弱龄寄事外,委怀在琴书。这篇文章主要讲述k8s-harbor安装相关的知识,希望能为你提供帮助。
?1.docker-ce安装?
使用官方安装脚本自动安装(仅适用于公网环境)
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
?2.下载docker-compos的最新版本?
sudo curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
root@k8s-master1:/usr/local/bin# docker-compose --version
docker-compose version 1.23.1, build b02f1306
?3.python2.7?
apt-get install python2.7-y
ln -s /usr/bin/python2.7 /usr/bin/python
?4.证书制作?
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \\
-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.gesila.com" \\
-key ca.key \\
-out ca.crt
root@ubuntu:/usr/local/src/harbor/certs# ls
ca.crtca.key
--------------------------------------------------
遇到问题:Cant load /root/.rnd into RNG
解决办法:
cd /root
openssl rand -writerand .rnd
--------------------------------------------------
openssl genrsa -out harbor.gesila.com.key 4096
openssl req -sha512 -new \\
-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.gesila.com" \\
-key harbor.gesila.com.key \\
-out harbor.gesila.com.csr
root@ubuntu:/usr/local/src/harbor/certs# ls
ca.crtca.keyharbor.gesila.com.csrharbor.gesila.com.key
------------------------------------------------------
cat > v3.ext < < -EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.gesila.com
DNS.2=harbor.gesila
DNS.3=hostname
EOF
root@ubuntu:/usr/local/src/harbor/certs# ls
ca.crtca.keyharbor.gesila.com.csrharbor.gesila.com.keyv3.ext
------------------------------------------------------
openssl x509 -req -sha512 -days 3650 \\
-extfile v3.ext \\
-CA ca.crt -CAkey ca.key -CAcreateserial \\
-in harbor.gesila.com.csr \\
-out harbor.gesila.com.crt
---------------------------------------------------------------------------------
root@ubuntu:/usr/local/src/harbor/certs# ls
ca.crtca.keyca.srlharbor.gesila.com.crtharbor.gesila.com.csrharbor.gesila.com.keyv3.ext
?5.harbor下载及安装?
cd/usr/local/src
tar xf harbor-offline-installer-v1.2.2.tgz
cd harbor/
vim harbor.cfg
------------------------------------
hostname = harbor.gesila.com
ui_url_protocol = https
ssl_cert = /usr/local/src/harbor/certs/harbor.gesila.com.crt
ssl_cert_key = /usr/local/src/harbor/certs/harbor.gesila.com.key
harbor_admin_password = 123456
------------------------------------
./prepare
./install.sh
默认安装不包括Notary或Clair服务,这些服务用于漏洞扫描; 要包括公证服务,你必须在harbor.yml中启用和配置https
sudo ./install.sh -with-notary --with-clair --with-chartmuseum
?6.拷贝证书?
#凡事要登录到habor都要建该文件
mkdir -p /etc/docker/certs.d/harbor.gesila.com
#把证书文件拷贝到/etc/docker/certs.d/harbor.gesila.com目录
cp /usr/local/src/harbor/certs/harbor.gesila.com.crt/etc/docker/certs.d/harbor.gesila.com
?7.修改docker.service 配置文件?
#需要连接到harbor的机器都需要修改,加上参数:--insecure-registry
vim /lib/systemd/system/docker.service
-------------------------------------------------------------------------------------------------------------------
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry harborip地址
-------------------------------------------------------------------------------------------------------------------
systemctl daemon-reload & & systemctl restart docker
?8.测试连接?
root@k8s-master1:/usr/local/src/harbor# docker login harbor.gesila.com
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
?9.测试上传镜像?
网页建一个k8s项目
root@k8s-master1:/usr/local/src/harbor# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
59bf1c3509f3: Pull complete
Digest: sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
root@k8s-master1:/usr/local/src/harbor# docker tag alpine harbor.gesila.com/k8s/alpine & & docker pushharbor.gesila.com/k8s/alpine
Using default tag: latest
The push refers to repository [harbor.gesila.com/k8s/alpine]
8d3ac3489996: Pushed
latest: digest: sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3 size: 528
?问题解决?
【k8s-harbor安装】?./prepare ?
Fail to generate key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
#解决办法:
vim +308prepare
---------------------------------------------------------------------------------------------------------------------------------
empty_subj = "/C=/ST=/L=/O=/CN=/" 替换为:empty_subj = "/C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=Harbor/CN=notarysigner"
--------------------------------------------------------推荐阅读
- Docker安装存储引擎服务进程镜像结构
- 简述DNS服务器原理,并搭建主-从服务器
- 三分钟解决centos8停止维护,我们如何下载软件这个问题
- 搭建openldap与phpldapadmin
- 开源聊天平台 RocketChat 部署
- 使用iptables实现固定端口放行
- 宝塔面板如何安装青龙面板签到京东教程
- 一课玩转自动化运维全流程,轻松应对自动化运维岗
- NAT原理总结