企业级私有仓库Harbor搭建

# 企业级私有仓库 Harbor

企业部署 Kuberetes 集群环境之后，我们就可以将原来在传统虚拟机上运行的业务，迁移到 kubernetes 上，让 Kubernetes 通过容器的方式来管理。而一旦我们需要将传统业务使用容器的方式运行起来，就需要构建很多镜像，那么这些镜像就需要有一个专门的位置存储起来，为我们提供镜像上传和镜像下载等功能。但我们不能使用阿里云或者 Dockerhub 等仓库，首先拉取速度比较慢，其次镜像的安全性无法保证，所以就需要部署一个私有的镜像仓库来管理这些容器镜像。同时该仓库还需要提供高可用功能，确保随时都能上传和下载可用的容器镜像。

# 1、关闭防火墙、Selinux、环境配置

	[root@harbor ~]# sudo mkdir -p /etc/docker
	[root@harbor ~]# hostnamectl set-hostname harbor
	[root@harbor ~]# systemctl stop firewalld
	[root@harbor ~]# systemctl disable firewalld
	[root@harbor ~]# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
	[root@harbor ~]# yum install net-tools vim tree lrzsz wget unzip dos2unix bash-completion lsof ntp ntpdate -y
	[root@harbor ~]# yum update -y
	[root@harbor ~]# mkdir /soft /data /scripts /backup

# 2、Docker 安装

	[root@harbor ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
	[root@harbor ~]# curl -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
	[root@harbor ~]# yum list docker-ce --showduplicates \|sort -r
	[root@harbor ~]# yum install docker-ce docker-compose -y

# 3、配置 Docker 加速

	[root@harbor ~]# sudo mkdir -p /etc/docker
	[root@harbor ~]# sudo tee /etc/docker/daemon.json <<-'EOF'
	{
	"registry-mirrors": [
	"https://docker.credclouds.com",
	"https://k8s.credclouds.com",
	"https://quay.credclouds.com",
	"https://gcr.credclouds.com",
	"https://k8s-gcr.credclouds.com",
	"https://ghcr.credclouds.com",
	"https://do.nark.eu.org",
	"https://docker.m.daocloud.io",
	"https://docker.nju.edu.cn",
	"https://docker.mirrors.sjtug.sjtu.edu.cn",
	"https://docker.1panel.live",
	"https://docker.rainbond.cc"
	],
	"exec-opts": ["native.cgroupdriver=systemd"]
	}
	EOF
	[root@harbor ~]# systemctl enable docker --now

# 4、安装 Harbor

	[root@harbor ~]# cd /soft/
	[root@harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.6.1/harbor-offline-installer-v2.6.1.tgz
	[root@harbor soft]# tar xf harbor-offline-installer-v2.6.1.tgz
	[root@harbor soft]# cd harbor
	[root@harbor harbor]# vim harbor.yml
	hostname: 192.168.1.134
	...
	#https:
	# # https port for harbor, default is 443
	# port: 443
	# # The path of cert and key files for nginx
	# certificate: /your/certificate/path
	# private_key: /your/private/key/path
	...
	harbor_admin_password: Harbor12345
	[root@harbor harbor]# ./install.sh

# 5、配置 Nginx 负载均衡调度

	[root@lb ~]# vim s.hmallleasing.com.conf
	server {
	listen 443 ssl;
	server_name harbor.hmallleasing.com;
	client_max_body_size 1G;
	ssl_prefer_server_ciphers on;
	ssl_certificate /etc/nginx/sslkey/_.hmallleasing.com_chain.crt;
	ssl_certificate_key /etc/nginx/sslkey/_.hmallleasing.com_key.key;
	location / {
	proxy_pass http://192.168.1.134;
	# include proxy_params;
	# proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	proxy_connect_timeout 30;
	proxy_send_timeout 60;
	proxy_read_timeout 60;

	proxy_buffering on;
	proxy_buffer_size 32k;
	proxy_buffers 4 128k;
	proxy_temp_file_write_size 10240k;
	proxy_max_temp_file_size 10240k;
	}
	}

	server {
	listen 80;
	server_name s.hmallleasing.com;
	return 302 https://$server_name$request_uri;
	}

# 6、推送镜像至 Harbor

	[root@harbor harbor]# docker tag beae173ccac6 harbor.hmallleasing.com/ops/busybox.v1
	[root@harbor harbor]# docker push harbor.hmallleasing.com/ops/busybox.v1
	[root@harbor harbor]# docker login harbor.hmallleasing.com
	[root@harbor harbor]# docker push harbor.hmallleasing.com/ops/busybox.v1

# 7、Harbor 停止与启动

	#停用 Harbor
	[root@harbor harbor]# pwd
	/soft/harbor
	[root@harbor harbor]# docker-compose stop
	#启动 Harbor
	[root@harbor harbor]# docker-compose up -d
	[root@harbor harbor]# docker-compose start