[!TIP]
Docker
部署harbor
转载请注明出处:https://janrs.com
docker 部署 harbor
1.下载 docker-composer
wget https://github.com/docker/compose/releases/download/v2.10.1/docker-compose-linux-x86_64
2.下载 harbor
wget https://github.com/goharbor/harbor/releases/download/v2.6.1/harbor-offline-installer-v2.6.1.tgz
解压到根目录
tar zxf harbor-offline-installer-v2.6.1.tgz -C /opt/
3.部署
创建 ssl
证书
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/harbor/harbor.key -x509 -days 365 -out /opt/harbor/harbor.crt
# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/harbor/harbor.key -x509 -days 365 -out /opt/harbor/harbor.crt -addext 'subjectAltName = IP:172.16.222.250'
修改 docker
启动项
[!NOTE]
此处修改docker
的启动参数是绕过Harbor
的ssl
认证,但是虽然绕过ssl
认证,
jenkins
在pull
和push
的时候同样要设置账号密码。如果对ssl
安全有要求的不建议这样做。这里本地开发为了方便可以这么设置。注意:除了在部署
jenkins
的服务器的docker
需要设置这么外,所有k8s
节点的docker
都要这么设置,否则节点上的docker
依旧会报ssl
校验失败错误。
也就无法拉取Harbor
的镜像。
修改 /etc/docker/daemon.json
添加以下非安全地址:"insecure-registries" : ["172.16.222.250:8443", "0.0.0.0"],
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"http://hub-mirror.c.163.com",
"https://registry.docker-cn.com",
"https://docker.mirrors.ustc.edu.cn"
],
"insecure-registries" : ["172.16.222.250:8443", "0.0.0.0"],
"log-opts": {
"max-size": "100m"
}
}
复制配置文件并配置
cp harbor.yml.tmpl harbor.yml && \
vim harbor.yml
修改几个参数
每次修改后都要运行 ./prepare
...
hostname: 172.16.222.100
...
https:
# https port for harbor, default is 443
port: 8443
# The path of cert and key files for nginx
certificate: /opt/harbor/harbor.crt
private_key: /opt/harbor/harbor.key
启动服务
./prepare && \
./install.sh
启动成功后显示以下信息
[Step 5]: starting Harbor ...
[+] Running 10/10
⠿ Network harbor_harbor Created 0.2s
⠿ Container harbor-log Started 2.2s
⠿ Container harbor-db Started 7.1s
⠿ Container registryctl Started 6.6s
⠿ Container redis Started 7.1s
⠿ Container registry Started 6.4s
⠿ Container harbor-portal Started 5.9s
⠿ Container harbor-core Started 8.8s
⠿ Container harbor-jobservice Started 12.0s
⠿ Container nginx Started 12.7s
✔ ----Harbor has been installed and started successfully.----
查看容器
docker ps | grep harbor
显示
3957815b46ae goharbor/harbor-jobservice:v2.6.1 "/harbor/entrypoint.…" 2 minutes ago Up 2 minutes (healthy) harbor-jobservice
d98a81e5f3ae goharbor/nginx-photon:v2.6.1 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:8443->8443/tcp, :::8443->8443/tcp, 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp nginx
e90bdecb08ab goharbor/harbor-core:v2.6.1 "/harbor/entrypoint.…" 2 minutes ago Up 2 minutes (healthy) harbor-core
90412077824a goharbor/harbor-portal:v2.6.1 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes (healthy) harbor-portal
2cea73b634fc goharbor/harbor-db:v2.6.1 "/docker-entrypoint.…" 2 minutes ago Up 2 minutes (healthy) harbor-db
f9930f35ed20 goharbor/registry-photon:v2.6.1 "/home/harbor/entryp…" 2 minutes ago Up 2 minutes (healthy) registry
6b09007b5ec5 goharbor/harbor-registryctl:v2.6.1 "/home/harbor/start.…" 2 minutes ago Up 2 minutes (healthy) registryctl
523dd08fd393 goharbor/redis-photon:v2.6.1 "redis-server /etc/r…" 2 minutes ago Up 2 minutes (healthy) redis
206b70eb2e35 goharbor/harbor-log:v2.6.1 "/bin/sh -c /usr/loc…" 2 minutes ago Up 2 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
4.常用命令
停止服务
docker-compose stop
开始服务
docker-compose start
重启服务
docker-compose restart
停止服务并删除容器
docker-compose down
启动服务并运行容器
docker-compose up -d
5.访问 harbor
输入设置的 hostname
和 端口地址直接访问
账号为默认的:admin
和 Harbor12345
https://172.16.222.100:8443
发表回复