Harbor是有VMware公司中国团队为企业用户设计的私有仓库开源项目,它包含了权限管理、审计、管理界面、自我注册等企业必须的功能。同时针对中国用户的特点,设计了镜像复制和中文支持等功能。提供了更好的性能和安全,提升用户使用私有仓库构建和运行环境的传输效率。

官网:https://goharbor.io/

1、下载harbor

  1. # 下载harbor安装包
  2. wget https://github.com/goharbor/harbor/releases/download/v2.4.2/harbor-offline-installer-v2.4.2.tgz
  4. # 解压
  5. tar -xf harbor-offline-installer-v2.4.2.tgz

2、安装

  • 生成CA签名 ```bash [root@kubernetes cert]# openssl genrsa -out ca.key 4096
  2. - 生成CA证书
  3. ```bash
  4. openssl req -x509 -new -nodes -sha512 -days 3650 \
  5.  -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=106.13.81.75" \
  6.  -key ca.key \
  7.  -out ca.crt

  • 生成服务器证书

    openssl genrsa -out 106.13.81.75.key 4096

  • 生成证书签名

    openssl req -sha512 -new \
  -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=106.13.81.75" \
  -key 106.13.81.75.key \
  -out 106.13.81.75.csr

  • 生成x509 v3拓展文件

    cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = IP:106.13.81.75
EOF

  • 通过v3.ext文件生成证书

    openssl x509 -req -sha512 -days 3650 \
  -extfile v3.ext \
  -CA ca.crt -CAkey ca.key -CAcreateserial \
  -in 106.13.81.75.csr \
  -out 106.13.81.75.crt

  • 将证书提供给Docker ```bash [root@kubernetes cert]# mkdir /data/cert/ -p

openssl x509 -inform PEM -in 106.13.81.75.crt -out 106.13.81.75.cert

[root@kubernetes cert]# mkdir -pv /etc/docker/certs.d/106.13.81.75/

[root@kubernetes cert]# cp 106.13.81.75.cert /etc/docker/certs.d/106.13.81.75/ [root@kubernetes cert]# cp 106.13.81.75.key /etc/docker/certs.d/106.13.81.75/ [root@kubernetes cert]# cp ca.crt /etc/docker/certs.d/106.13.81.75/


- 修改Harbor的配置文件
```bash
[root@kubernetes harbor]# cp harbor.yml.tmpl harbor.yml
[root@kubernetes harbor]# vim harbor.yml
hostname: 106.13.81.75
https:
  port: 443
  certificate: /data/cert/106.13.81.75.crt
  private_key: /data/cert/106.13.81.75.key

  • 生成Harbor的配置文件

    [root@kubernetes harbor]# cp cert/{106.13.81.75.crt,106.13.81.75.key} /data/cert/ 
[root@kubernetes harbor]# ./prepare

  • 安装Harbor

    [root@kubernetes harbor]# ./install.sh

    3、测试Docker登录Harbor

  • docker登录 ```bash [root@kubernetes harbor]# docker login 106.13.81.75 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded


- docker上传镜像
```bash
[root@kubernetes harbor]# docker push 106.13.81.75/os/centos:8
The push refers to repository [106.13.81.75/os/centos]
74ddd0ec08fa: Pushed 
8: digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc size: 529