0集群
一、配置docker-compose
使用docker-compose版本为1.22.0
curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
二、安装配置harbor1.6.1[离线]
1. 下载harbor二进制文件包
# 根据实际网络带宽使用情况限速下载这里限速300KB/s,断点续传
wget -c --limit-rate=300K https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.6.1.tgz
备注:这个域名storage.googleapis.com解析的IP地址可能不同,导致有些解析到的IP地址不能连接(可能被墙),清楚dns缓存多解析几次也许就成功了。
2. 配置harbor
~]\# tar zxvf harbor-offline-installer-v1.6.1.tgz -C /opt/app/
~]\# cd /opt/app/harbor
~]\# vi harbor.cfg
...
hostname = 10.120.67.25
# 配置harbor账户admin的密码,用于登录UI
harbor_admin_password = admin@harbor
# admin具有创建项目的权限,其他账号没有权限
project_creation_restriction = adminonly
3. 安装harbor
~]\# cd /opt/app/harbor
~]\# ./install.sh
... ...
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating redis ... done
Creating harbor-db ... done
Creating registry ... done
Creating harbor-ui ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://10.120.67.25.
For more details, please visit https://github.com/goharbor/harbor .
以上,harbor已经安装配置完成[非https],可以查看拉取了哪些镜像,可以打包下来为以后安装提高效率
]# docker images |less -S
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/chartmuseum-photon v0.7.1-v1.6.1 f0a2dbee1ff1 10 days ago 350MB
goharbor/harbor-migrator v1.6.1 60e8be845b35 10 days ago 798MB
goharbor/redis-photon v1.6.1 6a67380bb061 10 days ago 210MB
goharbor/clair-photon v2.0.6-v1.6.1 c4fcdbae7df2 10 days ago 302MB
goharbor/notary-server-photon v0.5.1-v1.6.1 f1afd44d9f9b 10 days ago 209MB
goharbor/notary-signer-photon v0.5.1-v1.6.1 83aa51867207 10 days ago 207MB
goharbor/registry-photon v2.6.2-v1.6.1 f4cb5e83f0a4 10 days ago 196MB
goharbor/nginx-photon v1.6.1 9ca888fe33b2 10 days ago 132MB
goharbor/harbor-log v1.6.1 9b1ea3f29465 10 days ago 198MB
goharbor/harbor-jobservice v1.6.1 9ca6fd371ca6 10 days ago 192MB
goharbor/harbor-ui v1.6.1 305ee5b8952c 10 days ago 215MB
goharbor/harbor-adminserver v1.6.1 a3e95f74984e 10 days ago 181MB
goharbor/harbor-db v1.6.1 3bea3bff0190 10 days ago 219MB
# 将相关image保存下来,命令如下
docker save -o goharbo_chartmuseum-photon_v0.7.1-v1.6.1.tar goharbor/chartmuseum-photon:v0.7.1-v1.6.1
... ...
# 下次安装前可以先导入镜像
docker load < goharbo_chartmuseum-photon_v0.7.1-v1.6.1.tar
... ...
4. 浏览器访问harbor UI
http://10.120.67.25
账户:admin
密码:admin@harbor
三、配置harbor 证书使用https,[自签发证书]
1. 配置自签发证书
mkdir /opt/app/harbor/certs
cd /opt/app/harbor/certs
openssl genrsa -des3 -passout pass:x -out harbor.example.com.pass.key 2048
openssl rsa -passin pass:x -in harbor.example.com.pass.key -out harbor.example.com.key
openssl req -new -key harbor.example.com.key -out harbor.example.com.csr
openssl x509 -req -sha256 -days 365 -in harbor.example.com.csr -signkey harbor.example.com.key -out harbor.example.com.crt
2. 重新配置服务,加载更改后的配置
cd /opt/app/harbor
vi harbor.cfg
... ...
hostname = harbor.example.com
ui_url_protocol = https
ssl_cert = /opt/app/harbor/certs/harbor.example.com.crt
ssl_cert_key = /opt/app/harbor/certs/harbor.example.com.key
~]\# cd /opt/app/harbor
~]\# ./prepare
~]\# ./install.sh
... ...
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis ... done
Creating harbor-adminserver ... done
Creating harbor-db ... done
Creating registry ... done
Creating harbor-ui ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://harbor.example.com.
For more details, please visit https://github.com/goharbor/harbor .
3. https方式访问harbor
# harbor.example.com 在/etc/hosts文件配置作为解析。如果有真实域名直接使用dns解析
https://harbor.example.com
账户:admin
密码:admin@harbor