• 搜索
    • 夜间模式
    ©2026  依刻学习 Theme by OneBlog

    依刻学习博客

    搜索
    标签
  • 首页>
  • 学习的一天>
  • 正文

    • 简单k8s实践--搭建harbor仓库并使用

    2025年03月02日 11 阅读 0 评论 6819 字

    前言

    其实harbor我已经搭建过好几次了,早有了harbor仓库,但是这次练习k8s,使用secret登录harbor仓库拉取镜像,我决定要写个搭建harbor仓库的脚本,并提供一些自定义的选项
    环境:
    docker
    docker-compose
    虚拟机vmware环境

    我会将脚本分段介绍,几乎等同于一般的手动搭建流程

    脚本流程

    1.获取必要信息
    获取内容包括安装目录位置HOMEDIR,安装包位置TARDIR,harbor域名URL,harbor密码PASSWD,过滤出IP

    read -p "请输入安装目录位置(默认为/app):"  HOMEDIR
HOMEDIR=${HOMEDIR:-"/app"}
echo "安装位置为${HOMEDIR}"

read -p "请输入安装包位置(默认搜索/root,没有自动拉取):"  TARDIR
TARDIR=${TARDIR:-/root}
echo "安装包位置为${TARDIR}"

read -p "请输入harbor域名(默认harbor.A.com):" URL
URL=${URL:-"harbor.A.com"}
echo "harbor域名为${URL}"

read -p "请输入harbor密码(默认密码为1):" PASSWD
PASSWD=${PASSWD:-'1'}
echo "harbor密码为${PASSWD}"

IP=$(ifconfig|awk '/ens/{getline; print $2;}')

    2.查看安装目录位置是否创建

    ls ${HOMEDIR} &>/dev/null
if [ $? -eq 0 ]; then
  #清空安装目录
  rm ${HOMEDIR}/* -rf
else
  #创建安装目录
  mkdir ${HOMEDIR} -p
fi

    3.检查安装包目录是否有安装包,没有就下载
    不推荐wget下载,时间太长,推荐下好传上去

    if [ -z `ls /root|grep harbor-offline-installer.*tgz` ]; then
    wget https://github.com/goharbor/harbor/releases/download/v2.12.1/harbor-offline-installer-v2.12.1.tgz || echo -e "无法下载harbor\n退出安装" && exit 1
fi
echo "正在解压"
tar xf harbor-offline-installer*.tgz -C ${HOMEDIR}

    4.域名解析

    if [ -z `cat /etc/hosts|grep "${IP} ${URL}"` ]; then
  echo "${IP} ${URL}" >> /etc/hosts
fi

    5.修改配置文件harbor.yml

    cd ${HOMEDIR}/harbor
cp harbor.yml.tmpl  harbor.yml
#替换hostname,harbor_admin_password,certificate,private_key
sed -i "s/^hostname.*/hostname: ${URL}/;s/^harbor_admin_password.*/harbor_admin_password: ${PASSWD}/;s#^  certificate.*#  certificate: ${HOMEDIR}/harbor/certs/server/${URL}.cert#;s#^  private_key.*#  private_key: ${HOMEDIR}/harbor/certs/server/${URL}.key#" harbor.yml

    6.自签证书

    echo "正在创建自签证书"
mkdir  -p  ${HOMEDIR}/harbor/certs/{ca,server,client}
cd  ${HOMEDIR}/harbor/certs
openssl genrsa -out ca/ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650  -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=${URL}"  -key ca/ca.key  -out ca/ca.crt
openssl genrsa -out server/${URL}.key 4096
openssl req -sha512 -new  -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=${URL}"     -key server/${URL}.key     -out server/${URL}.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=ym.com
DNS.2=ym.harbor.com
DNS.3=${URL}
EOF

openssl x509 -req -sha512 -days 3650     -extfile v3.ext     -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial     -in server/${URL}.csr     -out server/${URL}.crt
openssl x509 -inform PEM -in server/${URL}.crt -out server/${URL}.cert
cp server/${URL}.{cert,key} client/
cp ca/ca.crt client/
mkdir /etc/docker/certs.d/${URL}/ -p
ln -s /app/harbor/certs/server/${URL}.cert /etc/docker/certs.d/${URL}/${URL}.crt

    7.初始化安装

    echo "正在安装"
cd  ${HOMEDIR}/harbor
./install.sh   --with-trivy
if [ -z `grep ${URL} /etc/docker/daemon.json` ]; then
  #无法直接变量形式添加,因为jq需要使用单引号
  #jq '."registry-mirrors" += ["${URL}"]' /etc/docker/daemon.json >temp && mv temp /etc/docker/daemon.json -f
  jq --arg web "${URL}" '."registry-mirrors" += [$web]' /etc/docker/daemon.json
  echo "vim /etc/docker/daemon.json   ${URL}"
fi
#防止登录过快导致harbor还没完全启动就登录
sleep 3
docker login -uadmin -p${PASSWD} ${URL}

