Centos7下Harbor私有镜像仓库部署

~]$ cd /etc/yum.repos.d/ && wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo &&
~]$ yum install -y docker-ce && systemctl enable docker && systemctl start docker

## 配置镜像加速器
~]$ cat > /etc/docker/daemon.json << EOF
{
	"registry-mirrors": ["https://ub816mdv.mirror.aliyuncs.com"],
	"log-driver": "json-file",
	"log-opts": {
	  "max-size": "100m"
	},
	"insecure-registries": ["hub.nnv5.cn"]
}
EOF

## 重启docker服务
~]$ systemctl  daemon-reload && systemctl restart docker

## 修改hosts解析文件
]# cat >> /etc/hosts <<EOF
192.168.1.252 hub.nnv5.cn
192.168.1.41 k8s-master.nnv5.cn
192.168.1.42 k8s-node01.nnv5.cn
192.168.1.43 k8s-node02.nnv5.cn
EOF

## 安装依赖
/]$ yum install -y docker-compose

## 下载HarBor离线安装包
/]$ wget https://github.com/goharbor/harbor/releases/download/v1.10.3/harbor-offline-installer-v1.10.3.tgz

## 解压harbor离线安装包
/]$ tar xzvf harbor-offline-installer-v1.10.3.tgz  -C /data/
/]$ cd /data/harbor/

## 修改harbor配置文件
]$ vim harbor.yml
------------------------------------------------------------------------
hostname: hub.nnv5.cn
http:
  port: 80
https:
  port: 443
  certificate: /data/harbor/cert/server.crt
  private_key: /data/harbor/cert/server.key
harbor_admin_password: Harbor12345
database:
  password: root123
  max_idle_conns: 50
  max_open_conns: 100
data_volume: /data/harbor/data
clair:
  updaters_interval: 12
jobservice:
  max_job_workers: 10
notification:
  webhook_job_max_retry: 10
chart:
  absolute_url: disabled
log:
  level: info
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /var/log/harbor
_version: 1.10.0
proxy:
  http_proxy:
  https_proxy:
  no_proxy:
  components:
    - core
    - jobservice
    - clair

## 创建harbor证书以及持久化目录
/]$ mkdir -p /data/harbor/{data,cert}

## 创建私有证书
/]$ cd /data/harbor/cert/

## 生成私钥
/]$ openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
...............................................................+++
......+++
e is 65537 (0x10001)
Enter pass phrase for server.key:				123456
Verifying - Enter pass phrase for server.key:	 123456


## 创建证书请求CSR
/]$ openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
...............................................................+++
......+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@Centos7 cert]# openssl  req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN					# 国家名
State or Province Name (full name) []:ShangHai			 # 省份
Locality Name (eg, city) [Default City]:ShangHai		 # 市
Organization Name (eg, company) [Default Company Ltd]:nnv5.cn	# 组织
Organizational Unit Name (eg, section) []:nnv5.cn			   # 机构
Common Name (eg, your name or your server's hostname) []:hub.nnv5.cn	# 完全合格域名
Email Address []:admin@nnv5.cn							# 管理员邮箱

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:							# 是否改密码直接回车
An optional company name []:						# 是否改密码直接回车


## 备份私钥
/]$ cp server.key  server.key.org

## 去除私钥密码
/]$ openssl rsa -in server.key.org  -out server.key
Enter pass phrase for server.key.org:	123456			# 前面设置的私钥密码			
writing RSA key	

## 将证书签名
/]$ openssl  x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=ShangHai/L=ShangHai/O=nnv5.cn/OU=nnv5.cn/CN=hub.nnv5.cn/emailAddress=admin@nnv5.cn
Getting Private key

## 将证书赋予执行权限
/]$ chmod +x server.*

/]$ cd /data/harbor/
/]$ ./install.sh

[Step 0]: checking if docker is installed ...

Note: docker version: 19.03.11

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.18.0

[Step 2]: loading Harbor images ...

## 等待HarBor镜像导入成功
Creating harbor-log ... done
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

Creating redis ... done
Creating harbor-core ... done
Creating network "harbor_harbor" with the default driver
Creating nginx ... done
Creating registryctl ... 
Creating registry ... 
Creating harbor-portal ... 
Creating harbor-db ... 
Creating redis ... 
Creating harbor-core ... 
Creating nginx ... 
Creating harbor-jobservice ... 
✔ ----Harbor has been installed and started successfully.----				#  安装成功

## 查看是否安装成功
/]$ docker-compose  ps 
      Name                     Command               State                      Ports                   
--------------------------------------------------------------------------------------------------------
harbor-core         /harbor/harbor_core              Up                                                 
harbor-db           /docker-entrypoint.sh            Up      5432/tcp                                   
harbor-jobservice   /harbor/harbor_jobservice  ...   Up                                                 
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up      127.0.0.1:1514->10514/tcp                  
harbor-portal       nginx -g daemon off;             Up      8080/tcp                                   
nginx               nginx -g daemon off;             Up      0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp
redis               redis-server /etc/redis.conf     Up      6379/tcp                                   
registry            /home/harbor/entrypoint.sh       Up      5000/tcp                                   
registryctl         /home/harbor/start.sh            Up       


## harbor服务常用命令
/]$ docker-compose ps
/]$ docker-compose stop
/]$ docker-compose up -d

## 浏览器访问
访问验证：https://192.168.1.252			默认账号：admin		Harbor12345