\u200b1.docker-ce\u5b89\u88c5\u200b<\/strong><\/div>\n
\u4f7f\u7528\u5b98\u65b9\u5b89\u88c5\u811a\u672c\u81ea\u52a8\u5b89\u88c5\uff08\u4ec5\u9002\u7528\u4e8e\u516c\u7f51\u73af\u5883\uff09<\/p>\n
curl -fsSL https:\/\/get.docker.com | bash -s docker --mirror Aliyun<\/pre>\n
\u200b2.\u4e0b\u8f7ddocker-compos\u7684\u6700\u65b0\u7248\u672c\u200b<\/strong><\/div>\n
sudo curl -L \"https:\/\/github.com\/docker\/compose\/releases\/download\/1.23.1\/docker-compose-$(uname -s)-$(uname -m)\" -o \/usr\/local\/bin\/docker-compose\r\nchmod +x \/usr\/local\/bin\/docker-compose\r\nroot@k8s-master1:\/usr\/local\/bin# docker-compose --version\r\ndocker-compose version 1.23.1, build b02f1306<\/pre>\n
\u200b<\/p>\n
3.python2.7\u200b<\/strong><\/div>\n
apt-get install python2.7 -y \r\nln -s \/usr\/bin\/python2.7 \/usr\/bin\/python<\/pre>\n
\u200b4.\u8bc1\u4e66\u5236\u4f5c\u200b<\/strong><\/div>\n
openssl genrsa -out ca.key 4096\r\nopenssl req -x509 -new -nodes -sha512 -days 3650 \\\r\n-subj \"\/C=TW\/ST=Taipei\/L=Taipei\/O=example\/OU=Personal\/CN=harbor.gesila.com\" \\\r\n-key ca.key \\\r\n-out ca.crt\r\nroot@ubuntu:\/usr\/local\/src\/harbor\/certs# ls\r\nca.crt ca.key<\/pre>\n
--------------------------------------------------
\n\u9047\u5230\u95ee\u9898\uff1aCan't load \/root\/.rnd into RNG
\n\u89e3\u51b3\u529e\u6cd5\uff1a<\/p>\n
cd \/root\r\nopenssl rand -writerand .rnd<\/pre>\n
--------------------------------------------------<\/p>\n
openssl genrsa -out harbor.gesila.com.key 4096\r\nopenssl req -sha512 -new \\\r\n-subj \"\/C=TW\/ST=Taipei\/L=Taipei\/O=example\/OU=Personal\/CN=harbor.gesila.com\" \\\r\n-key harbor.gesila.com.key \\\r\n-out harbor.gesila.com.csr\r\nroot@ubuntu:\/usr\/local\/src\/harbor\/certs# ls\r\nca.crt ca.key harbor.gesila.com.csr harbor.gesila.com.key\r\n------------------------------------------------------\r\n<\/pre>\n
cat > v3.ext <<-EOF\r\nauthorityKeyIdentifier=keyid,issuer\r\nbasicConstraints=CA:FALSE\r\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\r\nextendedKeyUsage = serverAuth \r\nsubjectAltName = @alt_names\r\n\r\n[alt_names]\r\nDNS.1=harbor.gesila.com\r\nDNS.2=harbor.gesila\r\nDNS.3=hostname\r\nEOF\r\nroot@ubuntu:\/usr\/local\/src\/harbor\/certs# ls\r\nca.crt ca.key harbor.gesila.com.csr harbor.gesila.com.key v3.ext\r\n------------------------------------------------------\r\n\r\n\r\nopenssl x509 -req -sha512 -days 3650 \\\r\n-extfile v3.ext \\\r\n-CA ca.crt -CAkey ca.key -CAcreateserial \\\r\n-in harbor.gesila.com.csr \\\r\n-out harbor.gesila.com.crt\r\n---------------------------------------------------------------------------------\r\nroot@ubuntu:\/usr\/local\/src\/harbor\/certs# ls\r\nca.crt ca.key ca.srl harbor.gesila.com.crt harbor.gesila.com.csr harbor.gesila.com.key v3.ext\r\n\r\n<\/pre>\n
\u200b5.harbor\u4e0b\u8f7d\u53ca\u5b89\u88c5\u200b<\/strong><\/div>\n
