私有镜像仓库Docker Harbor

Harbor介绍

Harbor是由VMware公司开源的企业级Docker Resitry项目

环境:

内存至少需要2G

为Harbor自签发证书

[root@localhost ssl]# hostnamectl set-hostname harbor
[root@localhost ~]# mkdir /data/ssl -p
[root@localhost ~]# cd /data/ssl/

生成ca证书

[root@harbor ssl]# openssl genrsa -out ca.key 3072
[root@harbor ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:SD
Locality Name (eg, city) [Default City]:QD
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
[root@harbor ssl]# openssl genrsa -out harbor.key 3072
[root@harbor ssl]# openssl req -new -key harbor.key -out harbor.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn   
State or Province Name (full name) []:SD
Locality Name (eg, city) [Default City]:QD
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
[root@harbor ssl]# openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650
Signature ok
subject=/C=cn/ST=SD/L=QD/O=Default Company Ltd
Getting CA Private Key

查看生成的证书

停止firewalld防火墙安装iptables

systemctl stop firewalld && systemctl disable firewalld
yum install iptables-services -y
[root@harbor ssl]# service iptables stop && systemctl disable iptables
Redirecting to /bin/systemctl stop iptables.service

安装时间同步

[root@harbor ssl]# yum install ntp ntpdate -y
[root@harbor ssl]# ntpdate cn.pool.ntp.org
15 Nov 16:00:50 ntpdate[28936]: adjust time server 116.203.151.74 offset -0.028340 sec

安装docker-ce

[root@harbor ssl]# yum install yum-utils -y
[root@harbor ssl]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@harbor ssl]# yum install docker-ce -y

启动docker服务

[root@harbor ssl]# systemctl start docker && systemctl enable docker

开启包转发功能和修改内核参数

内核参数修改:br_netfilter模块用于将桥接流量转发至iptables链,br_netfilter内核参数需要开启转发

[root@harbor ssl]# cat>>/etc/sysctl.d/docker.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
[root@harbor ssl]# sysctl -p /etc/sysctl.d/docker.conf 

重启docker

[root@harbor ssl]# systemctl restart docker

配置docker加速器

sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://vbe25vg3.mirror.aliyuncs.com"]
}
EOF
[root@harbor ssl]# systemctl restart docker

创建安装目录

[root@harbor ssl]# mkdir /data/install

上传harbor镜像

下载地址

链接:https://pan.baidu.com/s/1_fplWEw_Guc922L4Jtt3CQ
提取码:8ymc
--来自百度网盘超级会员V7的分享

解压

[root@harbor install]# tar xf harbor-offline-installer-v2.3.0-rc3.tgz
[root@harbor install]# cd harbor
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
 vim harbor.yml
5 hostname: harbor
17   certificate: /data/ssl/harbor.pem
18   private_key: /data/ssl/harbor.k

上传docker-compose

[root@harbor install]# mv docker-compose-Linux-x86_64.64 /usr/local/bin/docker-compose
[root@harbor install]# chmod +x /usr/local/bin/docker-compose

上传docker-harbor容器包并导入镜像

[root@harbor install]# docker load -i docker-harbor-2-3-0.tar.gz 

查看解压后的镜像

运行脚本安装脚本

[root@harbor install]# cd harbor
[root@harbor harbor]# ./install.sh

安装成功

访问harbor

修改windows的hosts文件

10.2.4.247 harbor

访问一下

默认账号密码

admin/Harbor12345

至此Harbor安装完成!

发表评论

登录... 后才能评论