1、基础环境
操作系统:CentOS 7.x
Docker版本:20.10.x
Docker-Compose版本:2.5.x
Harbor版本:2.5.离线版
2、安装Docker-Compose
# 安装
curl -SL https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
# 添加权限
chmod +x /usr/local/bin/docker-compose
3、安装Docker
# 卸载旧版本
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
# 配置yum仓库
yum install -y yum-utils
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
# 安装docker
yum list docker-ce --showduplicates | sort -r
yum -y install docker-ce docker-ce-cli containerd.io
# 配置docker
mkdir -pv /etc/docker /data/docker
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries": ["https://hub.lnso.org"],
{
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries": ["https://hub.lnso.org"],
"data-root": "/data/docker"
}
EOF
# 启动docker
systemctl daemon-reload
systemctl enable --now docker
4、安装harbor
# 官网下载,并解压
tar xf harbor-offline-installer-v2.5.0.tgz -C /opt/
# 创建数据目录
mkdir -pv /data/harbor
# 修改配置(注释https配置)
cd /opt/harbor
cp -a harbor.yml.tmpl harbor.yml
vi harbor.yml
hostname: hub.lnso.org
#https:
# port: 443
# certificate: /opt/harbor/certs.d/hub.lnso.org.crt
# private_key: /opt/harbor/certs.d/hub.lnso.org.key
data_volume: /data/harbor
# 配置加载并安装
./prepare
./install.sh
# 访问
http://hub.lnso.org
账户:admin
密码:Harbor12345
5、启动HTTPS访问
# 创建证书目录
mkdir -pv /opt/harbor/certs.d
cd /opt/harbor/certs.d/
# 生成CA证书密钥
openssl genrsa -out ca.key 4096
# 生成 CA 证书
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=lnso.org/OU=Technology/CN=hub.lnso.org" \
-key ca.key \
-out ca.crt
# 生成服务器证书密钥
openssl genrsa -out hub.lnso.org.key 4096
# 生成证书签名请求 (CSR)
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=lnso.org/OU=Technology/CN=hub.lnso.org" \
-key hub.lnso.org.key \
-out hub.lnso.org.csr
# 生成 x509 v3 扩展文件
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=hub.lnso.org
DNS.2=lnso.org
DNS.3=k8s-master-01
EOF
# 使用该v3.ext文件为您的 Harbor 主机生成证书
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in hub.lnso.org.csr \
-out hub.lnso.org.crt
# 配置docker证书
转换hub.lnso.org.crt为hub.lnso.org.cert, 供 Docker 使用
openssl x509 -inform PEM -in hub.lnso.org.crt -out hub.lnso.org.cert
mkdir -pv /etc/docker/certs.d/
cp -a ca.crt hub.lnso.org.crt hub.lnso.org.key /etc/docker/certs.d/
systemctl restart docker
# 修改配置
vi harbor.yml
https:
port: 443
certificate: /opt/harbor/certs.d/hub.lnso.org.crt
private_key: /opt/harbor/certs.d/hub.lnso.org.key
data_volume: /data/harbor
# 重新加载配置
./prepare
docker-compose down
docker-compose up -d
6、测试
# 修改镜像tag
docker tag nginx:latest hub.lnso.org/cloud/nginx:latest
# 第一次上传需登录
docker login hub.lnso.org
docker push hub.lnso.org/cloud/nginx:latest
# 下载
docker pull hub.lnso.org/cloud/nginx:latest
7、复制模式
Push-based:从本地仓库推送到远程仓库,双主模式两个harbor同时配置
Pull-based:从远程仓库拉去到本地仓库,一主多从模式的从库可配置,主从模式从库可配置