cd \/usr\/local\/src\r\ntar xf harbor-offline-installer-v1.2.2.tgz\r\ncd harbor\/\r\nvim harbor.cfg\r\n------------------------------------\r\nhostname = harbor.gesila.com\r\nui_url_protocol = https\r\nssl_cert = \/usr\/local\/src\/harbor\/certs\/harbor.gesila.com.crt \r\nssl_cert_key = \/usr\/local\/src\/harbor\/certs\/harbor.gesila.com.key\r\nharbor_admin_password = 123456\r\n------------------------------------\r\n.\/prepare\r\n.\/install.sh \r\n<\/pre>\n
\u9ed8\u8ba4\u5b89\u88c5\u4e0d\u5305\u62ecNotary\u6216Clair\u670d\u52a1\uff0c\u8fd9\u4e9b\u670d\u52a1\u7528\u4e8e\u6f0f\u6d1e\u626b\u63cf;\u8981\u5305\u62ec\u516c\u8bc1\u670d\u52a1\uff0c\u4f60\u5fc5\u987b\u5728harbor.yml\u4e2d\u542f\u7528\u548c\u914d\u7f6e<\/p>\n
https sudo .\/install.sh -with-notary --with-clair --with-chartmuseum<\/pre>\n
\u200b6.\u62f7\u8d1d\u8bc1\u4e66\u200b<\/strong><\/div>\n
#\u51e1\u4e8b\u8981\u767b\u5f55\u5230habor\u90fd\u8981\u5efa\u8be5\u6587\u4ef6
\nmkdir -p \/etc\/docker\/certs.d\/harbor.gesila.com
\n#\u628a\u8bc1\u4e66\u6587\u4ef6\u62f7\u8d1d\u5230\/etc\/docker\/certs.d\/harbor.gesila.com\u76ee\u5f55<\/p>\n
cp \/usr\/local\/src\/harbor\/certs\/harbor.gesila.com.crt \/etc\/docker\/certs.d\/harbor.gesila.com<\/pre>\n
\u200b7.\u4fee\u6539docker.service \u914d\u7f6e\u6587\u4ef6\u200b<\/strong><\/div>\n
#\u9700\u8981\u8fde\u63a5\u5230harbor\u7684\u673a\u5668\u90fd\u9700\u8981\u4fee\u6539\uff0c\u52a0\u4e0a\u53c2\u6570\uff1a--insecure-registry<\/p>\n
vim \/lib\/systemd\/system\/docker.service \r\n-------------------------------------------------------------------------------------------------------------------\r\nExecStart=\/usr\/bin\/dockerd -H fd:\/\/ --containerd=\/run\/containerd\/containerd.sock --insecure-registry harborip\u5730\u5740\r\n-------------------------------------------------------------------------------------------------------------------\r\nsystemctl daemon-reload && systemctl restart docker\r\n<\/pre>\n
\u200b\u200b<\/p>\n
8.\u6d4b\u8bd5\u8fde\u63a5\u200b\u200b<\/strong><\/div>\n
root@k8s-master1:\/usr\/local\/src\/harbor# docker login harbor.gesila.com\r\nAuthenticating with existing credentials...\r\nWARNING! Your password will be stored unencrypted in \/root\/.docker\/config.json.\r\nConfigure a credential helper to remove this warning. See\r\nhttps:\/\/docs.docker.com\/engine\/reference\/commandline\/login\/#credentials-store\r\n\r\nLogin Succeeded\r\n<\/pre>\n
\u200b<\/p>\n
\u200b9.\u6d4b\u8bd5\u4e0a\u4f20\u955c\u50cf\u200b\u200b<\/strong><\/div>\n
\u7f51\u9875\u5efa\u4e00\u4e2ak8s\u9879\u76ee\r\nroot@k8s-master1:\/usr\/local\/src\/harbor# docker pull alpine\r\nUsing default tag: latest\r\nlatest: Pulling from library\/alpine\r\n59bf1c3509f3: Pull complete \r\nDigest: sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300\r\nStatus: Downloaded newer image for alpine:latest\r\ndocker.io\/library\/alpine:latest\r\n\r\nroot@k8s-master1:\/usr\/local\/src\/harbor# docker tag alpine harbor.gesila.com\/k8s\/alpine && docker push harbor.gesila.com\/k8s\/alpine\r\nUsing default tag: latest\r\nThe push refers to repository [harbor.gesila.com\/k8s\/alpine]\r\n8d3ac3489996: Pushed \r\nlatest: digest: sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3 size: 528\r\n<\/pre>\n
