阿里云-云小站(无限量代金券发放中)
【腾讯云】云服务器、云数据库、COS、CDN、短信等热卖云产品特惠抢购

k8s-harbor安装

83次阅读
没有评论

共计 5320 个字符,预计需要花费 14 分钟才能阅读完成。

k8s-harbor 安装

​1.docker-ce 安装​

使用官方安装脚本自动安装(仅适用于公网环境)

curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
​2. 下载 docker-compos 的最新版本​
sudo curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
root@k8s-master1:/usr/local/bin# docker-compose --version
docker-compose version 1.23.1, build b02f1306

3.python2.7​
apt-get install python2.7  -y 
ln -s /usr/bin/python2.7 /usr/bin/python
​4. 证书制作​
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.gesila.com" \
-key ca.key \
-out ca.crt
root@ubuntu:/usr/local/src/harbor/certs# ls
ca.crt  ca.key

————————————————–
遇到问题:Can’t load /root/.rnd into RNG
解决办法:

cd /root
openssl rand -writerand .rnd

————————————————–

openssl genrsa -out harbor.gesila.com.key 4096
openssl req -sha512 -new \
-subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.gesila.com" \
-key harbor.gesila.com.key \
-out harbor.gesila.com.csr
root@ubuntu:/usr/local/src/harbor/certs# ls
ca.crt  ca.key  harbor.gesila.com.csr  harbor.gesila.com.key
------------------------------------------------------
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth 
subjectAltName = @alt_names

[alt_names]
DNS.1=harbor.gesila.com
DNS.2=harbor.gesila
DNS.3=hostname
EOF
root@ubuntu:/usr/local/src/harbor/certs# ls
ca.crt  ca.key  harbor.gesila.com.csr  harbor.gesila.com.key  v3.ext
------------------------------------------------------


openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in harbor.gesila.com.csr \
-out harbor.gesila.com.crt
---------------------------------------------------------------------------------
root@ubuntu:/usr/local/src/harbor/certs# ls
ca.crt  ca.key  ca.srl  harbor.gesila.com.crt  harbor.gesila.com.csr  harbor.gesila.com.key  v3.ext
​5.harbor 下载及安装​
cd  /usr/local/src
tar xf harbor-offline-installer-v1.2.2.tgz
cd harbor/
vim harbor.cfg
------------------------------------
hostname = harbor.gesila.com
ui_url_protocol = https
ssl_cert = /usr/local/src/harbor/certs/harbor.gesila.com.crt 
ssl_cert_key = /usr/local/src/harbor/certs/harbor.gesila.com.key
harbor_admin_password = 123456
------------------------------------
./prepare
./install.sh

默认安装不包括 Notary 或 Clair 服务,这些服务用于漏洞扫描; 要包括公证服务,你必须在 harbor.yml 中启用和配置

https sudo ./install.sh -with-notary --with-clair --with-chartmuseum
​6. 拷贝证书​

# 凡事要登录到 habor 都要建该文件
mkdir -p /etc/docker/certs.d/harbor.gesila.com
#把证书文件拷贝到 /etc/docker/certs.d/harbor.gesila.com 目录

cp /usr/local/src/harbor/certs/harbor.gesila.com.crt  /etc/docker/certs.d/harbor.gesila.com
​7. 修改 docker.service 配置文件​

# 需要连接到 harbor 的机器都需要修改,加上参数:–insecure-registry

vim /lib/systemd/system/docker.service 
-------------------------------------------------------------------------------------------------------------------
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry harborip 地址
-------------------------------------------------------------------------------------------------------------------
systemctl daemon-reload && systemctl restart docker

​​

8. 测试连接​​
root@k8s-master1:/usr/local/src/harbor# docker login harbor.gesila.com
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

​9. 测试上传镜像​​
 网页建一个 k8s 项目
root@k8s-master1:/usr/local/src/harbor# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
59bf1c3509f3: Pull complete 
Digest: sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest

root@k8s-master1:/usr/local/src/harbor# docker tag alpine harbor.gesila.com/k8s/alpine && docker push  harbor.gesila.com/k8s/alpine
Using default tag: latest
The push refers to repository [harbor.gesila.com/k8s/alpine]
8d3ac3489996: Pushed 
latest: digest: sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3 size: 528

​问题解决​

​./prepare ​

Fail to generate key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt

# 解决办法:

vim +308  prepare 
---------------------------------------------------------------------------------------------------------------------------------
empty_subj = "/C=/ST=/L=/O=/CN=/" 替换为:empty_subj = "/C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=Harbor/CN=notarysigner"
---------------------------------------------------------------------------------------------------------------------------------

​​./install.sh​​

./prepare: /usr/bin/python: bad interpreter: No such file or directory

# 解决办法:
prepare 脚本是用 python 写的;但是 prepare 不兼容 3.5 版本,需降级还原使用 2.7

apt-get install python2.7  -y 
ln -s /usr/bin/python2.7 /usr/bin/python
➜ Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https. 
Please set --with-clair if needs enable Clair in Harbor

# 解决办法:
修改 hostname

vim /usr/local/src/harbor/harbor.cfg
#hostname = reg.mydomain.com  默认的是这个,这个必须要删除,注释的话也提示问题上述问题 

阿里云 2 核 2G 服务器 3M 带宽 61 元 1 年,有高配

腾讯云新客低至 82 元 / 年,老客户 99 元 / 年

代金券:在阿里云专用满减优惠券

正文完
星哥玩云-微信公众号
post-qrcode
 0
星锅
版权声明:本站原创文章,由 星锅 于2024-07-25发表,共计5320字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。
【腾讯云】推广者专属福利,新客户无门槛领取总价值高达2860元代金券,每种代金券限量500张,先到先得。
阿里云-最新活动爆款每日限量供应
评论(没有评论)
验证码
【腾讯云】云服务器、云数据库、COS、CDN、短信等云产品特惠热卖中