版权声明:文章转发需标明文章出处地址及作者 https://blog.csdn.net/weixin_44267608/article/details/89576047
环境准备:
添加硬盘,作为镜像的存储单元
cd /kubernetes
tar -zxf harbor-offline-installer-v1.4.0.tgz
之后将解压出的harbor移动至/opt
cd /opt
mv /root/kubernetes/harbor ./
mkdir /date/
挂载
mount /dev/sdb /date
cd /date
mkdir harbor
cd /opt/harbor
编辑配置文件
vim harbor.cfg 修改以下选项
hostname = reg.yunwei.edu
ui_url_protocol = https
ssl_cert = /data/harbor/cert/harbor.crt
ssl_cert_key = /data/harbor/cert/harbor.key
secretkey_path = /data/harbor
harbor_admin_password = admin
修改配置文件
vim docker-compose.clair.yml 修改以下参数在volumes中
/data/harbor/clair-db:/var/lib/postgresql/data:z
修改配置文件
vim docker-compose.notary.yml 修改以下参数在volumes中
/data/harbor/notary-db:/var/lib/mysql:z
修改配置文件
vim docker-compose.yml 修改以下参数在volumes中
/data/harbor/:/var/log/docker/:z
/data/harbor/registry:/storage:z
/data/harbor/database:/var/lib/mysql:z
/data/harbor/config/:/etc/adminserver/config/:z
/data/harbor/secretkey:/etc/adminserver/key:z
/data/harbor/:/data/:z
/data/harbor/secretkey:/etc/ui/key:z
/data/harbor/ca_download/:/etc/ui/ca/:z
/data/harbor/psc/:/etc/ui/token/:z
/data/harbor/job_logs:/var/log/jobs:z
/data/harbor/secretkey:/etc/jobservice/key:z
进入/root/kubernetes目录
cd /root/kubernetes
解压
tar -zxf ca.tar.gz
mv ca /date/harbor/cert
ca证书名称,必须与实际文件同名
cd /opt/harbor/
vim harbor.cfg 修改以下选项
ssl_cert = /date/harbor/cert/harbor.crt
ssl_cert_key = /date/harbor/cert/harbor.key
执行脚本
sh install.sh
为每个节点设置登录harbor私有镜像仓库
mkdir -p /etc/docker/certs.d/reg.yunwei.edu/
cd /etc/docker/certs.d/reg.yunwei.edu/
将harbor的ca证书中的ca.crt拷贝到/etc/docker目录下
cp /date/harbor/cert/ca.crt /etc/docker/certs.d/reg.yunwei.edu/
将harbor节点的ca.crt文件,分发给各节点的/etc/docker/certs.d/reg.yunwei.edu/下
scp /etc/docker/certs.d/reg.yunwei.edu/ca.crt chen1:/etc/docker/certs.d/reg.yunwei.edu/
scp /etc/docker/certs.d/reg.yunwei.edu/ca.crt chen2:/etc/docker/certs.d/reg.yunwei.edu/
scp /etc/docker/certs.d/reg.yunwei.edu/ca.crt chen3:/etc/docker/certs.d/reg.yunwei.edu/
验证
命令行:各节点登陆镜像库地址后,输入用户名/密码(admin/admin)后出现 Login Succeeded
docker login reg.yunwei.edu
web浏览器:浏览器输入部署节点ip
上传镜像
将本地images重新打tag
docker tag itsthenetwork/nfs-server-alpine:latest reg.yunwei.edu/learn/nfs-server-alpine:latest
上传镜像
docker push reg.yunwei.edu/learn/nfs-server-alpine:latest