harbor 相关

1、安装 docker

curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

2、安装 docker-compose

curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

3、下载 harbor

https://github.com/goharbor/harbor

wget https://github.com/goharbor/harbor/releases/download/v2.0.0-rc2/harbor-offline-installer-v2.0.0-rc2.tgz

4、生成证书

1、生成私钥
openssl genrsa -out ca.key 4096
2、生成证书
openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Chengdu/L=Chengdu/O=example/OU=Personal/CN=local.com" \
 -key ca.key \
 -out ca.crt

5、生成 server 端证书

1、生私钥
openssl genrsa -out local.com.key 4096
2、生成证书请求文件
openssl req -sha512 -new \
    -subj "/C=CN/ST=Chengdu/L=Chengdu/O=example/OU=Personal/CN=local.com" \
    -key local.com.key \
    -out local.com.csr
3、生成 x509 v3
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=local.com
DNS.2=local
DNS.3=hostname
EOF
4、使用 v3.ext 文件生成 harbor 主机证书
openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in local.com.csr \
    -out local.com.crt
5、提供证书给harbor或docker
cp local.com.crt /data/cert/
cp local.com.key /data/cert/
6、转换 .crt 为 .cert, 以给 docker 使用
openssl x509 -inform PEM -in local.com.crt -out local.com.cert
7、创建文件和复制 server 端证书、key 、Ca文件到 harbor 主机上的 docker 的认证文件夹
mkdir -p /etc/docker/certs.d/local.com/
cp local.com.cert /etc/docker/certs.d/local.com/
cp local.com.key /etc/docker/certs.d/local.com/
cp ca.crt /etc/docker/certs.d/local.com/
8、重启 docker
systemctl restart docker

6、准备和配置 harbor配置文件

tar -zxvf harbor-offline-installer-v2.0.0-rc2.tgz
cd harbor/
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
hostname: local.com
https:
    certificate: /etc/docker/certs.d/local.com/local.com.cert
    private_key: /etc/docker/certs.d/local.com/local.com.key
data_volume: /data

将prepare中的镜像goharbor/prepare:v2.0.0 改为 goharbor/prepare:v2.0.0-dev

./prepare

7、部署harbor

./install.sh --with-chartmuseum

8、重装(如需执行)

docker-compose down -v
docker-compose up -d
./install.sh --with-chartmuseum

9、使用

一、docker image

1、将证书拷贝到需要使用harbor的主机
scp -r 127.0.0.1:/etc/docker/certs.d/local.com/ *.*.*.*:/etc/docker/certs.d/
2、编辑 /etc/docker/daemon.json
{
  "insecure-registries": ["local.com"],
}
3、重启 docker
systemctl restart docker
4、配置 hosts 文件
127.0.0.1 local.com
5、登录
docker login local.com
6、使用
for i in `docker images|egrep -v '9001|none|REPOSITORY'|awk '{print $1":"$2}'`;do docker tag $i "local.com/stx/"$i;done
for i in `docker images|grep local.com|awk '{print $1":"$2}'`;do docker push $i;done

二、chart

1、添加仓库
helm repo add --ca-file /etc/docker/certs.d/local.com/ca.crt --username=admin --password=qwe local https://local.com/chartrepo/k8s
2、push
helm push --ca-file /etc/docker/certs.d/local.com/ca.crt nginx-6.0.1.tgz local
helm push grafana-0.0.2.tgz test --username hl --password xxx
3、pull
helm pull local/nginx
4、安装
helm install --ca-file=ca.crt --username=admin --password=Passw0rd --version 6.0.1 local/nginx

10、忘记密码

1、运行harbor-db容器
docker exec -it harbor-db bash
2、进入数据库并选择表
psql -U postgres -d registry
3、查看用户信息
select * from harbor_user;
admin     |       | ce058f765a36af71a7c43d95710d6074 | system admin   | admin user     | f       |            | rdk5buqqqi975je9hcv6hv0040agvf3b | t             | 2020-07-01 09:48:17.048602 | 2020-07-01 09:48:20.272419 | sha256
4、更新密码(当前harbor版本v2.0.0)

密码修改后为admin/qwe

update harbor_user set salt='rdk5buqqqi975je9hcv6hv0040agvf3b', password='ce058f765a36af71a7c43d95710d6074' where user_id = 1;

可删除data/database内所有内容,重新部署,获取harbor_user表的相关字段

results matching ""

    No results matching ""