Harbor 安裝指南
Docker 安裝
###### Docker Engine
# Remove conflicting packages:
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
# Install the docker packages:
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
前往 Harbor GitHub Releases 下載
前往 GitHub Release 下載合適的版本,比如:harbor-offline-installer-v1.10.19.tgz。
wget https://github.com/goharbor/harbor/releases/download/v1.10.19/harbor-offline-installer-v1.10.19.tgz
tar xvf harbor-offline-installer-v1.10.19.tgz
解壓縮後,會出現 harbor 目錄。
配置 Harbor
進入 harbor 目錄後,有一個 harbor.yml,我們需要編輯它。
前面幾行對我們是比較重要的:
hostname: reg.mydomain.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /your/certificate/path
private_key: /your/private/key/path
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345
其中:
- hostname:需要填寫你憑證簽署的 domain name。
- certificate、private_key:憑證、金鑰的路徑。
- harbor_admin_password:Harbor 的預設管理員密碼。
修改啓動腳本
由於啓動腳本是使用 docker-compose,而我們使用的是 docker compose,因此我們要跳過對這個指令的依賴檢查。
編輯 install.sh:
移除 check_dockercompose。
接着執行:sed -i "s|docker-compose|docker compose|g" install.sh
### 啓動
sudo ./install.sh
即可啓動 Harbor。
Harbor 憑證處理
如果你是用自簽憑證,那麼如果想要在 Kubernetes Cluster 上使用 Harbor,那還需要讓 Cluster 信任你的憑證。
在每一臺節點上進行步驟如下:
- 將 harbor CA 檔複製到
/usr/local/share/ca-certificates/harbor.crt; - 執行
sudo update-ca-certificates; - 重啓 CRI,例如:
sudo systemctl restart containerd。
