第一部分:Harbor register搭建
1, 实验环境
IP地址:10.180.160.112
CentOS Linux release 7.2
Docker 17.03.2-ce
2 , 安装 Docker Compose
下载二进制文件 docker-compose,直接放到 /usr/bin/ 目录,并赋予执行权限
$ sudo curl -L https://github.com/docker/compose/releases/download/1.21.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/bin/docker-compose
$ sudo chmod +x /usr/bin/docker-compose
3 下载 harbor
下载地址:https://github.com/vmware/harbor/releases
wget https://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-offline-installer-v1.6.0-rc3.tgz
4 安装 harbor
# tar -zxvf harbor-offline-installer-v1.6.0-rc3.tgz
# cd /apps/harbor
--------------------------------------------
配置https方式
--------------------------
* 创建 CA 根证书
[root@harbor cert]# openssl req -newkey rsa:4096 \
-nodes -sha256 -keyout ca.key -x509 -days 365 \
-out ca.crt -subj "/C=CN/L=beijing/O=nedy/CN=harbor-registry"
* 生成一个证书签名, 设置访问域名为 harbor.nedy.com
[root@harbor cert]# openssl req -newkey rsa:4096 \
-nodes -sha256 -keyout harbor.nedy.com.key \
-out server.csr -subj "/C=CN/L=beijing/O=nedy/CN=harbor.nedy.com"
* 生成主机的证书
[root@harbor cert]# openssl x509 -req -days 365 \
-in server.csr -CA ca.crt -CAkey ca.key \
-CAcreateserial -out harbor.nedy.com.crt
* 修改habor配置文件 [ harbor.cfg ]
#vim /apps/harbor/harbor.cfg
hostname = harbor.nedy.com # 指定私有仓库的主机名,可以是IP地址,也可以是域名
ui_url_protocol = https # 用户访问私仓时使用的协议,默认时http,配置成https
db_password = root123 # 指定mysql数据库管理员密码
harbor_admin_password:Harbor12345 # harbor的管理员账户密码
ssl_cert = /data/cert/harbor.nedy.com.crt # 设置证书文件路径
ssl_cert_key = /data/cert/harbor.nedy.com.key # 设置证书密钥文件路径
*拷贝信任
cp harbor.nedy.com.crt /etc/pki/ca-trust/source/anchors/harbor.nedy.com.crt
update-ca-trust
*安装
# cd /apps/harbor/ && sh install.sh
*访问
https://harbor.nedy.com
admin
Harbor12345
*停止服务
docker-compose down
*开启服务
docker-compose up -d
* 更新配置
如有配置变更,可执行安装目录下的prepare来更新配置
cd /apps/harbor && ./prepare
*服务端本地登录配置harbor register
mkdir /etc/docker/certs.d/harbor.nedy.com
cd /data/cert/ && cp ca.crt /etc/docker/certs.d/harbor.nedy.com/ca.crt
*测试登录
docker login -u admin -p Harbor12345 harbor.nedy.com
第二部分:上传镜像
*修改本地镜像tag
本地镜像:registry.cn-shenzhen.aliyuncs.com/eswork/jenkins
更改tag
docker tag harbor.nedy.com/atlas/jenkins registry.cn-shenzhen.aliyuncs.com/eswork/jenkins
登录harbor register
docker login -u admin -p Harbor12345 harbor.nedy.com
上传修改标签后的镜像
docker push harbor.nedy.com/atlas/jenkins
第三部分: 客户端配置
* 创建仓库证书存放目录
[root@harbor client]# mkdir /etc/docker/certs.d/harbor.nedy.com
* 从harbor服务器获取证书至仓库证书目录
[root@harbor client]# scp [email protected]:/data/cert/ca.crt /etc/docker/certs.d/harbor.nedy.com/ca.crt
* 用户登陆 [ 本地需要做hosts harbor.nedy.com 域名重定向至harbor服务器IP ]
[root@kubernetes-110 ]# docker login -u admin -p Harbor12345 harbor.nedy.com
Login Succeeded