在上一篇文章里我们主要介绍harbor所需要使用的nfs安装和所依赖的docker-compose安装。这里我们主要介绍安装harbor,本次我们采用下载harbor offline package的方式安装,并设置开机自动启动,将harbor的存储设置为挂载的nfs共享目录。然后下载一些基础镜像(例如rhel-pod-infrastructure),在harbor里创建私有仓库,测试将基础镜像push到private repo里,并pull下来。
下载并解压harbor:
这里我们采用直接下载harbor offline package,注意这里在github下载harbor(1.8.1版本)
mkdir -p /opt/sw/harbor
cd /opt/sw/harbor
wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.1.tgz
tar -xzvf /opt/sw/harbor/harbor-offline-installer-v1.8.1.tgz
制作harbor ssl证书,copy到配置目录:
我们这里开启harbor的ssl,所以请提前制作好harbor证书(可以参考以前文章中制作docker的cert),并且copy到相应的配置目录里(这里是/opt/sw/harbor/harbor/cert)
mkdir -p /opt/sw/harbor/harbor/cert
ll /opt/sw/harbor/harbor/cert
修改harbor配置文件:
可以参考如下连接:
https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
vi /opt/sw/harbor/harbor/harbor.yml
hostname: 172.20.11.41
http:
port:1033
https:
port: 1034
certificate: /opt/sw/harbor/harbor/cert/harbor-server.crt
private_key: /opt/sw/harbor/harbor/cert/harbor-server.key
harbor_admin_password: abc123_
data_volume: /mnt/shares
安装harbor:
sh /opt/sw/harbor/harbor/install.sh
查看harbor的容器:
docker-compose -f /opt/sw/harbor/harbor/docker-compose.yml ps
停止和启动harbor:
docker-compose -f /opt/sw/harbor/harbor/docker-compose.yml stop
docker-compose -f /opt/sw/harbor/harbor/docker-compose.yml start
开启harbor访问端口:这里是1034端口:
firewall-cmd --permanent --zone=public --add-port=1034/tcp
firewall-cmd --reload
firewall-cmd --list-all
访问harbor并创建project:
创建harbor systemd service设置开机启动:
touch /usr/lib/systemd/system/harbor.service
cat > /usr/lib/systemd/system/harbor.service<< EOF
[Unit]
Description=Harbor docker image repository service
After=network.target network-online.target docker.service
Wants=network-online.target docker.service
[Service]
Type=notify
ExecStart=/usr/bin/docker-compose -f /opt/sw/harbor/harbor/docker-compose.yml start
ExecStop=/usr/bin/docker-compose -f /opt/sw/harbor/harbor/docker-compose.yml stop
RemainAfterExit=yes
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable harbor
下载基础镜像并使用harbor repo:
这里我们下载rhel7-pod-infrastructure基础镜像,将其push到我们的harbor repo,然后在从harbor repo中pull下来
push into harbor
docker load -i /opt/sw/harbor/rhel7-pod-infrastructure.tar
docker images|grep 99965fb98423
docker tag 99965fb98423 172.20.11.41:1034/infra/registry.access.redhat.com-rhel7-pod-infrastructure:latest
docker login 172.20.11.41:1034 -u admin -p abc123_
docker push 172.20.11.41:1034/infra/registry.access.redhat.com-rhel7-pod-infrastructure:latest
pull from harbor
docker login 172.20.11.41:1034 -u admin -p abc123_
docker pull 172.20.11.41:1034/infra/registry.access.redhat.com-rhel7-pod-infrastructure:latest
目前先写到这里,下一篇文章里我们开始介绍k8s各个组件的创建。