    8.其他
    初始化后,harbor目录下会出现docker-compose.yml,使用docker compose down可以停止harbor

    结果

    展示版

    #!/bin/sh
read -p "请输入安装目录位置(默认为/app):"  HOMEDIR
HOMEDIR=${HOMEDIR:-"/app"}
echo "安装位置为${HOMEDIR}"

read -p "请输入安装包位置(默认搜索/root,没有自动拉取):"  TARDIR
TARDIR=${TARDIR:-/root}
echo "安装包位置为${TARDIR}"

read -p "请输入harbor域名(默认harbor.A.com):" URL
URL=${URL:-"harbor.A.com"}
echo "harbor域名为${URL}"

read -p "请输入harbor密码(默认密码为1):" PASSWD
PASSWD=${PASSWD:-'1'}
echo "harbor密码为${PASSWD}"

IP=$(ifconfig|awk '/ens/{getline; print $2;}')

ls ${HOMEDIR} &>/dev/null
if [ $? -eq 0 ]; then
  rm ${HOMEDIR}/* -rf
else
  mkdir ${HOMEDIR} -p
fi


#检查安装包目录是否有安装包,没有就下载
if [ -z `ls /root|grep harbor-offline-installer.*tgz` ]; then
    echo "注意下载时间较长"
    wget https://github.com/goharbor/harbor/releases/download/v2.12.1/harbor-offline-installer-v2.12.1.tgz || echo -e "无法下载harbor\n退出安装" && exit 1
fi
echo "正在解压"
tar xf harbor-offline-installer*.tgz -C ${HOMEDIR}


#域名解析
if [ -z `cat /etc/hosts|grep "${IP} ${URL}"` ]; then
  echo "${IP} ${URL}" >> /etc/hosts
fi

#修改配置文件
cd ${HOMEDIR}/harbor
cp harbor.yml.tmpl  harbor.yml
sed -i "s/^hostname.*/hostname: ${URL}/;s/^harbor_admin_password.*/harbor_admin_password: ${PASSWD}/;s#^  certificate.*#  certificate: ${HOMEDIR}/harbor/certs/server/${URL}.cert#;s#^  private_key.*#  private_key: ${HOMEDIR}/harbor/certs/server/${URL}.key#" harbor.yml  


#自签证书
echo "正在创建自签证书"
mkdir  -p  ${HOMEDIR}/harbor/certs/{ca,server,client}
cd  ${HOMEDIR}/harbor/certs
openssl genrsa -out ca/ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650  -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=${URL}"  -key ca/ca.key  -out ca/ca.crt
openssl genrsa -out server/${URL}.key 4096
openssl req -sha512 -new  -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=${URL}"     -key server/${URL}.key     -out server/${URL}.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=ym.com
DNS.2=ym.harbor.com
DNS.3=${URL}
EOF

openssl x509 -req -sha512 -days 3650     -extfile v3.ext     -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial     -in server/${URL}.csr     -out server/${URL}.crt
openssl x509 -inform PEM -in server/${URL}.crt -out server/${URL}.cert
cp server/${URL}.{cert,key} client/
cp ca/ca.crt client/
mkdir /etc/docker/certs.d/${URL}/ -p
ln -s /app/harbor/certs/server/${URL}.cert /etc/docker/certs.d/${URL}/${URL}.crt


#初始化安装
echo "正在安装"
cd  ${HOMEDIR}/harbor
./install.sh   --with-trivy
if [ -z `grep ${URL} /etc/docker/daemon.json` ]; then
  #无法以变量形式添加,需要手动添加
  #jq '."registry-mirrors" += ["${URL}"]' /etc/docker/daemon.json >temp && mv temp /etc/docker/daemon.json -f
  echo "vim /etc/docker/daemon.json   ${URL}"
fi
#防止登录过快导致harbor还没完全启动就登录
sleep 3
docker login -uadmin -p${PASSWD} ${URL}

    新发现:
    1.过滤出含指定内的后N行
    例如:过滤出ifconfig含ens33的后2行
    ifconfig|awk '/ens/ {print; getline; print; getline; print}'
    ifconfig|sed -n '/ens33/{N;N;p;}'

    2.工具jq
    很早之前就接触了jq,但是一直不明白修改json文件为什么要这么麻烦,现在明白了,非交互式修改json文件比较麻烦,更困难的式删除和添加,要考虑json格式的问题,jq就可以像加减法一样修改json

    本文著作权归作者 [ wymm ] 享有,未经作者书面授权,禁止转载,封面图片来源于 [ 互联网 ] ,本文仅供个人学习、研究和欣赏使用。如有异议,请联系博主及时处理。
    取消回复

    发表留言
    回复

    Copyright©2026  All Rights Reserved.  Load:0.018 s
    Theme by OneBlog V3.6.5
    夜间模式

    开源不易,请尊重作者版权,保留基本的版权信息。