Kubernetes Harbor部署

---

title: Kubernetes Harbor部署
author: susu
date: 2021-01-01
site:
- cnblogs.com

official docs

Harbor Installation Prerequisites
harbor releases

harbor

docker engine

https://docs.docker.com/engine/install/

docker-compose

https://docs.docker.com/compose/install/

[root@master ~]# sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

process

# 1. download harbor-offline-installer-version.tgz
wget https://github.com/goharbor/harbor/releases/download/v2.2.2/harbor-offline-installer-v2.2.2.tgz
tar xzvf harbor-offline-installer-v2.2.2.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml

[root@master harbor]# ls
common  common.sh  harbor.v2.2.2.tar.gz  harbor.yml  harbor.yml.tmpl  input  install.sh  LICENSE  prepare


# 2. configure https access to harbor(optional)

openssl genrsa -out ca.key 4096

openssl req -x509 -new -nodes -sha512 -days 3650 
 -subj "/C=CN/ST=Shanghai/L=Shanghai/O=susu/OU=susu/CN=susu.com" 
 -key ca.key 
 -out ca.crt

openssl genrsa -out susu.com.key 4096
openssl req -sha512 -new 
    -subj "/C=CN/ST=Shanghai/L=Shanghai/O=susu/OU=susu/CN=susu.com" 
    -key susu.com.key 
    -out susu.com.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=susu.com
DNS.2=susu
DNS.3=master
EOF

openssl x509 -req -sha512 -days 3650 
    -extfile v3.ext 
    -CA ca.crt -CAkey ca.key -CAcreateserial 
    -in susu.com.csr 
    -out susu.com.crt

cp susu.com.crt /data/cert/
cp susu.com.key /data/cert/

openssl x509 -inform PEM -in susu.com.crt -out susu.com.cert

cp susu.com.cert /etc/docker/certs.d/susu.com/
cp susu.com.key /etc/docker/certs.d/susu.com/
cp ca.crt /etc/docker/certs.d/susu.com/

systemctl restart docker

# 3. configure the harbor yaml file
# 如果不需要https,注释相关项即可。
vim harbor.yml
hostname: susu.com

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /data/cert/susu.com.crt
  private_key: /data/cert/susu.com.key

# 4. install harbor
[root@master harbor]# ./prepare 
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@master harbor]# vim harbor.yml
[root@master harbor]# docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating registry      ... done
Creating registryctl   ... done
Creating harbor-db     ... done
Creating redis         ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done
[root@master harbor]# docker login susu.com
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@master harbor]# docker tag 192.168.1.2/kubernetes-local/alpine:3.6 susu.com/kubernetes-local/alpine:3.6
[root@master harbor]# docker push susu.com/kubernetes-local/alpine
The push refers to repository [susu.com/kubernetes-local/alpine]
721384ec99e5: Pushed 
3.6: digest: sha256:36c3a913e62f77a82582eb7ce30d255f805c3d1e11d58e1f805e14d33c2bc5a5 size: 528
[root@master harbor]# docker rmi susu.com/kubernetes-local/alpine:3.6 
Untagged: susu.com/kubernetes-local/alpine:3.6
Untagged: susu.com/kubernetes-local/alpine@sha256:36c3a913e62f77a82582eb7ce30d255f805c3d1e11d58e1f805e14d33c2bc5a5
[root@master harbor]# docker pull susu.com/kubernetes-local/alpine:3.6
3.6: Pulling from kubernetes-local/alpine
Digest: sha256:36c3a913e62f77a82582eb7ce30d255f805c3d1e11d58e1f805e14d33c2bc5a5
Status: Downloaded newer image for susu.com/kubernetes-local/alpine:3.6
susu.com/kubernetes-local/alpine:3.6

reference

1. harbor安装以及基本使用方法
2. docker登录私仓失败cannot validate certificate for 192.168.76.131 because it doesn‘t contain any IP SANs
3. docker push Registry时https报错解决方法
4. Configure HTTPS Access to Harbor部署