Kubernetes实录(1) 配置企业级镜像仓库Harbor

Kubernetes实录系列记录文档完整目录参考: Kubernetes实录-目录

相关记录链接地址 ：

• 第一篇：配置企业级镜像仓库Harbor

本篇记录是我实际配置harbor 1.6.1企业级镜像仓库服务的步骤以及遇到的坑(挫折)，例如harbor使用离线方式配置下载harbor二进制文件遇到墙等。

主机名称	ip地址	操作系统	角色	软件版本	备注
k8sproxy-hzbatst-1	10.120.67.25	CentOS 7.5	proxy, registry	haproxy docker-ce 18.06.1 docker-compose 1.22.0 harbor 1.6.1

零、准备工作(更新配置系统，安装docker等)

更新，初始化系统以及安装配置docker-ce可以参考第四篇记录: 使用kubeadm配置3节点kubernets 1.12.0集群

一、配置docker-compose

使用docker-compose版本为1.22.0

curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose

chmod +x /usr/local/bin/docker-compose

二、安装配置harbor1.6.1[离线]

1. 下载harbor二进制文件包

# 根据实际网络带宽使用情况限速下载这里限速300KB/s，断点续传
wget -c --limit-rate=300K https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.6.1.tgz

备注：这个域名storage.googleapis.com解析的IP地址可能不同，导致有些解析到的IP地址不能连接（可能被墙），清楚dns缓存多解析几次也许就成功了。

2. 配置harbor

~]\# tar zxvf harbor-offline-installer-v1.6.1.tgz -C /opt/app/
~]\# cd /opt/app/harbor

~]\# vi harbor.cfg
...
hostname = 10.120.67.25
# 配置harbor账户admin的密码，用于登录UI
harbor_admin_password = admin@harbor
# admin具有创建项目的权限，其他账号没有权限
project_creation_restriction = adminonly

3. 安装harbor

~]\# cd /opt/app/harbor
~]\# ./install.sh
... ...
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating redis              ... done
Creating harbor-db          ... done
Creating registry           ... done
Creating harbor-ui          ... done
Creating harbor-jobservice  ... done
Creating nginx              ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://10.120.67.25.
For more details, please visit https://github.com/goharbor/harbor .

以上，harbor已经安装配置完成[非https]，可以查看拉取了哪些镜像，可以打包下来为以后安装提高效率

]# docker images |less -S
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
goharbor/chartmuseum-photon     v0.7.1-v1.6.1       f0a2dbee1ff1        10 days ago         350MB
goharbor/harbor-migrator        v1.6.1              60e8be845b35        10 days ago         798MB
goharbor/redis-photon           v1.6.1              6a67380bb061        10 days ago         210MB
goharbor/clair-photon           v2.0.6-v1.6.1       c4fcdbae7df2        10 days ago         302MB
goharbor/notary-server-photon   v0.5.1-v1.6.1       f1afd44d9f9b        10 days ago         209MB
goharbor/notary-signer-photon   v0.5.1-v1.6.1       83aa51867207        10 days ago         207MB
goharbor/registry-photon        v2.6.2-v1.6.1       f4cb5e83f0a4        10 days ago         196MB
goharbor/nginx-photon           v1.6.1              9ca888fe33b2        10 days ago         132MB
goharbor/harbor-log             v1.6.1              9b1ea3f29465        10 days ago         198MB
goharbor/harbor-jobservice      v1.6.1              9ca6fd371ca6        10 days ago         192MB
goharbor/harbor-ui              v1.6.1              305ee5b8952c        10 days ago         215MB
goharbor/harbor-adminserver     v1.6.1              a3e95f74984e        10 days ago         181MB
goharbor/harbor-db              v1.6.1              3bea3bff0190        10 days ago         219MB

# 将相关image保存下来，命令如下
docker save -o goharbo_chartmuseum-photon_v0.7.1-v1.6.1.tar goharbor/chartmuseum-photon:v0.7.1-v1.6.1
... ...

# 下次安装前可以先导入镜像
docker load < goharbo_chartmuseum-photon_v0.7.1-v1.6.1.tar 
... ...

4. 浏览器访问harbor UI

http://10.120.67.25
账户：admin
密码：admin@harbor

三、配置harbor 证书使用https，[自签发证书]

1. 配置自签发证书

mkdir /opt/app/harbor/certs
cd /opt/app/harbor/certs

openssl genrsa -des3 -passout pass:x -out harbor.example.com.pass.key 2048
openssl rsa -passin pass:x -in harbor.example.com.pass.key -out harbor.example.com.key
openssl req -new -key harbor.example.com.key -out harbor.example.com.csr
openssl x509 -req -sha256 -days 365 -in harbor.example.com.csr -signkey harbor.example.com.key -out harbor.example.com.crt

2. 重新配置服务，加载更改后的配置

cd /opt/app/harbor
vi harbor.cfg
  ... ...
hostname = harbor.example.com
ui_url_protocol = https
ssl_cert = /opt/app/harbor/certs/harbor.example.com.crt
ssl_cert_key = /opt/app/harbor/certs/harbor.example.com.key

~]\# cd /opt/app/harbor
~]\# ./prepare
~]\# ./install.sh
  ... ...
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis              ... done
Creating harbor-adminserver ... done
Creating harbor-db          ... done
Creating registry           ... done
Creating harbor-ui          ... done
Creating nginx              ... done
Creating harbor-jobservice  ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://harbor.example.com. 
For more details, please visit https://github.com/goharbor/harbor .

3. https方式访问harbor

# harbor.example.com 在/etc/hosts文件配置作为解析。如果有真实域名直接使用dns解析
https://harbor.example.com
账户：admin
密码：admin@harbor