前言私有仓库用于存放企业内部的私有Docker镜像。私有仓库可以安装到K8S集群中。Harbor镜像仓库是VMware开源的企业级镜像仓库系统。更新历史20200719-初稿-左成礼原文地址-https://blog.zuolinux.com/2020/07/19/harbor.html自定义证书opensslgenrsa-outca.key4096opensslreq-x509-new-nodes-sha512-days3650-subj"/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=zuolinux.com"-keyca.key-outca.crtopensslgenrsa-outharbor.zuolinux.com.key4096opensslreq-sha512-new-subj"/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=zuolinux.com"-keyharbor.zuolinux.com.key-outharbor.zuolinux.com.csrcat>v3.ext<<-EOFauthorityKeyIdentifier=keyid,issuerbasicConstraints=CA:FALSEkeyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEnciphermentendedKeyUsage=serverAuthsubjectAltName=@alt_namesb[alt_names]com.DNS.uo2=*.harbor.海港。zuolinux.comDNS.3=主机名EOFopensslx509-req-sha512-days3650\-extfilev3.ext\-CAca.crt-CAkeyca.key-CAcreateserial\-inharbor.zuolinux.com.csr\-outharbor.zuolinux.com.crtopensslx509-通知PEM-inharbor.zuolinux.com.crt-outharbor.zuolinux.com.certinstallharborhelminstallnginx-ingress--set“rbac.create=true,controller.service.externalIPs[0]=192.168.10.15”apphub/nginx-ingresskubectl创建nsharborkubectl创建秘密tlsharbor.zuolinux.com--keyharbor.zuolinux.com.key--certharbor.zuolinux.com.crt-nharborhelmrepo添加harborhttps://helm.goharbor.iohelmrepoupdatehelm安装harbor--namespaceharborharbor/harbor\--setexpose.ingress.hosts.core=core.harbor.zuolinux.com\--setexpose.ingress.hosts.notary=notary.harbor.zuolinux.com\--setexpose.tls.secretName=harbor.zuolinux.com\--setpersistence.enabled=false\--setexternalURL=https://core.harbor.zuolinux.com\--setharborAdminPassword=password查看安装和服务地址#helmstatusharbor#kubectlgetpod#kubectlgetpv#kubectlgetpvc#kubectlget服务访问harbor本地配置HOSTS192.168.10.15core.harbor.zuolinux.com浏览器访问https://core.harbor.zuolinux。comDocker镜像仓库管理复制证书到Docker证书配置目录mkdir-p/etc/docker/certs.d/core.harbor.zuolinux.com/cpharbor.zuolinux.com.cert/etc/docker/certs.d/core.harbor.zuolinux.com/cpharbor.zuolinux.com.key/etc/docker/certs.d/core.harbor.zuolinux.com/cpca.crt/etc/docker/certs.d/core.harbor.zuolinux.com/pushimagedockertagnginxcore.harbor.zuolinux.com/library/nginx:latestdockerpushcore.harbor.zuolinux.com/library/nginx:latest浏览器登录Harbor可以看到已经有镜像下载镜像dockerrmicore。harbor.zuolinux.com/library/nginx:latestdockerpullcore.harbor.zuolinux.com/library/nginx:latestHelmChart仓库管理HelmPush插件helmplugininstallhttps://github.com/chartmuseum/helm-push创建RepoWEBpagecreateprojectmyrepoaddWarehouse到本地,注意chartrepo是关键字,如果要保留,不能修改helmrepoaddmyrepohttps://core.harbor.zuolinux.com/chartrepo/myrepo--ca-file/root/harbor/ca.crt--username=admin--password=password在本地创建测试Charthelm创建testapp推送到仓库helmpush--ca-file/root/harbor/ca.crt--username=admin--password=passwordtestappmyrepo在chartrepo项目HelmChats下的WEB页面可以看到推上去的图表包。结束语Harbor使个人和企业都具备了自主创建和管理私有仓库的能力。联系我微信公众号:zuolinux_com
