企业级私有仓库Harbor搭建

# 企业级私有仓库 Harbor

企业部署 Kuberetes 集群环境之后，我们就可以将原来在传统虚拟机上运行的业务，迁移到 kubernetes 上，让 Kubernetes 通过容器的方式来管理。而一旦我们需要将传统业务使用容器的方式运行起来，就需要构建很多镜像，那么这些镜像就需要有一个专门的位置存储起来，为我们提供镜像上传和镜像下载等功能。但我们不能使用阿里云或者 Dockerhub 等仓库，首先拉取速度比较慢，其次镜像的安全性无法保证，所以就需要部署一个私有的镜像仓库来管理这些容器镜像。同时该仓库还需要提供高可用功能，确保随时都能上传和下载可用的容器镜像。

# 1、关闭防火墙、Selinux、环境配置

[root@harbor ~]# sudo mkdir -p /etc/docker
[root@harbor ~]# hostnamectl set-hostname harbor
[root@harbor ~]# systemctl stop firewalld
[root@harbor ~]# systemctl disable firewalld
[root@harbor ~]# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
[root@harbor ~]# yum install net-tools vim tree lrzsz wget unzip dos2unix bash-completion  lsof ntp ntpdate -y
[root@harbor ~]# yum update -y
[root@harbor ~]# mkdir /soft /data /scripts /backup

# 2、Docker 安装

[root@harbor ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@harbor ~]# curl -o /etc/yum.repos.d/docker-ce.repo  https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@harbor ~]# yum list docker-ce --showduplicates |sort -r 
[root@harbor ~]# yum install docker-ce docker-compose -y

# 3、配置 Docker 加速

[root@harbor ~]# sudo mkdir -p /etc/docker
[root@harbor ~]# sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": [
	  "https://docker.credclouds.com",
	  "https://k8s.credclouds.com",
	  "https://quay.credclouds.com",
	  "https://gcr.credclouds.com",
	  "https://k8s-gcr.credclouds.com",
	  "https://ghcr.credclouds.com",
	  "https://do.nark.eu.org",
	  "https://docker.m.daocloud.io",
	  "https://docker.nju.edu.cn",
	  "https://docker.mirrors.sjtug.sjtu.edu.cn",
	  "https://docker.1panel.live",
	  "https://docker.rainbond.cc"
  ], 
  "exec-opts": ["native.cgroupdriver=systemd"] 
}
EOF
[root@harbor ~]# systemctl enable docker --now

# 4、安装 Harbor

[root@harbor ~]# cd /soft/
[root@harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.6.1/harbor-offline-installer-v2.6.1.tgz
[root@harbor soft]# tar xf harbor-offline-installer-v2.6.1.tgz
[root@harbor soft]# cd harbor
[root@harbor harbor]# vim harbor.yml
hostname: 192.168.1.134
...
#https:
#  # https port for harbor, default is 443
#  port: 443
#  # The path of cert and key files for nginx
#  certificate: /your/certificate/path
#  private_key: /your/private/key/path
...
harbor_admin_password: Harbor12345
[root@harbor harbor]#  ./install.sh

# 5、配置 Nginx 负载均衡调度

[root@lb ~]# vim s.hmallleasing.com.conf
server {
    listen 443 ssl;
    server_name harbor.hmallleasing.com;
    client_max_body_size 1G; 
    ssl_prefer_server_ciphers on;
    ssl_certificate  /etc/nginx/sslkey/_.hmallleasing.com_chain.crt;
    ssl_certificate_key  /etc/nginx/sslkey/_.hmallleasing.com_key.key;
    location / {
        proxy_pass http://192.168.1.134;
#      include proxy_params;
#        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        
        proxy_connect_timeout 30;
        proxy_send_timeout 60;
        proxy_read_timeout 60;
        
        proxy_buffering on;
        proxy_buffer_size 32k;
        proxy_buffers 4 128k;
        proxy_temp_file_write_size 10240k;		
        proxy_max_temp_file_size 10240k;
    }
}

server {
    listen 80;
    server_name s.hmallleasing.com;
    return 302 https://$server_name$request_uri;
}

# 6、推送镜像至 Harbor

[root@harbor harbor]# docker tag beae173ccac6 harbor.hmallleasing.com/ops/busybox.v1
[root@harbor harbor]# docker push harbor.hmallleasing.com/ops/busybox.v1
[root@harbor harbor]# docker login harbor.hmallleasing.com
[root@harbor harbor]# docker push harbor.hmallleasing.com/ops/busybox.v1

# 7、Harbor 停止与启动

#停用Harbor
[root@harbor harbor]# pwd
/soft/harbor
[root@harbor harbor]# docker-compose stop
 #启动Harbor
[root@harbor harbor]# docker-compose up -d
[root@harbor harbor]# docker-compose start