harbor安装的最低硬件要求
| Resource | Minimum | Recommended |
|---|---|---|
| CPU | 2 CPU | 4 CPU |
| Mem | 4 GB | 8 GB |
| Disk | 40 GB | 160 GB |
依赖软件要求
docker-ce、docker-compose
官方发布地址:https://github.com/goharbor/harbor/releases
1 安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce
[root@gitlab harbor]# docker --version
Docker version 20.10.6, build 370c289
systemctl start docker
systemctl status docker
systemctl enable docker
2 安装docker-compose
yum -y install docker-compos
3 安装harbor
配置证书
openssl genrsa -out ca.key 4096
openssl genrsa -out harbor.devopstack.cn.key 4096
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.devopstack.cn" \
-key harbor.devopstack.cn.key \
-out harbor.devopstack.cn.csr
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.devopstack.cn" \
-key ca.key \
-out ca.crt
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = IP:192.168.10.20
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in harbor.devopstack.cn.csr \
-out harbor.devopstack.cn.crt
mkdir -p /data/cert/
openssl x509 -inform PEM -in harbor.devopstack.cn.crt -out harbor.devopstack.cn.cert
[root@gitlab harbor]# cp harbor.devopstack.cn.crt /data/cert/
[root@gitlab harbor]# cp harbor.devopstack.cn.key /data/cert/
[root@gitlab harbor]# cp harbor.devopstack.cn.key /etc/docker/certs.d/harbor.devopstack.cn
[root@gitlab harbor]# cp harbor.devopstack.cn.cert ca.crt /etc/docker/certs.d/harbor.devopstack.cn
wget https://github.com/goharbor/harbor/releases/download/v2.2.2/harbor-offline-installer-v2.2.2.tgz
tar -xf harbor-offline-installer-v2.2.2.tgz
配置文件
hostname: harbor.devopstack.cn
# http related config
http:
port: 80
https:
port: 443
certificate: /data/cert/harbor.devopstack.cn.crt
private_key: /data/cert/harbor.devopstack.cn.key
harbor_admin_password: Harbor12345
database:
password: root123
max_idle_conns: 50
max_open_conns: 1000
data_volume: /data
[root@gitlab harbor]# ./prepare
prepare base dir is set to /root/harbor
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
安装
[root@gitlab harbor]# ./install.sh
[root@gitlab harbor]# docker-compose ps
Name Command State Ports
---------------------------------------------------------------------------------------------------------------------------------------------
harbor-core /harbor/entrypoint.sh Up
harbor-db /docker-entrypoint.sh Up
harbor-jobservice /harbor/entrypoint.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up
nginx nginx -g daemon off; Up 0.0.0.0:8081->8080/tcp,:::8081->8080/tcp, 0.0.0.0:443->8443/tcp,:::443->8443/tcp
redis redis-server /etc/redis.conf Up
registry /home/harbor/entrypoint.sh Up
registryctl /home/harbor/start.sh Up
harbor启停:
docker-compose down -v 或 docker-compose stop //区别,前者会remove掉容器、image、网络,停的更干净,后者只是停服务
docker-compose up -d
如图已正常访问
4 harbor使用
docker 登录harbor
cat /etc/docker/daemon.json
{ "insecure-registries":["192.168.10.20:8081"] }
docker login 192.168.10.20:8081
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@gitlab harbor]# docker pull hello-world
[root@gitlab harbor]# docker tag hello-world 192.168.10.20:8081/javademo/hello-world:latest
[root@gitlab harbor]# docker push 192.168.10.20:8081/javademo/hello-world:latest
The push refers to repository [192.168.10.20:8081/javademo/hello-world]
f22b99068db9: Pushed
latest: digest: sha256:1b26826f602946860c279fce658f31050cff2c596583af237d971f4629b57792 size: 525
[root@gitlab harbor]#
- 我的微信
- 这是我的微信扫一扫
-
- 我的微信公众号
- 我的微信公众号扫一扫
-
