harbor部暑

前置需求

安装

下载离线安装包并解压：

wget https://github.com/goharbor/harbor/releases/download/v2.0.0/harbor-offline-installer-v2.0.0.tgz
tar -zxvf harbor-offline-installer-v2.0.0.tgz

docker安装

yum install yum-utils -y

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

yum install docker-ce-18.09.9 docker-ce-cli-18.09.9 containerd.io -y

ystemctl start docker && systemctl enable docker

docker-compose安装

yum install epel-release -y
yum install python-pip -y
pip install docker-compose

harbor离线安装

[root@harbor]# cd harbor
[root@harbor harbor]# mv harbor.yml.tmpl harbor.yml      #修改harbor配置文件为.yml后缀
[root@harbor harbor]# vim harbor.yml
# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.dev.uboxol.com

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:               #harbor v2.0.0版本默认用https，建议用https,http模式的docker login登录会报错，配置麻烦
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
#下面是我们申请的Let's Encrypt证书，也可以用openssl生成，但自生成证书会报警告
  certificate: /etc/docker/certs.d/dev.uboxol.com.crt
  private_key: /etc/docker/certs.d/dev.uboxol.com.key
....

[root@harbor harbor]# mkdir /etc/docker/certs.d/       #然后把证书和密钥传上这个目录上

#安装
[root@harbor harbor]# ./install.sh

#查看
[root@harbor harbor]# docker-compose ps
      Name                   Command                State                 Ports           
------------------------------------------------------------------------------------------
harbor-core         /harbor/entrypoint.sh        Up (healthy)                             
harbor-db           /docker-entrypoint.sh        Up (healthy)   5432/tcp                  
harbor-jobservice   /harbor/entrypoint.sh        Up (healthy)                             
harbor-log          /bin/sh -c /usr/local/bin/   Up (healthy)   127.0.0.1:1514->10514/tcp 
                    ...                                                                   
harbor-portal       nginx -g daemon off;         Up (healthy)   8080/tcp                  
nginx               nginx -g daemon off;         Up (healthy)   0.0.0.0:80->8080/tcp,     
                                                                0.0.0.0:443->8443/tcp     
redis               redis-server                 Up (healthy)   6379/tcp                  
                    /etc/redis.conf                                                       
registry            /home/harbor/entrypoint.sh   Up (healthy)   5000/tcp                  
registryctl         /home/harbor/start.sh        Up (healthy)   

注：在dns服务器中加入harbor.dev.uboxol.com的正向解析

在浏览器中登录：https://harbor.dev.uboxol.com

在liunx下登录：docker login harbor.dev.uboxol.com

部署或重新配置harbor
如果您已经使用HTTP部署了Harbor，并希望将其重新配置为使用HTTPS，请执行以下步骤。
1、运行prepare脚本以启用HTTPS

[root@harbor harbor]# ./prepare

2、如果Harbor正在运行，请停止并删除现有实例。

[root@harbor harbor]# docker-compose down -v

3、重启harbor

[root@harbor harbor]# docker-compose up -d

在jenkins中添加harbor的凭据

执行docker build时要调用这个凭据

创建认证secret，使k8s能使用harbor仓库

由于harbor采用了用户名密码认证，所以在镜像下载时需要配置sercet

kubectl create secret docker-registry registry-harbor --namespace=devops \
--docker-server=harbor.dev.uboxol.com \
--docker-username=admin \
--docker-password=Harbor12345