docker-compose部署harbor

docker安装

curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
centos8如果安装报错 yum erase podman buildah
yum -y install docker-ce

安装docker-compose

curl -L https://github.com/docker/compose/releases/download/1.21.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

## 赋予执行权限

chmod +x /usr/local/bin/docker-compose

## 查看安装成功了没

docker-compose --version

# 离线形式安装harbor私有镜像仓库

## 创建目录及下载harbor离线包
mkdir /data && cd /data
wget https://github.com/goharbor/harbor/releases/download/v2.2.0/harbor-offline-installer-v2.2.0.tgz
tar xf harbor-offline-installer-v2.2.0.tgz && rm harbor-offline-installer-v2.2.0.tgz

## 修改harbor配置
cd harbor
cp harbor.yml.tmpl harbor.yml
    5 hostname: harbor.boge.com
    17   certificate: /data/harbor/ssl/tls.cert
    18   private_key: /data/harbor/ssl/tls.key
    34 harbor_admin_password: boge666

## 创建harbor访问域名证书
mkdir /data/harbor/ssl && cd /data/harbor/ssl
openssl genrsa -out tls.key 2048
openssl req -new -x509 -key tls.key -out tls.cert -days 360 -subj /CN=*.boge.com

## 准备好单机编排工具`docker-compose`
> 从二进制安装k8s项目的bin目录拷贝过来
scp /etc/kubeasz/bin/docker-compose 10.0.1.204:/usr/bin/

> 也可以在docker官方进行下载
https://docs.docker.com/compose/install/

## 开始安装
./install.sh

## 推送镜像到harbor
echo '10.0.1.204 harbor.boge.com' >> /etc/hosts   #每个节点都要加
docker tag nginx:latest  harbor.boge.com/library/nginx:latest  #打tag 把已有的镜像改成自己仓库的
docker push harbor.boge.com/library/nginx:1.18.0-alpine
需要先登录
docker login harbor.boge.com
cat ~/.docker/config.json  ##查看能看到密码
echo YWRtaW46SGFyYm9yMTIzNDU=|base64 -d  
docker logout harbor.boge.com  ###要退出

## 在其他节点上面拉取harbor镜像
> 在集群每个 node 节点进行如下配置
> ssh to 10.0.1.201(centos7)

mkdir -p /etc/docker/certs.d/harbor.boge.com
scp 10.0.1.204:/data/harbor/ssl/tls.cert /etc/docker/certs.d/harbor.boge.com/ca.crt
docker pull harbor.boge.com/library/nginx:latest

## 重启harbor
docker-compose down -v
docker-compose up -d
docker ps|grep harbor

## 附（引用自 https://github.com/easzlab/kubeasz）：
containerd配置信任harbor证书
在集群每个 node 节点进行如下配置（假设ca.pem为自建harbor的CA证书）

ubuntu 1604:
cp ca.pem /usr/share/ca-certificates/harbor-ca.crt
echo harbor-ca.crt >> /etc/ca-certificates.conf
update-ca-certificates

CentOS 7:
cp ca.pem /etc/pki/ca-trust/source/anchors/harbor-ca.crt
update-ca-trust
上述配置完成后，重启 containerd 即可 systemctl restart containerd