\u200b\u95ee\u9898\u89e3\u51b3\u200b<\/p>\n
\u200b.\/prepare \u200b\r\n\r\nFail to generate key file: .\/common\/config\/ui\/private_key.pem, cert file: .\/common\/config\/registry\/root.crt\r\n<\/pre>\n
#\u89e3\u51b3\u529e\u6cd5\uff1a<\/p>\n
vim +308 prepare \r\n---------------------------------------------------------------------------------------------------------------------------------\r\nempty_subj = \"\/C=\/ST=\/L=\/O=\/CN=\/\" \u66ff\u6362\u4e3a\uff1aempty_subj = \"\/C=US\/ST=California\/L=Palo Alto\/O=VMware, Inc.\/OU=Harbor\/CN=notarysigner\"\r\n---------------------------------------------------------------------------------------------------------------------------------\r\n\r\n\u200b\u200b.\/install.sh\u200b\u200b\r\n\r\n.\/prepare: \/usr\/bin\/python: bad interpreter: No such file or directory\r\n<\/pre>\n
#\u89e3\u51b3\u529e\u6cd5\uff1a
\nprepare\u811a\u672c\u662f\u7528python\u5199\u7684\uff1b\u4f46\u662fprepare\u4e0d\u517c\u5bb93.5\u7248\u672c\uff0c\u9700\u964d\u7ea7\u8fd8\u539f\u4f7f\u75282.7<\/p>\n
apt-get install python2.7 -y \r\nln -s \/usr\/bin\/python2.7 \/usr\/bin\/python\r\n<\/pre>\n
\u279c Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.\r\nPlease set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol\/ssl_cert\/ssl_cert_key in harbor.cfg bacause notary must run under https. \r\nPlease set --with-clair if needs enable Clair in Harbor\r\n<\/pre>\n
#\u89e3\u51b3\u529e\u6cd5\uff1a
\n\u4fee\u6539hostname<\/p>\n
vim \/usr\/local\/src\/harbor\/harbor.cfg\r\n#hostname = reg.mydomain.com \u9ed8\u8ba4\u7684\u662f\u8fd9\u4e2a\uff0c\u8fd9\u4e2a\u5fc5\u987b\u8981\u5220\u9664\uff0c\u6ce8\u91ca\u7684\u8bdd\u4e5f\u63d0\u793a\u95ee\u9898\u4e0a\u8ff0\u95ee\u9898<\/pre>\n","protected":false},"excerpt":{"rendered":"
\u4f7f\u7528\u5b98\u65b9\u5b89\u88c5\u811a\u672c\u81ea\u52a8\u5b89\u88c5\uff08\u4ec5\u9002\u7528\u4e8e\u516c\u7f51\u73af\u5883\uff09 curl -fsSL https:\/\/get.docker.co […]<\/p>\n","protected":false},"author":1469,"featured_media":236843,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-236834","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thread"],"acf":[],"_links":{"self":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/236834","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/users\/1469"}],"replies":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/comments?post=236834"}],"version-history":[{"count":6,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/236834\/revisions"}],"predecessor-version":[{"id":236845,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/236834\/revisions\/236845"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media\/236843"}],"wp:attachment":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media?parent=236834"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/categories?post=236834"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/tags?post=236834"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}