使用 VMware Harbor 创建 Docker 镜像仓库

下载安装包

  • 安装 Docker-Compose
    # wget https://github.com/docker/compose/releases/download/1.12.0/docker-compose-Linux-x86_64
    # mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
    # chmod a+x  /usr/bin/docker-compose
    
  • 下载并解压 Harbor
    # wget  --continue https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-offline-installer-v1.1.2.tgz
    # tar -xzvf harbor-offline-installer-v1.1.2.tgz
    
  • 导入离线安装包中的相关镜像
    # cd harbor
    # docker load -i harbor.v1.1.2.tar.gz
    

创建证书

  • 修改证书的默认配置
    # vim /etc/pki/tls/openssl.cnf 
    countryName_default             = CN
    stateOrProvinceName_default     = Fujian
    localityName_default            = Fuzhou
    0.organizationName_default      = k8s
    organizationalUnitName_default  = System
    
  • 创建根证书
    # cd /etc/pki/CA
    # openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
    
  • 创建 harbor 证书签名请求
    # openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor.key -out harbor.csr
    # touch index.txt
    # echo '01' > serial
    
  • 信任镜像服务器 IP
    # echo subjectAltName = IP:192.168.0.0 > extfile.cnf
    
  • 颁发证书
    # openssl ca -in harbor.csr -out harbor.crt -cert ca.crt -keyfile ca.key -extfile extfile.cnf -outdir .
    # mkdir /etc/harbor/ssl -p
    # cp harbor.crt harbor.key /etc/harbor/ssl
    

配置及启动

  • 配置
    # vim harbor.cfg
    hostname = 192.168.0.0 
    ui_url_protocol = https
    ssl_cert = /etc/harbor/ssl/harbor.crt
    ssl_cert_key = /etc/harbor/ssl/harbor.key
    verify_remote_cert = off
    (注:若使用第三方证书时,这里只需将 ssl_cert 和 ssl_cert_key 替换为第三方证书所在的路径即可)
    
  • 启动
    ./install.sh
    

添加 Docker 信任

  • 修改配置参数
    # vim /usr/lib/systemd/system/docker.service
    ExecStart=/usr/bin/dockerd --insecure-registry=192.168.0.0
    
  • 重启 Docker
    # systemctl daemon-reload
    # systemctl restart docker
    

登录镜像仓库

  • 登录
    # docker login -u admin 192.168.0.0
    
  • 添加镜像
    docker tag [original_image] [registry_address]/[repo_address]/[target_image]
    
  • 推送镜像
    docker push [image_name]
    

参考资料

评论