私有仓库harbor部署
//
# 私有仓库harbor部署
192.168.14.200
github下载地址🤞🤞 (opens new window)
# 安装Docker,docker-compose
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
yum install -y docker-compose
mkdir -p /etc/docker /data/docker
1
2
3
4
5
6
7
2
3
4
5
6
7
- 修改docker参数配置
cat /etc/docker/daemon.json
{
"graph": "/data/docker",
"storage-driver": "overlay2",
"insecure-registries": ["registry.access.redhat.com","quay.io","harbor.yfklife.cn"],
"registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
"bip": "172.14.200.1/24",
"exec-opts": ["native.cgroupdriver=systemd"],
"live-restore": true
}
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
- 启动docker
systemctl start docker
systemctl enable docker
1
2
3
2
3
# 配置harbor
mkdir /opt/soft
tar zxvf harbor-offline-installer-v1.8.0.tgz -C /opt/
cd /opt && mv harbor/ harbor-v1.8.0
ln -s /opt/harbor-v1.8.0/ /opt/harbor
cd /opt/harbor
mkdir -p /data/harbor/log /data/harbor
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
[root@hdss14-200 harbor]# grep -Ev "^$|#" harbor.yml
hostname: harbor.yfklife.cn #使用域名
http:
port: 28000 #监听端口,后面nginx 代理
harbor_admin_password: yfk123456 #admin/密码
database:
password: root123
data_volume: /data/harbor #镜像数据目录
clair:
updaters_interval: 12
http_proxy:
https_proxy:
no_proxy: 127.0.0.1,localhost,core,registry
jobservice:
max_job_workers: 10
chart:
absolute_url: disabled
log:
level: info
rotate_count: 50
rotate_size: 200M
location: /data/harbor/log #日志
_version: 1.8.0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
- 安装生成docker-compose.yml与启动
cd /opt/harbor
./install.sh
docker-compose -f docker-compose.yml up -d
1
2
3
4
5
6
2
3
4
5
6
# 配置nginx域名访问
- 安装nginx
yum install -y nginx
cat /etc/nginx/conf.d/harbor.conf
server {
listen 80;
server_name harbor.yfklife.cn;
client_max_body_size 1000m;
location / {
proxy_pass http://127.0.0.1:28000;
}
}
1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
- 启动nginx
systemctl start nginx
systemctl enable nginx
1
2
3
2
3
添加bind-dns解析,访问 http://harbor.yfklife.cn 用户名密码: admin/yfk123456
- 创建kubectl拉取docker私有仓库密钥
kubectl create secret docker-registry harbor --docker-server=harbor.yfklife.cn --docker-username=admin --docker-password=yfk123456 -n devops
# 私有仓库registry
- run运行一个registry
docker run -d -p 5000:5000 --restart=always --name registry -v /opt/registry/lib:/var/lib/registry registry:2.8.0
- 配置nginx
如果没有https证书,需要在daemon.json添加信任
[root@agent-04 ~]# cat /etc/nginx/sites-enabled/registry.conf
upstream registry{
server 127.0.0.1:5000;
}
server
{
server_name registry.yfklife.cn;
listen 80;
listen 443 ssl;
ssl_certificate ssl/yfklife.cn.cer;
ssl_certificate_key ssl/yfklife.cn.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!EXPORT56:!EXP;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_pass http://registry;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
//
如果此文章对您有帮助,点击 -->> 请博主喝咖啡 (opens new window)
上次更新: 2022/08/26, 18:11:41