码迷,mamicode.com
首页 > 其他好文 > 详细

harbor搭建v1.8.3

时间:2020-03-30 13:13:16      阅读:291      评论:0      收藏:0      [点我收藏+]

标签:ase   iptables   自启   harbor   get   pid   开机自启动   main   请求   

harbor版本:harbor-offline-installer-v1.8.3.tgz

docker-compose version 1.24.1, build 4667896b

安装docker

  curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
  curl -o /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
  yum clean all && yum makecache

先检查docker-ce位于哪个仓库,安装时一定要选择stable(稳定版)的
  yum list docker-ce --showduplicates | sort -r
  yum install docker-ce -y
  yum install docker-ce-18.09.8 -y

docker设置

vim /usr/lib/systemd/system/docker.service
Environment="HTTPS_PROXY=http://www.ik8s.io"
Environment="NO_PROXY=127.0.0.0/8,172.20.0.0/16,10.10.10.0/24"
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
# ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
# ExecStartPost=/usr/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
mkdir /etc/docker
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://kz7brmw7.mirror.aliyuncs.com"]
}
EOF

启动docker

  systemctl daemon-reload
  systemctl start docker
  systemctl status docker
  systemctl enable docker

 创建证书文件

if ! which cfssl; then
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/local/bin/cfssl
fi
if ! which cfssljson; then
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O /usr/local/bin/cfssljson
fi
if ! which cfssl-certinfo; then
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/local/bin/cfssl-certinfo
fi
chmod +x /usr/local/bin/cfssl*

# 创建ca证书请求文件
cat << EOF > ca-csr.json
{
  "CN": "Private CA Root certificate",
  "key": {
    "algo": "rsa","size": 2048
  },
  "ca": {
     "expiry": "876000h"
  },
  "names": [
    {
      "C": "CN",
      "L": "BJ",
      "ST": "BeiJing",
      "O": "Private CA certificates are issued",
      "OU": ""
    }
  ]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
# 创建配置文件
cat << EOF > ca-config.json
{
  "signing": {
    "default": {
      "expiry": "8760h"
    },
    "profiles": {
      "harbor": {
        "expiry": "876000h",        
        "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ]
      }
    }
  }
}
EOF
# 创建证书签名请求文件
cat << EOF > harbor-csr.json
{
    "CN": "harbor.hub.com",
    "hosts": [
        "127.0.0.1",
        "10.10.10.21",
        "harbor.hub.com"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "ZJ",            
            "ST": "HZ",
            "O": "harbor",
            "OU": ""
        }
    ]
}
EOF
# 生成证书
cfssl gencert   -ca=ca.pem   -ca-key=ca-key.pem   -config=ca-config.json   -profile=harbor harbor-csr.json | cfssljson -bare harbor

修改配置

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.hub.com     # 此处修改

# http related config
#http:     # 此处修改
  # port for http, default is 80. If https enabled, this port will redirect to https port
#  port: 80  # 此处修改

# https related config
https:  # 此处修改
#   # https port for harbor, default is 443
  port: 443  # 此处修改
#   # The path of cert and key files for nginx
  certificate: /home/harbor/certs/domain.crt  # 此处修改
  private_key: /home/harbor/certs/domain.key  # 此处修改



······
# The default data volume
data_volume: /home/harbor/data   # 此处修改

······

启动harbor

./install.sh

访问

https://harbor.hub.com 设置 hosts 映射文件。默认管理员用户名 / 密码为 admin / Harbor12345

指定镜像仓库地址

vim /etc/docker/daemon.json
{
  "insecure-registries": ["harbor.hub.com"]
}

下载测试镜像

docker pull hello-world

给镜像重新打标签

docker tag hello-world:latest harbor.hub.com/library/word:latest
docker login harbor.hub.com -uadmin -pHarbor12345
docker push harbor.hub.com/library/word:latest

配置开机自启动

cat<< ‘EOF‘ > /usr/lib/systemd/system/harbor.service
[Unit]
Description=harbor service
After=docker.target
[Service]
Type=forking
ExecStart=/home/harbor/start.sh
[Install]
WantedBy=multi-user.target
EOF

cat << ‘EOF‘ > /home/harbor/start.sh
#!/bin/bash
SHHOME=$(cd `dirname $0`; pwd)
cd $SHHOME
/usr/local/bin/docker-compose up -d &
EOF
chmod +x /home/harbor/start.sh

systemctl daemon-reload
systemctl start harbor.service
systemctl status harbor.service
systemctl enable harbor.service

 

 

harbor搭建v1.8.3

标签:ase   iptables   自启   harbor   get   pid   开机自启动   main   请求   

原文地址:https://www.cnblogs.com/outsrkem/p/12597759.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!