Harbor 的安装和基本配置

2 年 ago
yangyuhong
4 minutes

Harbor 的安装和基本配置

Harbor 的安装和基本配置

官方要求的配置和最低版本号

​ Harbor is deployed as several Docker containers. You can therefore deploy it on any Linux distribution that supports Docker. The target host requires Docker, and Docker Compose to be installed.

Hardware

​ The following table lists the minimum and recommended hardware configurations for deploying Harbor.

Resource Minimum Recommended
CPU 2 CPU 4 CPU
Mem 4 GB 8 GB
Disk 40 GB 160 GB
Software

​ The following table lists the software versions that must be installed on the target host.

Software Version Description
Docker engine Version 17.06.0-ce+ or higher For installation instructions, see Docker Engine documentation
Docker Compose Version 1.18.0 or higher For installation instructions, see Docker Compose documentation
Openssl Latest is preferred Used to generate certificate and keys for Harbor
Network ports

​ Harbor requires that the following ports be open on the target host.

Port Protocol Description
443 HTTPS Harbor portal and core API accept HTTPS requests on this port. You can change this port in the configuration file.
4443 HTTPS Connections to the Docker Content Trust service for Harbor. Only required if Notary is enabled. You can change this port in the configuration file.
80 HTTP Harbor portal and core API accept HTTP requests on this port. You can change this port in the configuration file.

安装Harbor和配置

​ 官方安装步骤Harbor install

​ 因官方没有中文安装步骤,所以以下是Harbor中文安装步骤:

​ 1. harbor有两种安装方式,一种是在线安装和离线安装,我使用的是在线安装,两种安装方式基本都一样。

  1. (可选)下载相应的*.asc文件,以验证该软件包是正版的。asc文件可以在这里看到每个版本号里。

  2. 获取*.asc文件的公钥。

    # gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 644FF454C0B4115C

    您应该会看到消息 public key "Harbor-sign (The key for signing Harbor build) <jiangd@vmware.com>" imported

  3. 通过运行以下命令之一来验证软件包是正版。

    ● 在线安装程序:

    # gpg -v --keyserver hkps://keyserver.ubuntu.com --verify harbor-online-installer-v2.1.5.tgz.asc

    ● 离线安装程序:

    # gpg -v --keyserver hkps://keyserver.ubuntu.com --verify harbor-offline-installer-v2.1.5.tgz.asc

    gpg命令验证软件包的签名与*.asc密钥文件的签名匹配。您应该看到确认签名正确的信息。

    gpg: assuming signed data in `harbor-online-installer-v2.1.5.tgz'
gpg: Signature made Thu 22 Apr 2021 05:30:58 PM CST using RSA key ID C0B4115C
gpg: using PGP trust model
gpg: Good signature from "Harbor-sign (The key for signing Harbor build) <jiangd@vmware.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7722 D168 DAEC 4578 06C9  6FF9 644F F454 C0B4 115C
gpg: binary signature, digest algorithm SHA512

  4. 使用tar提取安装程序包:

    ● 在线安装程序:

    # tar -xf harbor-online-installer-v2.1.5.tgz
# cd harbor
# ll
total 32
-rw-r--r-- 1 root root  3361 Apr 22 17:30 common.sh
-rw-r--r-- 1 root root  8136 Apr 22 17:30 harbor.yml.tmpl
-rwxr-xr-x 1 root root  2523 Apr 22 17:30 install.sh
-rw-r--r-- 1 root root 11347 Apr 22 17:30 LICENSE
-rwxr-xr-x 1 root root  1881 Apr 22 17:30 prepare
# cp harbor.yml.tmpl harbor.yml
hostname: reg.mydomain.com
http:
  port: 80
https:
  port: 443
  certificate: /your/certificate/path
  private_key: /your/private/key/path
harbor_admin_password: Harbor12345
database:
  password: root123
  max_idle_conns: 50
  max_open_conns: 1000
data_volume: /data
clair:
  updaters_interval: 12
trivy:
  ignore_unfixed: false
  skip_update: false
  insecure: false
jobservice:
  max_job_workers: 10
notification:
  webhook_job_max_retry: 10
chart:
  absolute_url: disabled
log:
  level: info
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /var/log/harbor
_version: 2.0.0
proxy:
  http_proxy:
  https_proxy:
  no_proxy:
  components:
    - core
    - jobservice
    - clair
    - trivy

    ​ hostname: 修改为IP地址或者域名

    ​ certificate: /your/certificate/path 如果hostname使用的是域名就要配置两个证书
    ​ private_key: /your/private/key/path

    ​ data_volume: /data docker的挂载路径

    # ./install.sh --with-chartmuseum      执行这个脚本将会自动安装

    ● 离线安装程序:

    # tar -xf harbor-online-installer-v2.1.5.tgz
# cd harbor
# ll
total 32
-rw-r--r-- 1 root root  3361 Apr 22 17:30 common.sh
-rw-r--r-- 1 root root  8136 Apr 22 17:30 harbor.yml.tmpl
-rwxr-xr-x 1 root root  2523 Apr 22 17:30 install.sh
-rw-r--r-- 1 root root 11347 Apr 22 17:30 LICENSE
-rwxr-xr-x 1 root root  1881 Apr 22 17:30 prepare
# cp harbor.yml.tmpl harbor.yml
hostname: reg.mydomain.com
http:
  port: 80
https:
  port: 443
  certificate: /your/certificate/path
  private_key: /your/private/key/path
harbor_admin_password: Harbor12345
database:
  password: root123
  max_idle_conns: 50
  max_open_conns: 1000
data_volume: /data
clair:
  updaters_interval: 12
trivy:
  ignore_unfixed: false
  skip_update: false
  insecure: false
jobservice:
  max_job_workers: 10
notification:
  webhook_job_max_retry: 10
chart:
  absolute_url: disabled
log:
  level: info
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /var/log/harbor
_version: 2.0.0
proxy:
  http_proxy:
  https_proxy:
  no_proxy:
  components:
    - core
    - jobservice
    - clair
    - trivy

    ​ hostname: 修改为IP地址或者域名

    ​ certificate: /your/certificate/path 如果hostname使用的是域名就要配置两个证书
    ​ private_key: /your/private/key/path

    ​ data_volume: /data docker的挂载路径

    # ./install.sh --with-chartmuseum      执行这个脚本将会自动安装

     


发表回复 0

Your email address will not be published. Required fields are marked *