k8s-harbor安装

k8s-harbor安装

​1.docker-ce安装​

使用官方安装脚本自动安装（仅适用于公网环境）curl -fsSL | bash -s docker --mirror Aliyun

​2.下载docker-compos的最新版本​

sudo curl -L "-s)-$(uname -m)" -o /usr/local/bin/docker-composechmod +x /usr/local/bin/docker-composeroot@k8s-master1:/usr/local/bin# docker-compose --versiondocker-compose version 1.23.1, build b02f1306

​3.python2.7​

apt-get install python2.7 -y ln -s /usr/bin/python2.7 /usr/bin/python

​4.证书制作​

openssl genrsa -out ca.key 4096openssl req -x509 -new -nodes -sha512 -days 3650 \-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.gesila.com" \-key ca.key \-out ca.crtroot@ubuntu:/usr/local/src/harbor/certs# lsca.crt ca.key--------------------------------------------------遇到问题：Can't load /root/.rnd into RNG解决办法：cd /rootopenssl rand -writerand .rnd--------------------------------------------------openssl genrsa -out harbor.gesila.com.key 4096openssl req -sha512 -new \-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.gesila.com" \-key harbor.gesila.com.key \-out harbor.gesila.com.csrroot@ubuntu:/usr/local/src/harbor/certs# lsca.crt ca.key harbor.gesila.com.csr harbor.gesila.com.key------------------------------------------------------cat > v3.ext <<-EOFauthorityKeyIdentifier=keyid,issuerbasicConstraints=CA:FALSEkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEnciphermentextendedKeyUsage = serverAuth subjectAltName = @alt_names[alt_names]DNS.1=harbor.gesila.comDNS.2=harbor.gesilaDNS.3=hostnameEOFroot@ubuntu:/usr/local/src/harbor/certs# lsca.crt ca.key harbor.gesila.com.csr harbor.gesila.com.key v3.ext------------------------------------------------------openssl x509 -req -sha512 -days 3650 \-extfile v3.ext \-CA ca.crt -CAkey ca.key -CAcreateserial \-in harbor.gesila.com.csr \-out harbor.gesila.com.crt---------------------------------------------------------------------------------root@ubuntu:/usr/local/src/harbor/certs# lsca.crt ca.key ca.srl harbor.gesila.com.crt harbor.gesila.com.csr harbor.gesila.com.key v3.ext

​5.harbor下载及安装​

cd /usr/local/srctar xf harbor-offline-installer-v1.2.2.tgzcd harbor/vim harbor.cfg------------------------------------hostname = harbor.gesila.comui_url_protocol = = /usr/local/src/harbor/certs/harbor.gesila.com.crt ssl_cert_key = /usr/local/src/harbor/certs/harbor.gesila.com.keyharbor_admin_password = 123456------------------------------------./prepare./install.sh 默认安装不包括Notary或Clair服务，这些服务用于漏洞扫描;要包括公证服务，你必须在harbor.yml中启用和配置./install.sh -with-notary --with-clair --with-chartmuseum

​6.拷贝证书​

#凡事要登录到habor都要建该文件mkdir -p /etc/docker/certs.d/harbor.gesila.com#把证书文件拷贝到/etc/docker/certs.d/harbor.gesila.com目录cp /usr/local/src/harbor/certs/harbor.gesila.com.crt /etc/docker/certs.d/harbor.gesila.com

​7.修改docker.service 配置文件​

#需要连接到harbor的机器都需要修改，加上参数：--insecure-registryvim /lib/systemd/system/docker.service -------------------------------------------------------------------------------------------------------------------ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry harborip地址-------------------------------------------------------------------------------------------------------------------systemctl daemon-reload && systemctl restart docker

​8.测试连接​

root@k8s-master1:/usr/local/src/harbor# docker login harbor.gesila.comAuthenticating with existing credentials...WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. SeeSucceeded

​9.测试上传镜像​

网页建一个k8s项目root@k8s-master1:/usr/local/src/harbor# docker pull alpineUsing default tag: latestlatest: Pulling from library/alpine59bf1c3509f3: Pull complete Digest: sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300Status: Downloaded newer image for alpine:latestdocker.io/library/alpine:latestroot@k8s-master1:/usr/local/src/harbor# docker tag alpine harbor.gesila.com/k8s/alpine && docker push harbor.gesila.com/k8s/alpineUsing default tag: latestThe push refers to repository [harbor.gesila.com/k8s/alpine]8d3ac3489996: Pushed latest: digest: sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3 size: 528

​问题解决​

​./prepare ​

Fail to generate key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt#解决办法：vim +308 prepare ---------------------------------------------------------------------------------------------------------------------------------empty_subj = "/C=/ST=/L=/O=/CN=/" 替换为：empty_subj = "/C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=Harbor/CN=notarysigner"---------------------------------------------------------------------------------------------------------------------------------

​​./install.sh​​

./prepare: /usr/bin/python: bad interpreter: No such file or directory#解决办法：prepare脚本是用python写的；但是prepare不兼容3.5版本，需降级还原使用2.7apt-get install python2.7 -y ln -s /usr/bin/python2.7 /usr/bin/python

➜ Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under Please set --with-clair if needs enable Clair in Harbor#解决办法：修改hostnamevim /usr/local/src/harbor/harbor.cfg-----------------------------------#hostname = reg.mydomain.com 默认的是这个，这个必须要删除，注释的话也提示问题上述问题-----------------------------------

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。