Written before the article: The machines used in this article are all virtual machine CentOS-7-x86_64-Minimal-2009 images.
infrastructure requirements
The configuration of the virtual machine can meet the minimum requirements. In this system, docker 24.0.4 and docker-compose 1.29.2 are used. For the installation of docker and docker-compose, please refer to the previous article Microservices & Cloud Native: Basic Preparations in Building a K8S Cluster .
Download Harbor
There are two official installation methods: Online (Online installer) and Offline (Offline installer). It is recommended to install the offline installation package here. Select the corresponding version at https://github.com/goharbor/harbor/tags to download. Here I choose v2 .8.3 version, namely harbor-offline-installer-v2.8.3.tgz.
# 下载
wget -c https://github.com/goharbor/harbor/releases/download/v2.8.3/harbor-offline-installer-v2.8.3.tgz
# 解压
tar xzvf harbor-offline-installer-v2.8.3.tgz
You can see the list of decompressed files:
Generate CA certificate
Add local domain name ip mapping, the ip address of the machine where I installed harbor is 192.168.65.134
vim /etc/hosts
# 添加 ip 与自定义域名映射,域名可以随便设置
192.168.65.134 harbor.kubemanagement.com
Create a new certs folder:
mkdir certs
Generate CA
# 1.
cd certs
openssl genrsa -out ca.key 4096
# 2. 注意这里域名用上面设置的,比如 harbor.kubemanagement.com
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.kubemanagement.com" \
-key ca.key \
-out ca.crt
# 3.
openssl genrsa -out harbor.kubemanagement.com.key 4096
# 4.
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.kubemanagement.com.com" \
-key harbor.kubemanagement.com.key \
-out harbor.kubemanagement.com.csr
# 5.
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.kubemanagement.com
DNS.2=yourdomain
DNS.3=hostname
EOF
# 6.
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in harbor.kubemanagement.com.csr \
-out harbor.kubemanagement.com.crt
# 7.
mkdir -p /data/cert/
cp harbor.kubemanagement.com.crt /data/cert/
cp harbor.kubemanagement.com.key /data/cert/
# 8.
openssl x509 -inform PEM -in harbor.kubemanagement.com.crt -out harbor.kubemanagement.com.cert
# 9.
mkdir -p /etc/docker/certs.d/harbor.kubemanagement.com/
cp harbor.kubemanagement.com.cert /etc/docker/certs.d/harbor.kubemanagement.com/
cp harbor.kubemanagement.com.key /etc/docker/certs.d/harbor.kubemanagement.com/
cp ca.crt /etc/docker/certs.d/harbor.kubemanagement.com/
# 10.
systemctl restart docker
Configure and install Harbor
# 进入解压目录,如果目录里有 harbor.yml 就直接修改,我这里只有 harbor.yml.tmpl
cd harbor
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
Mainly pay attention to the following points, which are the custom domain name, the location where the CA is saved, and the default login password:
run the install script directly after modification:
./install.sh
Prompt after successful installation:
Use docker-compose to check the running status:
docker-compose ps
If there is no problem, all are in the healthy state.
test
Entering the domain name or ip in the browser has the following interface, the default user name is admin, and the password is set in the harbor.yml file:
After logging in to the system, create a new private project kubemanagment:
At this point, you can test uploading the image, first (must) log in to docker:
docker login harbor.kubemanagement.com
According to the requirements of Harbor, mark the image and push it:
Here we simply take the busybox image as an example
# 1. 拉取 busybox 镜像
docker pull busybox
# 2. tag
docker tag busy:latest harbor.kubemanagement.com/kubemanagment/busybox:latest
# 3. push
docker push harbor.kubemanagement.com/kubemanagment/busybox:latest
At this point, you can see on the web page that kubemanagment/busybox already exists:
here, the basic installation and configuration of Harbor is complete.
As for the kubemanagment/mysql above, the harbor push is tested in the k8s cluster environment. The specific process is as follows:
The basic k8s cluster environment is microservice & cloud-native: to build a K8S cluster , for simplicity, only one master node and one worker node are included here. The master node ip information is as follows:
ip: 192.168.65.130
Add a mapping to the hosts of the master:
vim /etc/hosts
192.168.65.134 harbor.kubemanagement.com
In order to push the image on the master node, docker login harbor.kubemanagement.comit is not possible to log in directly, and an error will be reported:
the CA information on the machine where harbor is located needs to be copied to the master node:
# 在 master主机上
cd /etc/docker/
# 192.168.65.134 为 harbor 所在主机
scp -r [email protected]:/etc/docker/certs.d .
Then restart docker:
systemctl restart docker
then
# 这里的 mysql:8.0.23 是我 master 节点中以前就 pull 好的镜像
docker login harbor.kubemanagement.com
docker tag mysql:8.0.23 harbor.kubemanagement.com/kubemanagment/mysql:8.0.23
docker push harbor.kubemanagement.com/kubemanagment/mysql:8.0.23
