安装私有仓库 Harbor

mac2025-06-27 14

系统：CentOS 7

安装 Docker

# 依赖 $ yum install -y yum-utils device-mapper-persistent-data lvm2 # 导入阿里云的镜像仓库 $ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # 安装 Docker $ yum install -y docker-ce # 启动 Docker 并设为开机自启 $ systemctl start docker $ systemctl enable docker # 配置 daemon # 使用阿里云镜像加速器，需要注册账号使用 # 增加对不安全域名的信任 $ cat > /etc/docker/daemon.json << EOF { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "registry-mirrors": ["https://p02s6s7i.mirror.aliyuncs.com"], "insecure-registries": ["https://hub.yuchunyu.me"] } EOF $ mkdir -p /etc/systemd/system/docker.service.d # 重启 Docker 服务 $ systemctl daemon-reload && systemctl restart docker && systemctl enable docker

同时，需要在其他使用该仓库的节点的 Docker 配置文件中加入 "insecure-registries": ["https://hub.yuchunyu.me"]。

# master01 node01 node02 $ vim /etc/docker/daemon.json $ systemctl restart docker

安装 docker-compose

$ sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose $ sudo chmod +x /usr/local/bin/docker-compose # 查看是否安装成功 $ docker-compose -v

下载 Harbor 离线安装包，并安装

https://github.com/goharbor/harbor/releases 到 Github 下载离线安装包，并传到机器上。

# 解压文件 $ tar -zxvf harbor-offline-installer-v1.9.1.tgz # 将文件拷贝到 /usr/local/ 目录下 $ mv harbor /usr/local/ $ cd /usr/local/harbor/ # 修改配置文件 $ vim harbor.yml # 修改如下几行： hostname: hub.yuchunyu.me ... https: port: 443 certificate: /opt/harbor/ssl/harbor.crt private_key: /opt/harbor/ssl/harbor-key.pem # 保存并退出 # 创建密钥目录 $ mkdir -p /opt/harbor/ssl/ $ cd /opt/harbor/ssl/ # 创建 https 证书以及配置相关目录权限 # 创建私钥，输入密码：Harbor12345 $ openssl genrsa -des3 -out harbor-key.pem 2048 # 创建证书请求 CSR，输入密码：Harbor12345 # 并输入信息：CN BJ BJ yuchunyu yuchunyu hub.yuchunyu.me hub@yuchunyu.me 空空 $ openssl req -new -key harbor-key.pem -out harbor.csr # 备份私钥 $ cp harbor-key.pem harbor-key.pem.origin # 清除密码，输入密码：Harbor12345 $ openssl rsa -in harbor-key.pem.origin -out harbor-key.pem # 签名 $ openssl x509 -req -days 365 -in harbor.csr -signkey harbor-key.pem -out harbor.crt # 赋予权限 $ chmod a+x * # 回到之前的目录，进行安装 $ cd /usr/local/harbor $ ./install.sh

配置 Host 文件

# master01 node01 node02 以及宿主机 # 添加 192.168.159.30 hub.yuchunyu.me # 三个节点执行命令 $ echo "192.168.159.30 hub.yuchunyu.me" >> /etc/hosts # Windows 修改完 host 之后在 CMD 中执行命令刷新 DNS > ipconfig/flushdns

还要在 Harbor 的机器中修改一下 hosts 如下：

$ vim /etc/hosts # 如下 192.168.159.10 k8s-master01 192.168.159.20 k8s-node01 192.168.159.21 k8s-node02 192.168.159.30 hub.yuchunyu.me

访问 Harbor

通过 https://hub.yuchunyu.me/ 访问

默认用户名：admin默认密码：Harbor12345

在 K8S 集群中 master01 节点测试

测试 Harbor

# 登录 $ docker login https://hub.yuchunyu.me # username: admin # password: Harbor12345 # 拉取镜像 $ docker pull wangyanglinux/myapp:v1 # 改名 $ docker tag wangyanglinux/myapp:v1 hub.yuchunyu.me/library/myapp:v1 # 推送 $ docker push hub.yuchunyu.me/library/myapp:v1 # 如果成功，即可在网页端查看到新推送的镜像 # 成功后，可以将这两个镜像删除 $ docker rmi wangyanglinux/myapp:v1 $ docker rmi hub.yuchunyu.me/library/myapp:v1

测试 K8S 集群

获取帮助命令：kubectl run --help

# 部署一个 Pod 并查看状态 $ kubectl run nginx-deployment --image=hub.yuchunyu.me/library/myapp:v1 --port=80 --replicas=1 $ kubectl get deployment $ kubectl get rs $ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-deployment-54b6d968c4-fkj7w 1/1 Running 0 19s 10.244.1.2 k8s-node01 <none> <none> # 可以在集群内通过私有 IP 来进行访问 $ curl 10.244.1.2 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> $ curl 10.244.1.2/hostname.html nginx-deployment-54b6d968c4-fkj7w # 删除 Pod 后会自动重建 $ kubectl delete pod nginx-deployment-54b6d968c4-fkj7w $ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-deployment-54b6d968c4-vp2sq 1/1 Running 0 23s 10.244.2.2 k8s-node02 <none> <none> # 扩容 $ kubectl scale --replicas=3 deployment/nginx-deployment $ kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-deployment-54b6d968c4-crltd 1/1 Running 0 6s 10.244.1.3 k8s-node01 <none> <none> nginx-deployment-54b6d968c4-js89b 1/1 Running 0 6s 10.244.2.3 k8s-node02 <none> <none> nginx-deployment-54b6d968c4-vp2sq 1/1 Running 0 2m2s 10.244.2.2 k8s-node02 <none> <none> # 通过 SVC 访问 $ kubectl expose deployment nginx-deployment --port=30000 --target-port=80 $ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 18h nginx-deployment ClusterIP 10.109.126.182 <none> 30000/TCP 5s # 通过 curl 访问 $ curl 10.109.126.182:30000 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> # 而且会轮询访问三个 Pod $ curl 10.109.126.182:30000/hostname.html nginx-deployment-54b6d968c4-crltd $ curl 10.109.126.182:30000/hostname.html nginx-deployment-54b6d968c4-crltd $ curl 10.109.126.182:30000/hostname.html nginx-deployment-54b6d968c4-js89b ... # 让外部可以访问 $ kubectl edit svc nginx-deployment # 将 type 改为 NodePort，保存退出 $ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 18h nginx-deployment NodePort 10.109.126.182 <none> 30000:32195/TCP 8m46s # 可以通过 192.168.159.10:32195 # 和 192.168.159.20:32195 和 192.168.159.21:32195 访问

最后，重启 Harbor

$ cd /usr/local/harbor/ && docker-compose up -d

设置开机自启

$ vim /usr/lib/systemd/system/harbor.service # 内容如下 [Unit] Description=Harbor After=docker.service systemd-networkd.service systemd-resolved.service Requires=docker.service Documentation=http://github.com/vmware/harbor [Service] Type=simple Restart=on-failure RestartSec=5 ExecStart=/usr/local/bin/docker-compose -f /usr/local/harbor/docker-compose.yml up ExecStop=/usr/local/bin/docker-compose -f /usr/local/harbor/docker-compose.yml down [Install] WantedBy=multi-user.target # 保存并退出 $ sudo systemctl enable harbor $ sudo systemctl start harbor

最新回复(0)