harbor私有镜像仓库安装

kubernetes
下载harbor
1
下载链接:		https://github.com/goharbor/harbor/releases
自签证书
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

#Getting Certificate Authority
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
    -subj "/C=CN/ST=Zhejiang/L=Hangzhou/O=register/OU=Personal/CN=registry.k8s.com" \
    -key ca.key \
    -out ca.crt
    
#Getting Server Certificate
openssl genrsa -out registry.k8s.com.key 4096
openssl req -sha512 -new \
    -subj "/C=CN/ST=Zhejiang/L=Hangzhou/O=register/OU=Personal/CN=registry.k8s.com" \
    -key registry.k8s.com.key \
    -out registry.k8s.com.csr
    
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth 
subjectAltName = @alt_names

[alt_names]
DNS.1=registry.k8s.com
DNS.2=registry.k8s
DNS.3=localhost.localdomain
EOF

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in registry.k8s.com.csr \
    -out registry.k8s.com.crt
安装harbor
下载docker-compose
1
2
curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
解压harbor
1
tar xvf harbor-offline-installer-v1.8.2.tgz
配置harbor
1
2
3
4
5
6
7
8
vim harbor.yml
hostname: register.k8s.com
https:
  port: 443
  certificate: ./ssl/registry.k8s.com.crt
  private_key: ./ssl/registry.k8s.com.key  
harbor_admin_password: youpassword

安装
1
sh install.sh
harbor服务管理

查看

1
docker-compose ps

关闭

1
docker-compose stop

启动

1
docker-compose start

修改配置重新生效

1
2
3
4
docker-compose down -v
vim harbor.yml
prepare --with-notary --with-clair --with-chartmuseum	参数可选
docker-compose up -d

公钥拷贝到客户端

1
2
mkdir /etc/docker/certs.d/register.k8s.com -p
scp registry.k8s.com.crt root@172.16.88.xx:/etc/docker/certs.d/registry.k8s.com/

通过浏览器创建项目后即可使用,例创建test项目

1
2
3
4
5
docker login register.k8s.com
username:
password:
docker tag SOURCE_IMAGE[:TAG] register.k8s.com/test/IMAGE[:TAG]
docker push register.k8s.com/test/IMAGE[:TAG]