Harbor

Harbor yes VMware The company's latest open source enterprise class Docker Registry project , Its goal is to help users quickly build an enterprise class Docker registry service , You can store your own image and have security authentication .

Personal note website

One 、 Environmental requirements

harbor Need to install docker 17.06.0-ce+ and docker-compose 1.18.0+ Can be used

Two 、 install docker-ce

To configure yum Source

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

install docker-ce

yum -y install docker-ce-18.06.1.ce-3.el7
systemctl enable docker && systemctl start docker

3、 ... and 、 install docker-compose

install docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

2. Add executable rights

sudo chmod +x /usr/local/bin/docker-compose

3. Validation version

docker-compose --version

explain ：Docker Compose yes docker A command line tool provided , Used to define and run applications made up of multiple containers .

Use compose, We can go through YAML File declaratively defines the services of the application , And by a single command to complete the application creation and start .

Four 、 obtain Harbor Offline installer

Download website https://github.com/vmware/harbor/releases/

 decompression ：tar xvf harbor-offline-installer-v1.10.2.tgz

Edit profile ：

vim harbor.yaml
 modify harbor The hostname in the configuration file （hostname） To be changed to ：reg.syqedu.com（ visit harbor Domain name or extranet IP）
 Change the directory path where the certificate is located ：
ssl_cert = /root/harbor/ssl/reg.syqedu.com.crt
ssl_cert_key = /root/harbor/ssl/reg.syqedu.com.key
 change harbor The login password ：
harbor_admin_password = 12345

5、 ... and 、 Generate SSL certificate

Get into harbor Catalog ：

mkdir ssl 【 Create certificate storage directory 】

cd ssl

1. Generate root certificate

openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 -key ca.key -out ca.crt

2. Generate a certificate signature , Set the domain name to ：reg.syqedu.com

openssl genrsa -out reg.syqedu.com.key 4096
openssl req -sha512 -new -key reg.syqedu.com.key -out reg.syqedu.com.csr

3.chrome The browser will check whether the current domain name is declared in the certificate , This statement is made by subjectAltName Field settings .

This field is not set by default in the above generation steps , The solution is as follows ：

Create a v3.ext file ：

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=reg.syqedu.com
DNS.2=reg.syqedu
DNS.3=k8s-master # Host name 
EOF

Specify when the host certificate is finally generated v3.ext file

4. Generate host certificate

openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in reg.syqedu.com.csr -out reg.syqedu.com.crt

6、 ... and 、 Install through the built-in script

1. Execute configuration file ： ./prepare

2. Then perform the installation ：./install.sh

3. Lists whether the currently running container is healthy : docker-compose ps

4. Then bind hosts Just visit

7、 ... and 、 other docker Host access harbor

To put harbor Get the self signed certificate on docker On :

mkdir -p /etc/docker/certs.d/reg.syqedu.com

hold reg.syqedu.com.crt Copy it to this directory

docker login reg.syqedu.com # Sign in harbor Warehouse

Then upload the image to harbor：

docker tag tomcat:v1 reg.syqedu.com/test/tomcat:v1 # Marking

docker push reg.syqedu.com/test/tomcat:v1 # Upload