天天看點
傳回

harbor私有倉庫部署6.驗證浏覽器通路

Harbor 簡介

    Harbor是建構企業級私有docker鏡像的倉庫的開源解決方案,它是Docker Registry的更進階封裝,它除了提供友好的Web UI界面,角色和使用者權限管理,使用者操作審計等功能外,它還整合了K8s的插件(Add-ons)倉庫,即Helm通過chart方式下載下傳,管理,安裝K8s插件,而chartmuseum可以提供存儲chart資料的倉庫【注:helm就相當于k8s的yum】。另外它還整合了兩個開源的安全元件,一個是Notary,另一個是Clair,Notary類似于私有CA中心,而Clair則是容器安全掃描工具,它通過各大廠商提供的CVE漏洞庫來擷取最新漏洞資訊,并掃描使用者上傳的容器是否存在已知的漏洞資訊,這兩個安全功能對于企業級私有倉庫來說是非常具有意義的。

1. 安裝docker 

yum -y install docker-ce

systemctl  restart docker && systemctl enable docker

要想用其他節點都要添加

cat > /etc/docker/daemon.json <<EOF

{

  "insecure-registries":["https://hub.wql.com"]  #倉庫域名

}

EOF

 

mkdir -p /etc/systemd/system/docker.service.d

systemctl daemon-reload && systemctl restart docker && systemctl enable docker

2.安裝docker編排工具compose

最好自己網站下載下傳,容易報錯

下載下傳位址:

curl -L https://github.com/docker/compose/releases/download/1.9.0/docker-compose-`uname -s`-`uname -m`  > /usr/local/bin/docker-compose

https://github.com/docker/compose/releases/tag/1.14.0-rc2

https://github.com/docker/compose/releases/tag/1.25.0-rc4

wget https://github.com/docker/compose/releases/tag/1.14.0-rc2/docker-compose-Linux-x86_64

yum -y install  lrzsz

mv  docker-compose  /usr/local/bin

Chmod a+x /usr/local/bin/docker-compose

3.安裝harbor

下載下傳位址:  Harbor  官方位址: https://github.com/vmware/harbor/releases

包位址:https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-offline-installer-v1.2.0.tgz

tar -zxvf  harbor-offline-installer-v1.2.0.tgz

 mv harbor /usr/local/

 cd /usr/local/harbor/

[[email protected] harbor]# vim harbor.cfg

 5 hostname = hub.wql.com 域名

 9 ui_url_protocol = https 協定

24 ssl_cert = /data/cert/server.crt   #建立一下/data/cert 目錄

 mkdir -p /data/cert

4. 建立證書 

cd /data/cert

]# openssl genrsa -des3 -out server.key 2048

Enter pass phrase for server.key: 這裡輸入密碼,随便填

Verifying - Enter pass phrase for server.key:


[[email protected] cert]#  openssl req -new -key server.key -out server.csr #建立證書請求

Enter pass phrase for server.key: 輸入密碼

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN 國家

State or Province Name (full name) []:BJ 城市

Locality Name (eg, city) [Default City]:BJ 地方

Organization Name (eg, company) [Default Company Ltd]:wql 機構

Organizational Unit Name (eg, section) []:wql 組織

Common Name (eg, your name or your server's hostname) []:hub.wql.com 郵箱

Email Address []:[email protected] 管理者郵箱

 
Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []: 是否改密碼(這裡直接回車)

An optional company name []:

 


cp server.key server.key.org 備份一下

openssl rsa -in server.key.org -out server.key 轉換證書(去掉密碼)

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt 簽名

chmod  a+x * 賦權

共4個

5.運作腳本進行安裝 

cd /usr/local/harbor/

./install.sh

vim  /etc/hosts

192.168.4.10    master01

192.168.4.50    node01

192.168.4.51    node02

192.168.4.53    hub.wql.com

6.驗證浏覽器通路

https://hub.wql.com/

請注意,預設管理者使用者名 / 密碼為 admin / Harbor12345

harbor私有倉庫部署6.驗證浏覽器通路

要在/usr/local/harbor/目錄

重新開機harbor

./prepare 

 docker-compose down   //關閉docker-compose

 docker-compose up -d   //開啟docker-compose

7.指令行登入測試 

~]# docker login https://hub.wql.com

Username: admin  #使用者名

Password:  #密碼

WARNING! Your password will be stored unencrypted in /root/.docker/config.json.

Configure a credential helper to remove this warning.

See https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

8.推送鏡像 

把鏡像打标簽,并上傳harbor
      
docker tag   nginx:v1  hub.wql.com/library/nginx:v1

docker push   hub.wql.com/library/nginx:v1
harbor私有倉庫部署6.驗證浏覽器通路

下載下傳測試

docker pull hub.wql.com/library/nginx:v1

kubectl  run nginx1-deployment --image=hub.wql.com/library/nginx:v1  --port=80 --replicas=1

kubectl  get pod

kubectl  get pod -o wide

 curl 10.244.3.24
k8s Docker 運維
上一篇: Docker 安裝harbor私服, 并配置HTTPS
下一篇: 安裝私有倉庫harbor

繼續閱讀