使用官方安装自动安装(仅适用于公网环境)
curl -fsSL //get.docker.com | bash -s docker --mirror Aliyun
sudo curl -L "//github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose root@k8s-master1:/usr/local/bin# docker-compose --version docker-compose version 1.23.1, build b02f1306
apt-get install python2.7 -y ln -s /usr/bin/python2.7 /usr/bin/python
openssl genrsa -out ca.key 4096 openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.gesila.com" \ -key ca.key \ -out ca.crt root@ubuntu:/usr/local/src/harbor/certs# ls ca.crt ca.key
--------------------------------------------------
遇到问题:Can't load /root/.rnd into RNG
解决办法:
cd /root openssl rand -writerand .rnd
--------------------------------------------------
openssl genrsa -out harbor.gesila.com.key 4096 openssl req -sha512 -new \ -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.gesila.com" \ -key harbor.gesila.com.key \ -out harbor.gesila.com.csr root@ubuntu:/usr/local/src/harbor/certs# ls ca.crt ca.key harbor.gesila.com.csr harbor.gesila.com.key ------------------------------------------------------
cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=harbor.gesila.com DNS.2=harbor.gesila DNS.3=hostname EOF root@ubuntu:/usr/local/src/harbor/certs# ls ca.crt ca.key harbor.gesila.com.csr harbor.gesila.com.key v3.ext ------------------------------------------------------ openssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in harbor.gesila.com.csr \ -out harbor.gesila.com.crt --------------------------------------------------------------------------------- root@ubuntu:/usr/local/src/harbor/certs# ls ca.crt ca.key ca.srl harbor.gesila.com.crt harbor.gesila.com.csr harbor.gesila.com.key v3.ext
cd /usr/local/src tar xf harbor-offline-installer-v1.2.2.tgz cd harbor/ vim harbor.cfg ------------------------------------ hostname = harbor.gesila.com ui_url_protocol = https ssl_cert = /usr/local/src/harbor/certs/harbor.gesila.com.crt ssl_cert_key = /usr/local/src/harbor/certs/harbor.gesila.com.key harbor_admin_password = 123456 ------------------------------------ ./prepare ./install.sh
默认安装不包括Notary或Clair服务,这些服务用于漏洞扫描;要包括公证服务,你必须在harbor.yml中启用和配置
https sudo ./install.sh -with-notary --with-clair --with-chartmuseum
#凡事要登录到habor都要建该文件
mkdir -p /etc/docker/certs.d/harbor.gesila.com
#把证书文件拷贝到/etc/docker/certs.d/harbor.gesila.com目录
cp /usr/local/src/harbor/certs/harbor.gesila.com.crt /etc/docker/certs.d/harbor.gesila.com
#需要连接到harbor的机器都需要修改,加上参数:--insecure-registry
vim /lib/systemd/system/docker.service ------------------------------------------------------------------------------------------------------------------- ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry harborip地址 ------------------------------------------------------------------------------------------------------------------- systemctl daemon-reload && systemctl restart docker
root@k8s-master1:/usr/local/src/harbor# docker login harbor.gesila.com Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See //docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
网页建一个k8s项目 root@k8s-master1:/usr/local/src/harbor# docker pull alpine Using default tag: latest latest: Pulling from library/alpine 59bf1c3509f3: Pull complete Digest: sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300 Status: Downloaded newer image for alpine:latest docker.io/library/alpine:latest root@k8s-master1:/usr/local/src/harbor# docker tag alpine harbor.gesila.com/k8s/alpine && docker push harbor.gesila.com/k8s/alpine Using default tag: latest The push refers to repository [harbor.gesila.com/k8s/alpine] 8d3ac3489996: Pushed latest: digest: sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3 size: 528
问题解决
./prepare Fail to generate key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
#解决办法:
vim +308 prepare --------------------------------------------------------------------------------------------------------------------------------- empty_subj = "/C=/ST=/L=/O=/CN=/" 替换为:empty_subj = "/C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=Harbor/CN=notarysigner" --------------------------------------------------------------------------------------------------------------------------------- ./install.sh ./prepare: /usr/bin/python: bad interpreter: No such file or directory
#解决办法:
prepare是用python写的;但是prepare不兼容3.5版本,需降级还原使用2.7
apt-get install python2.7 -y ln -s /usr/bin/python2.7 /usr/bin/python
➜ Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients. Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https. Please set --with-clair if needs enable Clair in Harbor
#解决办法:
修改hostname
vim /usr/local/src/harbor/harbor.cfg #hostname = reg.mydomain.com 默认的是这个,这个必须要删除,注释的话也提示问题上述问题
原文来自:
本文地址://q13zd.cn/k8s-harbor-anz.html编辑:王华超,审核员:逄增宝
Linux大全:
Linux系统大全: