下載Harborv1.8.1 下載在線包 wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-online-installer-v1.8.1.tgz 因爲文件使用的谷歌雲,可能要使用特殊的手段才能下載 下面是幾個文件內容
主要修改地方 hostname: docker.test.com 開啓https https: port: 443 certificate: /apps/registrs/cert/docker.test.com.crt private_key: /apps/registrs/cert/docker.test.com.key 證書存儲地址 data_volume: /apps/registrs 修改爲本身服務器存儲地址 vi harbor.yml # Configuration file of Harbor # The IP address or hostname to access admin UI and registry service. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname: docker.test.com # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 80 # https related config https: # # https port for harbor, default is 443 port: 443 # # The path of cert and key files for nginx certificate: /apps/registrs/cert/docker.test.com.crt private_key: /apps/registrs/cert/docker.test.com.key # Uncomment external_url if you want to enable external proxy # And when it enabled the hostname will no longer used # external_url: https://reg.mydomain.com:8433 # The initial password of Harbor admin # It only works in first time to install harbor # Remember Change the admin password from UI after launching Harbor. harbor_admin_password: Harbor12345 # Harbor DB configuration database: # The password for the root user of Harbor DB. Change this before any production use. password: root123 # The default data volume data_volume: /apps/registrs # Harbor Storage settings by default is using /data dir on local filesystem # Uncomment storage_service setting If you want to using external storage # storage_service: # # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore # # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. # ca_bundle: # # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss # # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ # filesystem: # maxthreads: 100 # # set disable to true when you want to disable registry redirect # redirect: # disabled: false # Clair configuration clair: # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. updaters_interval: 12 # Config http proxy for Clair, e.g. http://my.proxy.com:3128 # Clair doesn't need to connect to harbor internal components via http proxy. http_proxy: https_proxy: no_proxy: 127.0.0.1,localhost,core,registry jobservice: # Maximum number of job workers in job service max_job_workers: 10 chart: # Change the value of absolute_url to enabled can enable absolute url in chart absolute_url: disabled # Log configurations log: # options are debug, info, warning, error, fatal level: info # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. rotate_count: 50 # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G # are all valid. rotate_size: 200M # The directory on your host that store log location: /var/log/harbor #This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! _version: 1.8.0 # Uncomment external_database if using external database. # external_database: # harbor: # host: harbor_db_host # port: harbor_db_port # db_name: harbor_db_name # username: harbor_db_username # password: harbor_db_password # ssl_mode: disable # clair: # host: clair_db_host # port: clair_db_port # db_name: clair_db_name # username: clair_db_username # password: clair_db_password # ssl_mode: disable # notary_signer: # host: notary_signer_db_host # port: notary_signer_db_port # db_name: notary_signer_db_name # username: notary_signer_db_username # password: notary_signer_db_password # ssl_mode: disable # notary_server: # host: notary_server_db_host # port: notary_server_db_port # db_name: notary_server_db_name # username: notary_server_db_username # password: notary_server_db_password # ssl_mode: disable # Uncomment external_redis if using external Redis server # external_redis: # host: redis # port: 6379 # password: # # db_index 0 is for core, it's unchangeable # registry_db_index: 1 # jobservice_db_index: 2 # chartmuseum_db_index: 3 # Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. # uaa: # ca_file: /path/to/ca
prepare 文件 不作修改mysql
vi prepare #!/bin/bash set +e # If compling source code this dir is harbor's make dir # If install harbor via pacakge, this dir is harbor's root dir if [[ -n "$HARBOR_BUNDLE_DIR" ]]; then harbor_prepare_path=$HARBOR_BUNDLE_DIR else harbor_prepare_path="$( cd "$(dirname "$0")" ; pwd -P )" fi echo "prepare base dir is set to ${harbor_prepare_path}" data_path=$(grep '^[^#]*data_volume:' ${harbor_prepare_path}/harbor.yml | awk '{print $NF}') # If previous secretkeys exist, move it to new location previous_secretkey_path=/data/secretkey previous_defaultalias_path=/data/defaultalias if [ -f $previous_secretkey_path ]; then mkdir -p $data_path/secret/keys mv $previous_secretkey_path $data_path/secret/keys fi if [ -f $previous_defaultalias_path ]; then mkdir -p $data_path/secret/keys mv $previous_defaultalias_path $data_path/secret/keys fi # Clean up input dir rm -rf ${harbor_prepare_path}/input # Create a input dirs mkdir -p ${harbor_prepare_path}/input input_dir=${harbor_prepare_path}/input set -e # Copy harbor.yml to input dir if [[ ! "$1" =~ ^\-\- ]] && [ -f "$1" ] then cp $1 $input_dir/harbor.yml else cp ${harbor_prepare_path}/harbor.yml $input_dir/harbor.yml fi # Create secret dir secret_dir=${data_path}/secret config_dir=$harbor_prepare_path/common/config # Run prepare script docker run --rm -v $input_dir:/input \ -v $harbor_prepare_path:/compose_location \ -v $config_dir:/config \ -v $secret_dir:/secret \ goharbor/prepare:v1.8.1 $@ echo "Clean up the input dir" # Clean up input dir rm -rf ${harbor_prepare_path}/input
install.sh 文件也不作任何修改linux
vi install.sh #!/bin/bash set +e set -o noglob # # Set Colors # bold=$(tput bold) underline=$(tput sgr 0 1) reset=$(tput sgr0) red=$(tput setaf 1) green=$(tput setaf 76) white=$(tput setaf 7) tan=$(tput setaf 202) blue=$(tput setaf 25) # # Headers and Logging # underline() { printf "${underline}${bold}%s${reset}\n" "$@" } h1() { printf "\n${underline}${bold}${blue}%s${reset}\n" "$@" } h2() { printf "\n${underline}${bold}${white}%s${reset}\n" "$@" } debug() { printf "${white}%s${reset}\n" "$@" } info() { printf "${white}➜ %s${reset}\n" "$@" } success() { printf "${green}✔ %s${reset}\n" "$@" } error() { printf "${red}✖ %s${reset}\n" "$@" } warn() { printf "${tan}➜ %s${reset}\n" "$@" } bold() { printf "${bold}%s${reset}\n" "$@" } note() { printf "\n${underline}${bold}${blue}Note:${reset} ${blue}%s${reset}\n" "$@" } set -e set +o noglob usage=$'Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients. Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https. Please set --with-clair if needs enable Clair in Harbor Please set --with-chartmuseum if needs enable Chartmuseum in Harbor' item=0 # notary is not enabled by default with_notary=$false # clair is not enabled by default with_clair=$false # chartmuseum is not enabled by default with_chartmuseum=$false while [ $# -gt 0 ]; do case $1 in --help) note "$usage" exit 0;; --with-notary) with_notary=true;; --with-clair) with_clair=true;; --with-chartmuseum) with_chartmuseum=true;; *) note "$usage" exit 1;; esac shift || true done workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" cd $workdir # The hostname in harbor.yml has not been modified if grep '^[[:blank:]]*hostname: reg.mydomain.com' &> /dev/null harbor.yml then warn "$usage" exit 1 fi function check_docker { if ! docker --version &> /dev/null then error "Need to install docker(17.06.0+) first and run this script again." exit 1 fi # docker has been installed and check its version if [[ $(docker --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]] then docker_version=${BASH_REMATCH[1]} docker_version_part1=${BASH_REMATCH[2]} docker_version_part2=${BASH_REMATCH[3]} # the version of docker does not meet the requirement if [ "$docker_version_part1" -lt 17 ] || ([ "$docker_version_part1" -eq 17 ] && [ "$docker_version_part2" -lt 6 ]) then error "Need to upgrade docker package to 17.06.0+." exit 1 else note "docker version: $docker_version" fi else error "Failed to parse docker version." exit 1 fi } function check_dockercompose { if ! docker-compose --version &> /dev/null then error "Need to install docker-compose(1.18.0+) by yourself first and run this script again." exit 1 fi # docker-compose has been installed, check its version if [[ $(docker-compose --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]] then docker_compose_version=${BASH_REMATCH[1]} docker_compose_version_part1=${BASH_REMATCH[2]} docker_compose_version_part2=${BASH_REMATCH[3]} # the version of docker-compose does not meet the requirement if [ "$docker_compose_version_part1" -lt 1 ] || ([ "$docker_compose_version_part1" -eq 1 ] && [ "$docker_compose_version_part2" -lt 18 ]) then error "Need to upgrade docker-compose package to 1.18.0+." exit 1 else note "docker-compose version: $docker_compose_version" fi else error "Failed to parse docker-compose version." exit 1 fi } h2 "[Step $item]: checking installation environment ..."; let item+=1 check_docker check_dockercompose if [ -f harbor*.tar.gz ] then h2 "[Step $item]: loading Harbor images ..."; let item+=1 docker load -i ./harbor*.tar.gz fi echo "" h2 "[Step $item]: preparing environment ..."; let item+=1 if [ -n "$host" ] then sed "s/^hostname: .*/hostname: $host/g" -i ./harbor.yml fi prepare_para= if [ $with_notary ] then prepare_para="${prepare_para} --with-notary" fi if [ $with_clair ] then prepare_para="${prepare_para} --with-clair" fi if [ $with_chartmuseum ] then prepare_para="${prepare_para} --with-chartmuseum" fi ./prepare $prepare_para echo "" if [ -n "$(docker-compose ps -q)" ] then note "stopping existing Harbor instance ..." docker-compose down -v fi echo "" h2 "[Step $item]: starting Harbor ..." docker-compose up -d protocol=http hostname=reg.mydomain.com if [ -n "$(grep '^[^#]*https:' ./harbor.yml)" ] then protocol=https fi if [[ $(grep '^[[:blank:]]*hostname:' ./harbor.yml) =~ hostname:[[:blank:]]*(.*) ]] then hostname=${BASH_REMATCH[1]} fi echo "" success $"----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at ${protocol}://${hostname}. For more details, please visit https://github.com/goharbor/harbor . "
### 卸載舊docker yum remove docker-ce 修改docker 源 阿里雲 cat > /etc/yum.repos.d/docker-ce.repo << EOF [docker-ce-stable] name=Docker CE Stable - \$basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/stable enabled=1 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-stable-debuginfo] name=Docker CE Stable - Debuginfo \$basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-\$basearch/stable enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-stable-source] name=Docker CE Stable - Sources baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/stable enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-edge] name=Docker CE Edge - \$basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/edge enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-edge-debuginfo] name=Docker CE Edge - Debuginfo \$basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-\$basearch/edge enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-edge-source] name=Docker CE Edge - Sources baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/edge enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-test] name=Docker CE Test - \$basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/test enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-test-debuginfo] name=Docker CE Test - Debuginfo \$basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-\$basearch/test enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-test-source] name=Docker CE Test - Sources baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/test enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-nightly] name=Docker CE Nightly - \$basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/nightly enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-nightly-debuginfo] name=Docker CE Nightly - Debuginfo \$basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-\$basearch/nightly enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-nightly-source] name=Docker CE Nightly - Sources baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/nightly enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg EOF ### 安裝新版docker yum install docker-ce -y ### 修改docker 啓動文件 vim /usr/lib/systemd/system/docker.service 添加 /usr/bin/dockerd -H fd:// --graph /apps/docker -H unix:///var/run/docker.sock --max-concurrent-downloads=20 systemctl daemon-reload systemctl restart docker systemctl enable docker
curl -L https://github.com/docker/compose/releases/download/1.24.0/docker-compose-`uname -s`-`uname -m` -o /usr/bin/docker-compose chmod +x /usr/bin/docker-compose
給予 install.sh prepare 可 執行權限 chmod +x install.sh prepare 執行 install.sh 安裝harbor ./install.sh --with-notary --with-clair --with-chartmuseum 若是中途拉容器很慢能夠結束再次執行直到拉取完畢 記得準備nginx 支持的域名證書
docker ps [root@ceph-2-220 harbor]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 15e1c335701f goharbor/nginx-photon:v1.8.1 "nginx -g 'daemon of…" 16 hours ago Up 16 hours (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx dbc4bc680006 goharbor/harbor-portal:v1.8.1 "nginx -g 'daemon of…" 16 hours ago Up 16 hours (healthy) 80/tcp harbor-portal f84585de038d goharbor/harbor-jobservice:v1.8.1 "/harbor/start.sh" 16 hours ago Up 16 hours harbor-jobservice f13bb671d1d0 goharbor/notary-server-photon:v0.6.1-v1.8.1 "/bin/server-start.sh" 16 hours ago Up 16 hours notary-server 5563dd968c54 goharbor/chartmuseum-photon:v0.8.1-v1.8.1 "/docker-entrypoint.…" 16 hours ago Up 16 hours (healthy) 9999/tcp chartmuseum 08f93f9a8f21 goharbor/harbor-core:v1.8.1 "/harbor/start.sh" 16 hours ago Up 16 hours (healthy) harbor-core 70d266d7bf26 goharbor/notary-signer-photon:v0.6.1-v1.8.1 "/bin/signer-start.sh" 16 hours ago Up 16 hours notary-signer 32bb83505406 goharbor/clair-photon:v2.0.8-v1.8.1 "/docker-entrypoint.…" 16 hours ago Up 16 hours (healthy) 6060-6061/tcp clair f549a00846aa goharbor/harbor-db:v1.8.1 "/entrypoint.sh post…" 16 hours ago Up 16 hours (healthy) 5432/tcp harbor-db cf3146e0ce9b goharbor/redis-photon:v1.8.1 "docker-entrypoint.s…" 16 hours ago Up 16 hours 6379/tcp redis 569652aa4da7 goharbor/registry-photon:v2.7.1-patch-2819-v1.8.1 "/entrypoint.sh /etc…" 16 hours ago Up 16 hours (healthy) 5000/tcp registry 0be5e4aaa3d3 goharbor/harbor-registryctl:v1.8.1 "/harbor/start.sh" 16 hours ago Up 16 hours (healthy) registryctl 3bef982a3f39 goharbor/harbor-log:v1.8.1 "/bin/sh -c /usr/loc…" 16 hours ago Up 16 hours (healthy) 127.0.0.1:1514->10514/tcp harbor-log [root@ceph-2-220 harbor]# netstat -tnlp| grep docker-prox tcp 0 0 127.0.0.1:1514 0.0.0.0:* LISTEN 2576614/docker-prox tcp6 0 0 :::80 :::* LISTEN 2579058/docker-prox tcp6 0 0 :::443 :::* LISTEN 2579043/docker-prox tcp6 0 0 :::4443 :::* LISTEN 2579017/docker-prox https://域名
### 測試 docker 倉庫是否正常 [root@ceph-2-220 harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE goharbor/chartmuseum-photon v0.8.1-v1.8.1 ef41a1168648 10 days ago 113MB docker tag goharbor/chartmuseum-photon:v0.8.1-v1.8.1 域名/library/chartmuseum-photon:v0.8.1-v1.8.1 library 項目名稱必須有 docker login 域名 ## 輸入帳號密碼 docker push 域名/library/chartmuseum-photon:v0.8.1-v1.8.1
打開web 頁面查看是否上傳成功nginx
在其它任何服務器 docker login 域名 docker pull 域名/library/chartmuseum-photon:v0.8.1-v1.8.1 若是正常拉取 docker 私有倉庫安裝成功
添加 harbor helm-charts 倉庫地址 helm repo add --username=admin --password=Harbor12345 myrepo https:/域名/chartrepo 具體的項目地址 helm repo add --username=admin --password=Harbor12345 library https:/域名/chartrepo/library 更新 helm repo update 安裝 helm-push 插件 helm plugin install https://github.com/chartmuseum/helm-push 下載一個其它倉儲已經有的項目 helm fetch stable/mysql [root@jenkins ~]# ll mysql* -rw-r--r-- 1 root root 5536 6月 28 08:48 mysql-0.3.5.tgz 上傳到私有倉庫 helm push mysql-0.3.5.tgz myrepo 更新repo helm repo update 查找剛剛push mysql helm search mysql [root@jenkins ~]# helm search mysql NAME CHART VERSION APP VERSION DESCRIPTION myrepo/library/mysql 0.3.5 Fast, reliable, scalable, and easy to use open-... repo_name1/mysql-broker 0.1.0 A Helm chart for Kubernetes stable/mysql 0.3.5 Fast, reliable, scalable, and easy to us 第一個就是 web 頁面查看
配置默認storageclass mysql 使用到動態後端存儲 否則mysql 一直不會進行部署 kubectl get storageclass kubectl patch storageclass nfs-storage -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}' 取消默認 kubectl patch storageclass nfs-storage -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}' kubectl get storageclass helm install --name-template mysql myrepo/library/mysql [root@jenkins ~]# helm list NAME NAMESPACE REVISION UPDATED STATUS CHART mysql default 1 2019-06-28 08:54:19.825429471 +0800 CST deployed mysql-0.3.5 [root@jenkins ~]# kubectl get service| grep mysql-mysql mysql-mysql ClusterIP 10.64.160.92 <none> 3306/TCP 75m [root@jenkins ~]# kubectl get pod| grep mysql mysql-mysql-549d644d4-z2ctk 0/1 Running 0 59s kubectl get secret --namespace default mysql-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo 查看mysql 密碼 鏈接mysql 不出問題一切ok harbor 安裝就完成了