Docker Harbor 镜像仓库

# 解压
sudo tar -zxf harbor-offline-installer-v2.0.2.tgz
# 进入解压的目录，修改配置
sudo cp harbor.yml.tmpl harbor.yml
sudo vim harbor.yml

# 修改地址
hostname: 192.168.8.138

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# 注释掉 https 访问
# https related config
#https:
  # https port for harbor, default is 443
  #port: 443
  # The path of cert and key files for nginx
  #certificate: /your/certificate/path
  #private_key: /your/private/key/path

# The default data volume
data_volume: /data

sudo ./install.sh

# Stop Harbor.
sudo docker-compose down -v

# Restart Harbor
sudo docker-compose up -d

sudo vim /lib/systemd/system/harbor.service


[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/goharbor/harbor

[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f  /opt/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /opt/harbor/docker-compose.yml down

[Install]
WantedBy=multi-user.target


sudo systemctl enable harbor
sudo systemctl start harbor

# 需要配置 insecure-registries
sudo vim /etc/docker/daemon.json


{
  "registry-mirrors": ["https://ke9h1pt4.mirror.aliyuncs.com"],
  "insecure-registries": ["http://xxx.xxx.xxx.xxx", "http://myregistrydomain.com:5000", "0.0.0.0"]
}

# 重启服务
sudo systemctl restart docker

docker tag cd645f5a4769 192.168.8.138/library/mysql:latest
# admin Harbor12345
docker login 192.168.8.138
# 上传
docker push 192.168.8.138/library/mysql:latest

# 批量 tag
for i in $(docker images | grep ^pig | awk 'BEGIN{OFS=":"}{print $1,$2}');
do
 docker tag $i xxx.xxx.xxx.xxx/xx-name/$i;
done

# 批量 push
for i in $(docker images | grep xx-name | awk 'BEGIN{OFS=":"}{print $1,$2}');
do
 docker push $i;
done

# 版本对应关系：https://helm.sh/zh/docs/topics/version_skew
# 下载解压安装，https://helm.sh/zh/docs/intro/install/#用二进制版本安装
wget https://mirrors.huaweicloud.com/helm/v3.11.1/helm-v3.11.1-linux-amd64.tar.gz
tar -zxf helm-v3.11.1-linux-amd64.tar.gz
sudo mv linux-amd64/helm /usr/local/bin/helm

# 查看安装结果
helm version

# 配置命令提示补全，https://helm.sh/zh/docs/helm/helm_completion_bash
helm completion bash > /etc/bash_completion.d/helm

# https://helm.sh/zh/docs/intro/using_helm/#helm-repo使用仓库
# 添加 chart 仓库，https://artifacthub.io/packages/search
helm repo add bitnami https://charts.bitnami.com/bitnami
# 同步信息
helm repo update
# 可以被安装的 charts 列表
helm search repo bitnami

# 安装，一个 chart 在同一个集群里面可以被安装多次，每一个都可以被独立的管理和升级
#helm install mysql bitnami/mysql --create-namespace -n mysql
helm install bitnami/mysql --create-namespace -g -n mysql
# 查看创建的所有资源
kubectl get all -l app.kubernetes.io/instance=mysql-1678262196 -A -o wide
# 了解到这个 chart 的基本信息
helm show chart bitnami/mysql
# 获取关于该 chart 的所有信息
helm show all bitnami/mysql
# 看哪些 chart 被发布了
helm ls -aA
# 卸载，--keep-history 会保存版本历史
helm uninstall mysql-1678262196 -n mysql
# 查看版本的信息
helm status mysql-1678262196
# 升级
helm upgrade mysql-1678262196 bitnami/mysql --force
# 查看历史版本
helm history mysql-1678262196
# 如果是 uninstalled 状态，可以对它进行回滚版本
helm rollback mysql-1678262196 1

# https://helm.sh/zh/docs/intro/using_helm/#安装前自定义-chart
# 查看 chart 中的可配置选项
helm show values bitnami/mysql
# 可以使用 YAML 格式的文件覆盖上述任意配置项，并在安装过程中使用该文件
echo '{mariadb.auth.database: user0db, mariadb.auth.username: user0}' > values.yaml
helm install -f values.yaml bitnami/mysql --generate-name

# 安装
helm repo add harbor https://helm.goharbor.io
helm fetch harbor/harbor --untar --create-namespace -g -n harbor

# 获取密钥
kubectl get secrets -n harbor harbor-1678332370-ingress -o jsonpath="{.data.ca\.crt}" | base64 --decode

# docker 登录
sudo mkdir -p /etc/docker/certs.d/core.harbor.domain
sudo tee /etc/docker/certs.d/core.harbor.domain/ca.crt > /dev/null <<EOF
-----BEGIN CERTIFICATE-----
MIIDFDCCAfygAwIBAgIRAOqvNfRxVeQkV8atPIXd0tkwDQYJKoZIhvcNAQELBQAw
FDESMBAGA1UEAxMJaGFyYm9yLWNhMB4XDTIzMDMwOTAzMjYxM1oXDTI0MDMwODAz
MjYxM1owFDESMBAGA1UEAxMJaGFyYm9yLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEApobDj5JkyED0LW+2C2in+AAtfmbOFLkKhZBvA13qtbMInHZf
Te6onGkyLvYgZxh26qUhg5mjimWYJGEWCdfEe5G3SlQPXG17at/glZGqoRPmUrwu
VCKOX72dnMu34gs/Qck2m7K7qxZnQvBA2pqnnulry+mauMv4PuMnLOfrwjGL2Jbi
HugM4DW0xFjFfVHKZoQGcaXRl0QCzMq7L7uXJun+lPvKzb62MDozqOf5fz+q4QJJ
JRzcsxER+ty93IIYFnv0lluykMet+UgErX/wgco0oyV/EnkFf1rWnVfK0+8YYuA6
d0qViuROVben9nvp6Ihoaysk1pSuThDo3watEwIDAQABo2EwXzAOBgNVHQ8BAf8E
BAMCAqQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFC2gNOghiSAB1HlZSGJr/cXvZSI6MA0GCSqGSIb3DQEB
CwUAA4IBAQAU7XecSLaBmTy1uv9gkE9A/AzRXDkkdk5YyBh8BRjAeqWxERaJT9ic
5JRlRqLxjNjRrs7GSSCF9xJKMXGGrT4dAHkJdc208376mnUyye73zrQ8vLaPlOgK
RMCCffyJvej+8JrF0e7wk0ef0eVcLBNhePGXrOVMYsyPTIIR1aggYo3U6wMucZhg
g+4ofg63ISA7NFmzkiSORDU04+FnmXZQ2ULgkJnBzLFlfqL/7lB34MW9DOfiPfhR
xJW7D3EFwJO23qnRR96RqPNSEW9dZjGFugIVQMMTxlT3KghBl1j5fvo56Mdk+QyD
eyb+8bGY4F77tLYBVK8B6gd5qLWxolar
-----END CERTIFICATE-----
EOF
echo '10.74.1.170 core.harbor.domain' | sudo tee -a /etc/hosts
docker login core.harbor.domain -u admin
Harbor12345

# k8s 拉取私有镜像需要账号密码
kubectl create secret docker-registry regsecret --namespace=streampark --docker-server=core.harbor.domain --docker-username=admin --docker-password=Harbor12345