BlueXIII's Blog

热爱技术,持续学习

0%

Harbor离线部署

Posted on Edited on

参考

下载

配置hosts

在本机及所有节点配置hosts:
192.168.101.244 harbor.dubhe

Compose方式安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# 解压
tar -zxvf harbor-offline-installer-v2.8.0.tgz && cd harbor

# 配置harbor.yml
cp harbor.yml.tmpl harbor.yml
vi harbor.yml 
1. 注释掉https
2. hostname改为域名 harbor.dubhe或IP
3. 端口改为 5000
4. 修改数据目录/data(可选)

# 安装
./install.sh

# 启停
docker-compose down
docker-compose up -d

# 重新生成配置
./prepare

Helm方式安装

镜像清单

1
2
3
4
5
6
7
8
9
10
11
12
goharbor/harbor-core:v2.8.0
goharbor/harbor-db:v2.8.0
goharbor/harbor-exporter:v2.8.0
goharbor/harbor-jobservice:v2.8.0
goharbor/harbor-portal:v2.8.0
goharbor/harbor-registryctl:v2.8.0
goharbor/nginx-photon:v2.8.0
goharbor/notary-server-photon:v2.8.0
goharbor/notary-signer-photon:v2.8.0
goharbor/redis-photon:v2.8.0
goharbor/registry-photon:v2.8.0
goharbor/trivy-adapter-photon:v2.8.0

安装过程

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# 使用dockemon工具将镜像导入到每个节点

# 下载chart并修改
helm repo add harbor https://helm.goharbor.io
helm pull harbor/harbor
修改values.yaml: 
1、type: nodePort
2、tls.enabled: false
3、externalURL: http://harbor.dubhe
4、storageClass: "local-path" 
5、size: 50Gi

# 使用Helm安装
helm install harbor ./harbor_chart --namespace harbor --create-namespace

# 更新
helm upgrade harbor ./harbor_chart --namespace harbor

helm uninstall harbor --namespace harbor

Console

http://harbor.dubhe:30002
admin/yourpass

自签名证书(可选)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
openssl genrsa -aes256 -out ca-key.pem 4096
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -subj "/CN=harbor.dubhe" -out ca.pem
openssl genrsa -out server-key.pem 4096
openssl req -new -sha256 \
    -key server-key.pem \
    -subj "/C=CN/OU=sdas/O=evayinfo/CN=dubhe" \
    -reqexts SAN \
    -config <(cat /etc/ssl/openssl.cnf \
        <(printf "\n[SAN]\nsubjectAltName=DNS:harbor.dubhe")) \
    -out server.csr
openssl x509 -req -days 365 \
    -in server.csr -out server-cert.pem \
    -CA ca.pem -CAkey ca-key.pem -CAcreateserial \
    -extensions SAN \
    -extfile <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:harbor.dubhe"))

镜像仓库配置

docker配置http方式私有仓库

1
2
3
4
5
6
7
8
# 配置
mkdir -p /etc/docker
vi /etc/docker/daemon.json
{ "insecure-registries":["harbor.dubhe:30002"] } 

# 重启
killall dockerd
dockerd&

containerd(k3s)配置http方式私有仓库

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 配置DNS
echo "10.193.36.252  harbor.dubhe">/etc/hosts
# 配置
mkdir -p /etc/rancher/k3s
cat << EOF >/etc/rancher/k3s/registries.yaml
mirrors:
  "harbor.dubhe:30002":
    endpoint:
      - "http://harbor.dubhe:30002"
configs:
  "harbor.dubhe:30002":
    auth:
      username: admin
      password: yourpass
EOF

# 重启k3s,注意要修改并重启每个节点
systemctl restart k3s
systemctl restart k3s-agent

# 查看自动生成的配置
cat /var/lib/rancher/k3s/agent/etc/containerd/config.toml

containerd(k3s)配置镜像仓库

https://docs.k3s.io/zh/installation/private-registry

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# 配置DNS
echo "10.193.36.50  harbor.dubhe">>/etc/hosts
# 配置
mkdir -p /etc/rancher/k3s
cat << EOF >/etc/rancher/k3s/registries.yaml
mirrors:
  "docker.io":
    endpoint:
      - "http://harbor.dubhe:30002"
  "quay.io":
    endpoint:
      - "http://harbor.dubhe:30002"
  "ghcr.io":
    endpoint:
      - "http://harbor.dubhe:30002"
  "k8s.gcr.io":
    endpoint:
      - "http://harbor.dubhe:30002"
  "registry.k8s.io":
    endpoint:
      - "http://harbor.dubhe:30002"
  "gcr.io":
    endpoint:
      - "http://harbor.dubhe:30002"
  "harbor.dubhe:30002":
    endpoint:
      - "http://harbor.dubhe:30002"
configs:
  "harbor.dubhe:30002":
    auth:
      username: admin
      password: yourpass
EOF

      
# 重启k3s,注意要修改并重启每个节点
systemctl restart k3s
systemctl restart k3s-agent

# 查看自动生成的配置
cat /var/lib/rancher/k3s/agent/etc/containerd/config.toml