CICD部署04 – jenkins + gitlab + harbor + k8s

[!TIP]
Docker 部署 harbor

转载请注明出处:https://janrs.com


docker 部署 harbor


1.下载 docker-composer

wget https://github.com/docker/compose/releases/download/v2.10.1/docker-compose-linux-x86_64

2.下载 harbor

wget https://github.com/goharbor/harbor/releases/download/v2.6.1/harbor-offline-installer-v2.6.1.tgz

解压到根目录

tar zxf harbor-offline-installer-v2.6.1.tgz -C /opt/

3.部署

创建 ssl 证书


openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/harbor/harbor.key -x509 -days 365 -out /opt/harbor/harbor.crt
# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/harbor/harbor.key -x509 -days 365 -out /opt/harbor/harbor.crt -addext 'subjectAltName = IP:172.16.222.250'

修改 docker 启动项

[!NOTE]
此处修改 docker 的启动参数是绕过 Harborssl 认证,但是虽然绕过 ssl 认证,

jenkinspullpush 的时候同样要设置账号密码。如果对 ssl 安全有要求的不建议这样做。这里本地开发为了方便可以这么设置。

注意:除了在部署 jenkins 的服务器的 docker 需要设置这么外,所有 k8s 节点的 docker
都要这么设置,否则节点上的 docker
依旧会报 ssl 校验失败错误。

也就无法拉取 Harbor 的镜像。

修改 /etc/docker/daemon.json 添加以下非安全地址:"insecure-registries" : ["172.16.222.250:8443", "0.0.0.0"],

{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": [
    "http://hub-mirror.c.163.com",
    "https://registry.docker-cn.com",
    "https://docker.mirrors.ustc.edu.cn"
  ],
  "insecure-registries" : ["172.16.222.250:8443", "0.0.0.0"],
  "log-opts": {
    "max-size": "100m"
  }
}

复制配置文件并配置

cp harbor.yml.tmpl harbor.yml && \
vim harbor.yml

修改几个参数

每次修改后都要运行 ./prepare

...

hostname: 172.16.222.100

...
https:
  # https port for harbor, default is 443
  port: 8443
  # The path of cert and key files for nginx
  certificate: /opt/harbor/harbor.crt
  private_key: /opt/harbor/harbor.key

启动服务

./prepare && \
./install.sh

启动成功后显示以下信息

[Step 5]: starting Harbor ...
[+] Running 10/10
 ⠿ Network harbor_harbor        Created                                                                                                                                     0.2s
 ⠿ Container harbor-log         Started                                                                                                                                     2.2s
 ⠿ Container harbor-db          Started                                                                                                                                     7.1s
 ⠿ Container registryctl        Started                                                                                                                                     6.6s
 ⠿ Container redis              Started                                                                                                                                     7.1s
 ⠿ Container registry           Started                                                                                                                                     6.4s
 ⠿ Container harbor-portal      Started                                                                                                                                     5.9s
 ⠿ Container harbor-core        Started                                                                                                                                     8.8s
 ⠿ Container harbor-jobservice  Started                                                                                                                                    12.0s
 ⠿ Container nginx              Started                                                                                                                                    12.7s
✔ ----Harbor has been installed and started successfully.----

查看容器

docker ps | grep harbor

显示

3957815b46ae   goharbor/harbor-jobservice:v2.6.1                         "/harbor/entrypoint.…"   2 minutes ago   Up 2 minutes (healthy)                                                                                              harbor-jobservice
d98a81e5f3ae   goharbor/nginx-photon:v2.6.1                              "nginx -g 'daemon of…"   2 minutes ago   Up 2 minutes (healthy)   0.0.0.0:8443->8443/tcp, :::8443->8443/tcp, 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp       nginx
e90bdecb08ab   goharbor/harbor-core:v2.6.1                               "/harbor/entrypoint.…"   2 minutes ago   Up 2 minutes (healthy)                                                                                              harbor-core
90412077824a   goharbor/harbor-portal:v2.6.1                             "nginx -g 'daemon of…"   2 minutes ago   Up 2 minutes (healthy)                                                                                              harbor-portal
2cea73b634fc   goharbor/harbor-db:v2.6.1                                 "/docker-entrypoint.…"   2 minutes ago   Up 2 minutes (healthy)                                                                                              harbor-db
f9930f35ed20   goharbor/registry-photon:v2.6.1                           "/home/harbor/entryp…"   2 minutes ago   Up 2 minutes (healthy)                                                                                              registry
6b09007b5ec5   goharbor/harbor-registryctl:v2.6.1                        "/home/harbor/start.…"   2 minutes ago   Up 2 minutes (healthy)                                                                                              registryctl
523dd08fd393   goharbor/redis-photon:v2.6.1                              "redis-server /etc/r…"   2 minutes ago   Up 2 minutes (healthy)                                                                                              redis
206b70eb2e35   goharbor/harbor-log:v2.6.1                                "/bin/sh -c /usr/loc…"   2 minutes ago   Up 2 minutes (healthy)   127.0.0.1:1514->10514/tcp                                                                  harbor-log

4.常用命令

停止服务

docker-compose stop

开始服务

docker-compose start

重启服务

docker-compose restart

停止服务并删除容器

docker-compose down

启动服务并运行容器

docker-compose up -d

5.访问 harbor

输入设置的 hostname 和 端口地址直接访问

账号为默认的:admin Harbor12345

https://172.16.222.100:8443

至此。docker 部署 harbor 服务成功。