- Published on
Harbor-v2.10.1部署(docker)
🔗🔗 这里的内容主要是参考实践 - 部署Harbor私有镜像仓库
下载软件包
- 安装
docker - 安装
docker-compose - 下载
harbor离线安装包 github�仓库软件包下载地址
[root@opt ~]# wget https://github.com/goharbor/harbor/releases/download/v2.10.1/harbor-offline-installer-v2.10.1.tgz
[root@opt ~]# tar -xvf harbor-offline-installer-v2.10.1.tgz
http方式
- 复制配置文件并修改
[root@harbor ~]# cp harbor.yml.tmpl harbor.yml
[root@harbor ~]# vim harbor.yml
# 设置域名
hostname: harbor.local.com
# 注释https相关配置
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
#https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
https方式(🚀 建议)
生成自签名证书
这里我们使用 https://github.com/Fishdrowned/ssl 提供的shell脚本生成ssl证书,证书有效期是 2 年,可以修改 ca.cnf 来修改这个年限。
# 克隆项目
[root@tiaoban opt]# git clone https://github.com/Fishdrowned/ssl.git
# 一键生成证书
[root@tiaoban opt]# cd ssl
[root@tiaoban ssl]# ./gen.cert.sh harbor.local.com # 生成harbor.local.com域名的证书
Removing dir out
Creating output structure
Done
Generating a RSA private key
...................................+++++
....+++++
writing new private key to 'out/root.key.pem'
-----
Generating RSA private key, 2048 bit long modulus (2 primes)
.............+++++
....................................+++++
e is 65537 (0x010001)
Using configuration from ./ca.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :ASN.1 12:'Guangdong'
localityName :ASN.1 12:'Guangzhou'
organizationName :ASN.1 12:'Fishdrowned'
organizationalUnitName:ASN.1 12:'harbor.local.com'
commonName :ASN.1 12:'*.harbor.local.com
Certificate is to be certified until Aug 12 10:49:02 2025 GMT (730 days)
Write out database with 1 new entries
Data Base Updated
Certificates are located in:
lrwxrwxrwx 1 root root 43 8月 13 18:49 /opt/ssl/out/harbor.local.com/harbor.local.com.bundle.crt -> ./20230813-1849/harbor.local.com.bundle.crt
lrwxrwxrwx 1 root root 36 8月 13 18:49 /opt/ssl/out/harbor.local.com/harbor.local.com.crt -> ./20230813-1849/harbor.local.com.crt
lrwxrwxrwx 1 root root 15 8月 13 18:49 /opt/ssl/out/harbor.local.com/harbor.local.com.key.pem -> ../cert.key.pem
lrwxrwxrwx 1 root root 11 8月 13 18:49 /opt/ssl/out/harbor.local.com/root.crt -> ../root.crt
# 查看证书文件
[root@tiaoban ssl]# cd out/harbor.local.com/
[root@tiaoban harbor.local.com]# ll
总用量 0
drwxr-xr-x 2 root root 101 8月 13 18:49 20230813-1849
lrwxrwxrwx 1 root root 43 8月 13 18:49 harbor.local.com.bundle.crt -> ./20230813-1849/harbor.local.com.bundle.crt
lrwxrwxrwx 1 root root 36 8月 13 18:49 harbor.local.com.crt -> ./20230813-1849/harbor.local.com.crt
lrwxrwxrwx 1 root root 15 8月 13 18:49 harbor.local.com.key.pem -> ../cert.key.pem
lrwxrwxrwx 1 root root 11 8月 13 18:49 root.crt -> ../root.crt
# 拷贝证书至harbor目录
[root@tiaoban harbor.local.com]# cp harbor.local.com.crt /opt/harbor/
[root@tiaoban harbor.local.com]# cp harbor.local.com.key.pem /opt/harbor/
修改配置文件
[root@harbor ~]# cp harbor.yml.tmpl harbor.yml
[root@harbor ~]# vim harbor.yml
# 设置域名
hostname: harbor.local.com
# 注释http相关配置
# http related config
# http:
# port for http, default is 80. If https enabled, this port will redirect to https port
# port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /opt/harbor/harbor.local.com.crt
private_key: /opt/harbor/harbor.local.com.key.pem
data_volume: /data/harbor
执行安装脚本
运行 install.sh 脚本
[root@harbor harbor]# ./install.sh
[Step 5]: starting Harbor ...
[+] Building 0.0s (0/0)
[+] Running 10/10
✔ Network harbor_harbor Created 0.3s
✔ Container harbor-log Started 1.8s
✔ Container harbor-portal Started 12.8s
✔ Container registry Started 13.1s
✔ Container redis Started 13.2s
✔ Container registryctl Started 11.4s
✔ Container harbor-db Started 12.0s
✔ Container harbor-core Started 14.3s
✔ Container nginx Started 18.2s
✔ Container harbor-jobservice Started 18.1s
✔ ----Harbor has been installed and started successfully.----
访问Harbor并登录
- 初始用户名
admin - 初始密码
Harbor12345
创建systemd服务管理脚本
vim /lib/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose -f /opt/harbor/docker-compose.yml up
ExecReload=/usr/local/bin/docker-compose -f /opt/harbor/docker-compose.yml restart
ExecStop=/usr/local/bin/docker-compose -f /opt/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
systemctl enable harbor --now
授权访问
docker授权访问
docker配置文件私有仓库设置
[root@master ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://mirror.ccs.tencentyun.com",
"https://o2j0mc5x.mirror.aliyuncs.com"
],
"insecure-registries": [
"https://harbor.local.com"
]
}
- 重启
docker
systemctl daemon-reload
systemctl restart docker
- 登陆
harbor测试
[root@tiaoban ~]# docker login harbor.local.com -u admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
- 推送镜像测试
[root@tiaoban ~]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
5cc84ad355aa: Pull complete
Digest: sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
[root@tiaoban ~]# docker tag busybox:latest harbor.local.com/library/busybox:latest
[root@tiaoban ~]# docker push harbor.local.com/library/busybox:latest
The push refers to repository [harbor.local.com/library/busybox]
01fd6df81c8e: Pushed
latest: digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee size: 527