使用Harbor搭建Docker私有仓库

ip:192.168.0.145

环境设置
防火墙，selinux等，可以使用本章开头的那个shell脚本

其他主机的hosts文件也都添加上
ip hub.aaa.com

windows系统的hosts也修改

安装docker,启动，开机启动
其他主机也都加上这个

vim /etc/docker/daemon.json

{
    "exec-opts": ["native.cgroupdriver=systemd"],
    "log-driver": "json-file",
    "log-opts": {
        "max-size": "100m"
    },
    "insecure-registries": ["https://hub.aaa.com"] # 仓库地址
}

添加后重启docker

下载配置docker-compose
官方地址：https://docs.docker.com/compose/install/

sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version

下载harbor软件
官方地址:https://github.com/goharbor/harbor/releases
官方说明文档：https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
证书文档：https://github.com/goharbor/harbor/blob/master/docs/configure_https.md

wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.0.tgz
tar -zxv -f harbor-offline-installer-v1.9.0.tgz -C /usr/local/
cd /usr/local/harbor
vim harbor.yml

# 可以使用80端口或443端口
hostname: hub.aaa.com
https:
   port: 443
   certificate: /usr/local/harbor/cert
   private_key: /usr/local/harbor/cert
# 其余保持默认
# 创建上述俩目录
mkdir -p /usr/local/harbor/cert/

# 创建整数
cd /usr/local/harbor/cert
openssl genrsa -out ca.key 4096

# 这一步注意域名，其他信息比如地区城市等可以酌情修改
openssl req -x509 -new -nodes -sha512 -days 3650     -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=hub.aaa.com"     -key ca.key     -out ca.crt

openssl genrsa -out hub.aaa.com.key 4096

openssl req -sha512 -new     -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=hub.aaa.com"     -key hub.aaa.com.key     -out hub.aaa.com.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=hub.aaa.com
EOF

openssl x509 -req -sha512 -days 3650     -extfile v3.ext     -CA ca.crt -CAkey ca.key -CAcreateserial     -in hub.aaa.com.csr     -out hub.aaa.com.crt

chmod a+x *

# 再次编辑配置文件，配置上证书
vim /usr/local/harbor/harbor.yml

   certificate: /usr/local/harbor/cert/hub.aaa.com.crt
   private_key: /usr/local/harbor/cert/hub.aaa.com.key

# 校验
cd /usr/local/harbo
./prepare

# 安装
./install.sh

# 安装之后的提示
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis         ... done
Creating registry      ... done
Creating harbor-portal ... done
Creating harbor-db     ... done
Creating registryctl   ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done

? ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://hub.aaa.com.
For more details, please visit https://github.com/goharbor/harbor .

# 查看
docker ps -a

# 打开浏览器访问https://hub.aaa.com
# 用户名：admin
# 密码：Harbor12345
# 可以在harbor.yml文件中查看修改

# 其他K8S节点登陆验证
docker login https://hub.aaa.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

# 退出登陆
docker logout https://hub.aaa.com

测试

# 其他节点主机下载镜像推送到仓库,使用的是一个测试的镜像
docker pull wangyanglinux/myapp:v1

# web页面，项目，library,镜像仓库，右上角有一个推送镜像：
# 在项目中标记镜像：docker tag SOURCE_IMAGE[:TAG] hub.aaa.com/library/IMAGE[:TAG]
# 推送镜像到当前项目：docker push hub.aaa.com/library/IMAGE[:TAG]

# 给镜像重新打标签
docker tag wangyanglinux/myapp:v1 hub.aaa.com/library/myapp:v1

# 需要先登陆，然后才能push
docker push hub.aaa.com/library/myapp:v1

# 此时在web界面就可以查看到推送过来的镜像

原文地址：https://www.cnblogs.com/sanduzxcvbnm/p/11636827.html