k8s-harbor安裝
1.docker-ce安裝
使用官方安裝 自動安裝(僅適用於公網環境)
curl -fsSL | bash -s docker --mirror Aliyun
2.下載docker-compos的最新版本
sudo curl -L "(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose root@k8s-master1:/usr/local/bin# docker-compose --version docker-compose version 1.23.1, build b02f1306
3.python2.7
apt-get install python2.7 -y ln -s /usr/bin/python2.7 /usr/bin/python
4.證照製作
openssl genrsa -out ca.key 4096 openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.gesila.com" \ -key ca.key \ -out ca.crt root@ubuntu:/usr/local/src/harbor/certs# ls ca.crt ca.key
--------------------------------------------------
遇到問題:Can't load /root/.rnd into RNG
解決辦法:
cd /root openssl rand -writerand .rnd
--------------------------------------------------
openssl genrsa -out harbor.gesila.com.key 4096 openssl req -sha512 -new \ -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.gesila.com" \ -key harbor.gesila.com.key \ -out harbor.gesila.com.csr root@ubuntu:/usr/local/src/harbor/certs# ls ca.crt ca.key harbor.gesila.com.csr harbor.gesila.com.key ------------------------------------------------------
cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=harbor.gesila.com DNS.2=harbor.gesila DNS.3=hostname EOF root@ubuntu:/usr/local/src/harbor/certs# ls ca.crt ca.key harbor.gesila.com.csr harbor.gesila.com.key v3.ext ------------------------------------------------------ openssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in harbor.gesila.com.csr \ -out harbor.gesila.com.crt --------------------------------------------------------------------------------- root@ubuntu:/usr/local/src/harbor/certs# ls ca.crt ca.key ca.srl harbor.gesila.com.crt harbor.gesila.com.csr harbor.gesila.com.key v3.ext
5.harbor下載及安裝
cd /usr/local/src tar xf harbor-offline-installer-v1.2.2.tgz cd harbor/ vim harbor.cfg ------------------------------------ hostname = harbor.gesila.com ui_url_protocol = https ssl_cert = /usr/local/src/harbor/certs/harbor.gesila.com.crt ssl_cert_key = /usr/local/src/harbor/certs/harbor.gesila.com.key harbor_admin_password = 123456 ------------------------------------ ./prepare ./install.sh
預設安裝不包括Notary或Clair服務,這些服務用於漏洞掃描;要包括公證服務,你必須在harbor.yml中啟用和配置
https sudo ./install.sh -with-notary --with-clair --with-chartmuseum
6.複製證照
#凡事要登入到habor都要建該檔案
mkdir -p /etc/docker/certs.d/harbor.gesila.com
#把證照檔案複製到/etc/docker/certs.d/harbor.gesila.com目錄
cp /usr/local/src/harbor/certs/harbor.gesila.com.crt /etc/docker/certs.d/harbor.gesila.com
7.修改docker.service 配置檔案
#需要連線到harbor的機器都需要修改,加上引數:--insecure-registry
vim /lib/systemd/system/docker.service ------------------------------------------------------------------------------------------------------------------- ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry harborip地址 ------------------------------------------------------------------------------------------------------------------- systemctl daemon-reload && systemctl restart docker
8.測試連線
root@k8s-master1:/usr/local/src/harbor# docker login harbor.gesila.com Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See Login Succeeded
9.測試上傳映象
網頁建一個k8s專案 root@k8s-master1:/usr/local/src/harbor# docker pull alpine Using default tag: latest latest: Pulling from library/alpine 59bf1c3509f3: Pull complete Digest: sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300 Status: Downloaded newer image for alpine:latest docker.io/library/alpine:latest root@k8s-master1:/usr/local/src/harbor# docker tag alpine harbor.gesila.com/k8s/alpine && docker push harbor.gesila.com/k8s/alpine Using default tag: latest The push refers to repository [harbor.gesila.com/k8s/alpine] 8d3ac3489996: Pushed latest: digest: sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3 size: 528
問題解決
./prepare Fail to generate key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
#解決辦法:
vim +308 prepare --------------------------------------------------------------------------------------------------------------------------------- empty_subj = "/C=/ST=/L=/O=/CN=/" 替換為:empty_subj = "/C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=Harbor/CN=notarysigner" --------------------------------------------------------------------------------------------------------------------------------- ./install.sh ./prepare: /usr/bin/python: bad interpreter: No such file or directory
#解決辦法:
prepare
是用python寫的;但是prepare不相容3.5版本,需降級還原使用2.7
apt-get install python2.7 -y ln -s /usr/bin/python2.7 /usr/bin/python
➜ Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients. Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https. Please set --with-clair if needs enable Clair in Harbor
#解決辦法:
修改hostname
vim /usr/local/src/harbor/harbor.cfg #hostname = reg.mydomain.com 預設的是這個,這個必須要刪除,註釋的話也提示問題上述問題
原文來自:
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/69955379/viewspace-2871321/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 安裝npm 解除安裝npm 安裝apidocNPMAPI
- BiocManager安裝,devtools安裝dev
- Linux安裝解除安裝MySQLLinuxMySql
- linux 安裝yum 安裝phpLinuxPHP
- Ubuntu解除安裝和安裝Ubuntu
- 02 安裝git、安裝TortoiseGitGit
- cocoapods安裝/解除安裝/使用
- JDK安裝和解除安裝JDK
- ffmpeg安裝之mac安裝Mac
- docker安裝及解除安裝Docker
- [ 安裝 ] Zeppelin安裝步驟!
- win10安裝版怎麼安裝_安裝版win10安裝教程Win10
- ElasticSearch的安裝和使用,Postman的安裝,Kibana的安裝,EShead外掛的安裝ElasticsearchPostman
- Mac Redis安裝與解除安裝MacRedis
- 安裝了IDLE後安裝tensorflow
- kratos安裝及依賴安裝
- Linux 解除安裝openjdk 安裝oraclejdkLinuxJDKOracle
- debian安裝和解除安裝vmware
- JDK的安裝與解除安裝JDK
- linux 解除安裝jdk和安裝LinuxJDK
- 【推薦 - glibc安裝】MySQL - 安裝MySql
- linux下安裝snap安裝工具Linux
- [雲原生]Docker - 安裝&解除安裝Docker
- Ubuntu安裝和解除安裝mongodbUbuntuMongoDB
- window下安裝並使用nvm(含解除安裝node、解除安裝nvm、全域性安裝npm)NPM
- 安裝
- air安裝win10怎麼解除安裝_air安裝win10如何解除安裝AIWin10
- Centos Docker安裝、升級、解除安裝CentOSDocker
- Webpack學習 – Webpack安裝及安裝Web
- Linux-Ubuntu-mysql-安裝&解除安裝LinuxUbuntuMySql
- Centos7.9安裝解除安裝DockerCentOSDocker
- Centos7安裝安裝部署dockerCentOSDocker
- Linux系統安裝——Centos 7.6安裝LinuxCentOS
- PostgreSQL 10.12 安裝系列 - 原始碼安裝SQL原始碼
- PostgreSQL 10.12 安裝系列 - 本地RPM安裝SQL
- 【 Linux 軟體安裝 】- 1 JDK安裝LinuxJDK
- Python pip的安裝及解除安裝Python
- CentOS7安裝php、安裝MySqlCentOSPHPMySql