Kubernetes从0到1-第六篇 容器镜像服务-部署Harbor私有镜像仓库

• • 安装Docker、Docker-compose
  • • 安装 docker
    • 安装 Docker Compose
  • 安装Harbor
  • • 下载离线包
    • 配置证书
    • 修改配置文件
    • 安装
    • 访问

$ yum install -y python-devel libffi-devel gcc openssl-devel libselinux-python
$ yum  install -y  yum-utils  lvm2 device-mapper-persistent-data
$ yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
$ yum  repolist 
$ yum install docker-ce docker-ce-cli containerd.io -y
$ systemctl enable docker
$ systemctl start docker
# docker加速
$ curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io

$ curl -L https://get.daocloud.io/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
$ chmod +x /usr/local/bin/docker-compose

$ https://github.com/goharbor/harbor/releases/download/v2.1.6/harbor-offline-installer-v2.1.6.tgz
$ tar -xvf harbor-offline-installer-v2.1.6.tgz && cd harbor

# 创建目录
$ mkdir -p /harbor/{cert,data}
$ chmod -R 777 /harbor/cert/
$ cd /harbor/cert/

# 生成私钥
$ openssl genrsa -des3 -out harbor.key 2048
Generating RSA private key, 2048 bit long modulus
..............................................................+++
...................+++
e is 65537 (0x10001)
Enter pass phrase for harbor.key:     # 输入密码，如1234
Verifying - Enter pass phrase for harbor.key:   # 确认密码，如1234

# 生成CA证书
$ openssl req -sha512 -new -subj "/C=CN/ST=BJ/L=BJ/O=XX/OU=it/CN=reg.demo.com" -key harbor.key -out harbor.csr
Enter pass phrase for harbor.key:   # 输入密码

# 备份证书
$ cp harbor.key  harbor.key.org

# 去掉私钥密码，以便docker访问，也可以参考官方进行双向认证
$ openssl rsa -in harbor.key.org -out harbor.key

# 使用证书进行签名
$ openssl x509 -req -days 1000  -in harbor.csr -signkey harbor.key -out harbor.crt

cp harbor.yml.tmpl harbor.yml

# 修改配置
vim harbor.yml
# 修改主机名
hostname: reg.demo.com
# 修改证书
https:
  port: 443
  certificate: /harbor/cert/harbor.crt
  private_key: /harbor/cert/harbor.key
# 修改密码
harbor_admin_password: harbor@12345
# 修改数据存储位置
data_volume: /harbor/data

$ ./install.sh --with-clair --with-chartmuseum
$ docker ps | grep harbor

访问：https://reg.demo.com/，用户名/密码：admin/harbor@123