文章目录

一、下载所需软件包1.docker-compose2.harbor

二、安装docker-compose1.安装docker2.配置docker-compose

三、安装harbor1.编辑harbor配置文件2.加载harbor配置（重新加载配置文件，只要修改配置文件就需要执行）3.开始安装harbor4.docker-compose 命令启动/停止harbor

四、配置nginx代理harbor五、kubernetes配置harbor镜像仓库1.创建harbor的secrets用于拉取镜像的凭证2.配置deployment拉取私有镜像时使用的secerts凭证

一、下载所需软件包

1.docker-compose

docker-compose地址：https://github.com/docker/compose/releases/

<code>[root@iZbp135usqaei1stvsrzxoZ fands]# wget -c https://github.com/docker/compose/releases/download/v2.9.0/docker-compose-linux-x86_64

2.harbor

harbor官方地址：https://goharbor.io/

harbor github地址：https://github.com/goharbor/harbor

[root@iZbp135usqaei1stvsrzxoZ fands]# wget -c https://github.com/goharbor/harbor/releases/download/v2.4.2/harbor-offline-installer-v2.4.2.tgz

二、安装docker-compose

1.安装docker

[root@iZbp135usqaei1stvsrzxoZ ~]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

[root@iZbp135usqaei1stvsrzxoZ ~]# yum -y install docker-ce

[root@iZbp135usqaei1stvsrzxoZ ~]# systemctl enable docker && systemctl start docker

Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

[root@iZbp135usqaei1stvsrzxoZ ~]# systemctl status docker

2.配置docker-compose

[root@iZbp135usqaei1stvsrzxoZ fands]# mv docker-compose-linux-x86_64 /usr/bin/docker-compose

[root@iZbp135usqaei1stvsrzxoZ fands]# chmod +x /usr/bin/docker-compose

[root@iZbp135usqaei1stvsrzxoZ fands]# docker-compose -v

Docker Compose version v2.9.0

三、安装harbor

[root@iZbp135usqaei1stvsrzxoZ fands]# tar -zxvf harbor-offline-installer-v2.4.2.tgz -C /hqtbj/hqtwww/

[root@iZbp135usqaei1stvsrzxoZ fands]# cd /hqtbj/hqtwww/

[root@iZbp135usqaei1stvsrzxoZ hqtwww]# mv harbor harbor_workspace

[root@iZbp135usqaei1stvsrzxoZ hqtwww]# cd harbor_workspace/

[root@iZbp135usqaei1stvsrzxoZ harbor_workspace]# cp harbor.yml.tmpl harbor.yml

1.编辑harbor配置文件

[root@iZbp135usqaei1stvsrzxoZ harbor_workspace]# vim harbor.yml

#harbor的域名

hostname: registry.xxxx.cc

#默认http

http:

port: 80

#开启https访问

https:

port: 443

#支持泛域名证书(例如：*.xxxx.cc.pem)

certificate: /hqtbj/hqtwww/harbor_workspace/ssl/registry.xxxx.cc.pem

private_key: /hqtbj/hqtwww/harbor_workspace/ssl/registry.xxxx.cc.key

#数据存放目录（实际存放镜像的地方，需要备份好）

data_volume: /hqtbj/hqtwww/data/harbor

...

2.加载harbor配置（重新加载配置文件，只要修改配置文件就需要执行）

[root@iZbp135usqaei1stvsrzxoZ harbor_workspace]# ./prepare

3.开始安装harbor

只需要要在首次安装时执行，若重复执行则将丢失所有已有景象，慎重！！

[root@iZbp135usqaei1stvsrzxoZ harbor_workspace]# ./install.sh

安装完成后会在当前目录下出现一个docker-compose.yml文件，主要用于管理harbor这些容器的

4.docker-compose 命令启动/停止harbor

<code>需要进入harbor工作目录下执行(含有docker-compose.yaml文件的目录)

#停止harbor所有容器

docker-compose stop

#启动harbor所有容器

docker-compose up -d

四、配置nginx代理harbor

server {

listen 80;

server_name registry.xxxx.cc;

rewrite ^(.*)$ https://$host$1 permanent;

}

server {

listen 443 ssl;

server_name registry.xxxx.cc;

location / {

proxy_pass https://172.32.0.175:443;

}

#支持泛域名证书(例如：*.xxxx.cc.pem)

ssl_certificate /etc/nginx/conf.d/cert/xxxx.cc/master/registry.xxxx.cc.pem;

ssl_certificate_key /etc/nginx/conf.d/cert/xxxx.cc/master/registry.xxxx.cc.key;

ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;

ssl_prefer_server_ciphers on;

}

通过域名访问：

默认用户名admin

默认密码Harbor12345

创建项目空间存放镜像

五、kubernetes配置harbor镜像仓库

1.创建harbor的secrets用于拉取镜像的凭证

#这里生成的secrets是访问harbor的用户名密码

<code>[root@k8s-master1 ~]# kubectl create secret docker-registry --help

[root@k8s-master1 ~]# kubectl create secret docker-registry fatall-registry-secret --docker-username=admin --docker-password=123456 --docker-server=https://registry.xxxx.cc -n fat

[root@k8s-master1 ~]# kubectl get secrets -n fat

NAME TYPE DATA AGE

default-token-ktkdt kubernetes.io/tls 2 474d

fatall-registry-secret kubernetes.io/dockerconfigjson 1 12m

2.配置deployment拉取私有镜像时使用的secerts凭证

官网配置如下：

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account

主要是在下载镜像时添加如下内容：

<code>apiVersion: apps/v1

kind: Deployment

...

spec:

#设置下载harbor私有镜像时用的凭证

imagePullSecrets:

- name: fatall-registry-secret

containers:

- name: energy-order-api

image: registry.xxxx.cc/hqt-registry-fat/energy-order-api:F-2153-20240703-18.37.52

imagePullPolicy: IfNotPresent