harbor私有倉庫與圖形管理界面portainer


1、harbor倉庫

  • 概述

  • 部署安裝條件

  • 部署harbor

    • 安裝docker和docker-compose
  • 配置https證書

    # 創建ca私鑰
    openssl genrsa -out ca.key 4096
    # 創建ca證書
    openssl req -x509 -new -nodes -sha512 -days 3650 \
     -subj "/C=CN/ST=Tianjin/L=Tianjin/O=example/OU=Personal/CN=unistack.com" \
     -key ca.key \
     -out ca.crt
    # 創建服務簽名
    openssl genrsa -out unistack.com.key 4096
    # 創建csr請求
    openssl req -sha512 -new \
        -subj "/C=CN/ST=Tianjin/L=Tianjin/O=example/OU=Personal/CN=unistack.com" \
        -key unistack.com.key \
        -out unistack.com.csr
    # 創建v3 extension file
    cat > v3.ext <<-EOF
    authorityKeyIdentifier=keyid,issuer
    basicConstraints=CA:FALSE
    keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
    extendedKeyUsage = serverAuth
    subjectAltName = @alt_names
    
    [alt_names]
    DNS.1=unistack.com
    DNS.2=unistack.harbor.com
    EOF
    # 使用v3.ext給服務證書簽名
    openssl x509 -req -sha512 -days 3650 \
        -extfile v3.ext \
        -CA ca.crt -CAkey ca.key -CAcreateserial \
        -in unistack.com.csr \
        -out unistack.com.crt
    # 向Harbor提供證書
    mkdir -p /data/cert
    cp unistack.com.csr /data/cert/
    cp unistack.com.crt /data/cert/
    # 向docker提供證書
    //生成docker用cert
    openssl x509 -inform PEM -in unistack.com.crt -out unistack.com.cert
    //創建unistack.com目錄
    cp yourdomain.com.cert /etc/docker/certs.d/unistack.com/
    cp yourdomain.com.key /etc/docker/certs.d/unistack.com/
    cp ca.crt /etc/docker/certs.d/unistack.com/
    //重啟docker
    systemctl restart docker
    
  • 安裝harbor

    # 上傳harbor離線包,解壓
    tar xf harbor-offline-installer-v2.3.2.tgz
    # 復制模板文件
    cp harbor.yml.tmpl harbor.yml
    # 修改harbor.yml
    //修改域名
    hostname: unistack.com
    //修改https證書路徑
      certificate: /data/cert/unistack.com.crt
      private_key: /data/cert/unistack.com.key
    //修改密碼
    harbor_admin_password: Harbor12345
    
  • docker客戶端添加可信任鏡像倉庫

    [root@node201 harbor]# vim /etc/docker/daemon.json 
    {
    "insecure-registries":["unistack"]
    }
    
  • 重啟docker

  • 登陸harbor倉庫

    [root@node201 harbor]# docker login reg.lynn.com
    Username: admin
    Password: 
    WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credentials-store
    
    Login Succeeded
    
  • 推送命令:

    # docker tag centos:7 reg.lynn.com/library/centos:7
    # docker push reg.lynn.com/library/centos:7
    # docker pull reg.lynn.com/library/centos:7
    
  • 配置主從

    img

    img

    img

    img

  • harbor維護

2、圖形化管理界面portainer

  • 部署

    # docker volume create portainer_data
    # docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
    
  • 管理遠程主機


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM