Myluzh Blog

Docker私有镜像容器仓库-Harbor部署

发布时间: 2023-11-6 文章作者: myluzh 分类名称: Docker 朗读文章

1、部署docker-compose 

curl -L https://github.com/docker/compose/releases/download/1.21.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose --version

2、生成证书 

# 生成CA证书私钥
openssl genrsa -out ca.key 4096
# 生成CA证书,harbor.itho.cn为域名地址
openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.itho.cn" \
 -key ca.key \
 -out ca.crt
# 将服务器证书和密匙复制到Harbor主机上的证书文件夹中
cp ca.crt /root/harbor/ca.crt
cp ca.key /root/harbor/ca.key

3、安装harbor 

[root@CentOS7 harbor]# wget https://github.com/goharbor/harbor/releases/download/v2.9.1/harbor-offline-installer-v2.9.1.tgz
[root@CentOS7 harbor]# tar -zxvf harbor-offline-installer-v2.9.1.tgz 
[root@CentOS7 harbor]# cd harbor/
[root@CentOS7 harbor]# mv harbor.yml.tmpl harbor.yml

[root@CentOS7 harbor]# vim harbor.yml
# 修改http端口
http:
  port: 5480
# 修改https端口跟证书路径
https:
  port: 5443
  certificate: /root/harbor/ca.crt
  private_key: /root/harbor/ca.key

# --with-chartmuseum 参数表示启用Charts存储功能。
[root@CentOS7 harbor]# ./install.sh --with-chartmuseum

3、web登录

web界面登录名admin初始密码Harbor12345

4、测试命令登录仓库地址 

myluzh@myluzhdeMacBook-Pro ~ % docker login harbor.itho.cn:5443
Authenticating with existing credentials...
Login Succeeded

如果报错如下(Error response from daemon: Get "https://harbor.itho.cn:5443/v2/": x509: certificate relies on legacy Common Name field, use SANs instead

解决方法:在docker/daemon.json文件里写入仓库地址,然后重启docker后重试。 

{
    "insecure-registries": ["harbor.itho.cn:5443"],
}


5、push镜像测试 

myluzh@myluzhdeMacBook-Pro ~ % docker tag f0b7d20addb4 harbor.itho.cn:5443/mytest/hellok8s:v3
myluzh@myluzhdeMacBook-Pro ~ % docker push harbor.itho.cn:5443/mytest/hellok8s:v3
The push refers to repository [harbor.itho.cn:5443/mytest/hellok8s]
v3: digest: sha256:16588a8f2845147995bea2ddd46bc20c72010c3af26dab987c7b73cd13601a10 size: 2203


6、设置harbor服务自启动

当部署Harbor的服务器在重启之后,可能会出现Harbor无法跟随系统自启动

解决方案

现假设Harbor的安装目录位置为/usr/local/harbor,在Harbor安装完成之后,在此目录下会生成docker-compose.yml配置文件,可以使用docker-compose操作此文件来控制Harbor的启停。

接下来编写自启Harbor的systemd服务,命名为harbor.service(放置于/etc/systemd/system目录下): 

[Unit]
Description=harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor

[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose -f {{ harbor_install_path }}/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f {{ harbor_install_path }}/harbor/docker-compose.yml down

[Install]
WantedBy=multi-user.target

其中ExecStart 字段中的/usr/local/bin/docker-compose 为自己本机的docker-compose所在目录,可使用 which docker-compose 命令查找,{{ harbor_install_path }}为harbor的安装目录,最后使用chmod -R 777 harbor.service 设置访问权限,使用systemctl enable harbor.service来设置开机自启动即可。然后重启服务器进行测试。



参考文章:

https://blog.csdn.net/yy139926/article/details/125269322

https://blog.csdn.net/Katie_ff/article/details/132498162

标签: docker 镜像 仓库 harbor 私有

« JDK1.8之前版本使用K8S对Java应用进行资源限制的注意事项 | K8S安装flannel报错解决(pods with system-node-critical priorityClass is not permitted in kube-flannel namespace)»

发表评论