Harbor是一个用于存储和分发Docker 镜像的企业级Registry 服务器，通过添加一些企业必需的功能特性，例如安全、标识和管理等，扩展了开源Docker Distribution。作为一个企业级私有Registry 服务器，Harbor 提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。Harbor 支持安装在多个Registry节点的镜像资源复制，镜像全部保存在私有Registry 中， 确保数据和知识产权在公司内部网络中管控。另外，Harbor也提供了高级的安全特性，诸如用户管理，访问控制和活动审计等。

克隆harbor项目，修改配置

git clone https://github.com/vmware/harbor.git
cd harbor
git checkout v1.4.0 #这里选择1.4版本的安装文件，不过安装的harbor还是1.2版本的
cd make/

vim harbor.cfg #修改以下几项
hostname = reg.mydomain.com #改为域名或者ip地址
ui_url_protocol = http
harbor_admin_password = Harbor12345 #harbor admin登陆密码

cd kubernetes/
python k8s-prepare #生成configmap配置文件和ingress规则

vim pv/pv-pvc.yaml
apiVersion: v1
kind: Secret
metadata:
  name: ceph-secret
data:
  key: QVFBZ28wUmFmaEo1RnhBQTFaQXRnRnlRdVU2YUt1cGlOY245YVE9PQo=
---
  apiVersion: v1
  kind: PersistentVolume
  metadata:
    name: opspv
    labels:
      k8s-app: opspv
  spec:
    accessModes:
    - ReadWriteMany
    capacity:
      storage: 100Gi
    persistentVolumeReclaimPolicy: Retain
    monitors:
      - 192.168.0.231:6789
      - 192.168.0.242:6789
      - 192.168.0.211:6789
    path: /harbor
    user: admin
    secretRef:
      name: ceph-secret
  ---
  apiVersion: v1
  kind: PersistentVolumeClaim
  metadata:
    name: opspvc
    namespace: kube-ops
    labels:
      k8s-app: opspvc
  spec:
    accessModes:
    - ReadWriteMany
    resources:
      requests:
        storage: 100Gi
    selector:
      matchLabels:
        k8s-app: opspv

接着修改kubernetes下的yaml名称空间和目录挂载如：

metadata:
  name: jobservice
  labels:
    name: jobservice
    namespace: kube-ops

    volumeMounts:
    - name: logs
      mountPath: /var/log/jobs
      subPath: logs
  volumes:
  - name: logs
    persistentVolumeClaim:
      claimName: opspvc

创建配置文件

kubectl apply -f make/kubernetes/pv/pv-pvc.yaml
# create config map
kubectl apply -f make/kubernetes/jobservice/jobservice.cm.yaml
kubectl apply -f make/kubernetes/mysql/mysql.cm.yaml
kubectl apply -f make/kubernetes/registry/registry.cm.yaml
kubectl apply -f make/kubernetes/ui/ui.cm.yaml
kubectl apply -f make/kubernetes/adminserver/adminserver.cm.yaml
# create service
kubectl apply -f make/kubernetes/jobservice/jobservice.svc.yaml
kubectl apply -f make/kubernetes/mysql/mysql.svc.yaml
kubectl apply -f make/kubernetes/registry/registry.svc.yaml
kubectl apply -f make/kubernetes/ui/ui.svc.yaml
kubectl apply -f make/kubernetes/adminserver/adminserver.svc.yaml
# create k8s deployment
kubectl apply -f make/kubernetes/registry/registry.deploy.yaml
kubectl apply -f make/kubernetes/mysql/mysql.deploy.yaml
kubectl apply -f make/kubernetes/jobservice/jobservice.deploy.yaml
kubectl apply -f make/kubernetes/ui/ui.deploy.yaml
kubectl apply -f make/kubernetes/adminserver/adminserver.deploy.yaml
# create k8s ingress
kubectl apply -f make/kubernetes/ingress.yaml

随后在本地修改hosts，将前面修改的hostname解析成nodeip
登陆界面如下图所示

image.png

docker login提示被拒绝解决方法：

vim /usr/lib/systemd/system/docker.service
#加入--insecure-registry $hostname
ExecStart=/usr/bin/dockerd --insecure-registry reg.mydomain.com

重启docker，就可以登陆了