Harbor 概述
Harbor是由VMWare公司开源的容器镜像仓库。除了harbor vmware公司还开源了很多k8s周边产品(网络 备份 监控)确实是一个很理想的公司事实上,Harbor是在Docker Registry上进行了相应的企业级扩展,从而获得了更加广泛的应用,这些新的企业级特性包括:管理用户界面,基于角色的访问控制,AD/LDAP集成以及审计日志等,足以满足基本企业需求。
官方:https://goharbor.io/
Github:https://github.com/goharbor/harbor
Harbor 架构
TEB(比较简单就是存储镜像的地方就不介绍了)
Harbor 部署
安装dokcer 和docker-compose
https://github.com/docker/compose/releases
[root@k8s-harbor ~]# docker -v Docker version 19.03.13, build 4484c46d9d [root@k8s-harbor ~]# docker-compose -v docker-compose version 1.27.3, build 4092ae5d
部署Harbor HTTP
下载 harbor安装包 https://github.com/goharbor/harbor/releases
# tar zxvf harbor-offline-installer-v2.0.0.tgz # cd harbor # cp harbor.yml.tmpl harbor.yml # vi harbor.yml hostname: k8s-harbor.cds.local https: # https port for harbor, default is 443 port: 443 # 证书可以使用cfssl工具生成 certificate: /root/cert/www.pem private_key: /root/cert/www-key.pem harbor_admin_password: VMware1! harbor_admin_password: VMware1! # Harbor DB configuration database: # The password for the root user of Harbor DB. Change this before any production use. password: root123
# ./prepare
# ./install.sh
浏览器登陆验证
将harbor使用证书复制到k8s节点
### k8s节点上创建证书目录 mkdir -p /etc/docker/certs.d/harbor ### 复制证书 cd /etc/docker/certs.d/harbor scp root@172.16.0.14:/root/cert/www.pem .
验证
### k8s 所有节点配置 harbor可信
# vi /etc/docker/daemon.json
{"insecure-registries":["k8s-harbor.cds.local"]}
### 重启dockers服务
# systemctl restart docker
###拉取镜像
[root@k8s-master03 harbor]# docker pull k8s-harbor.cds.local/library/centos:7
7: Pulling from library/centos
75f829a71a1c: Pull complete
Digest: sha256:fe2347002c630d5d61bf2f28f21246ad1c21cc6fd343e70b4cf1e5102f8711a9
Status: Downloaded newer image for k8s-harbor.cds.local/library/centos:7
k8s-harbor.cds.local/library/centos:7