docker 私有倉庫harbor部署
阿新 • • 發佈:2021-12-30
1.生成https證書(如果已有則跳過)
1、生成CA證書私鑰 mkdir /opt/cert cd /opt/cert openssl genrsa -out ca.key 4096 2、生成CA證書 openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=CN/ST=ShangHai/L=ShangHai/O=Oldboy/OU=Linux/CN=192.168.15.101" \ -key ca.key \ -out ca.crt 3、生成伺服器證書 openssl genrsa -out 192.168.15.101.key 4096 4、生成證書籤名請求 openssl req -sha512 -new \ -subj "/C=CN/ST=ShangHai/L=ShangHai/O=Oldboy/OU=Linux/CN=192.168.15.101" \ -key 192.168.15.101.key \ -out 192.168.15.101.csr 5、生成一個x509 v3擴充套件檔案 # 域名版 cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage= serverAuth subjectAltName = @alt_names [alt_names] DNS.1=yourdomain.com DNS.2=yourdomain DNS.3=hostname EOF # IP版 cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage= serverAuth subjectAltName = IP:192.168.15.101 EOF 6、使用該v3.ext檔案生成證書 openssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in 192.168.15.101.csr \ -out 192.168.15.101.crt 7、提供證書給Harbor和Docker openssl x509 -inform PEM -in 192.168.15.101.crt -out 192.168.15.101.cert mkdir -pv /etc/docker/certs.d/192.168.15.101/ cp 192.168.15.101.cert /etc/docker/certs.d/192.168.15.101/ cp 192.168.15.101.key /etc/docker/certs.d/192.168.15.101/ cp ca.crt /etc/docker/certs.d/192.168.15.101/ # 如果nginx埠預設部署443和80 /etc/docker/certs.d/192.168.15.101:port /etc/docker/certs.d/192.168.15.101:port # 複製Harbor證書 mkdir -p /data/cert cp 192.168.15.101.crt /data/cert cp 192.168.15.101.key /data/cert cd /data/cert 8、證書受信 在/etc/docker/daemon.json 中新增如下內容 { "insecure-registries": ["192.168.15.101"] } 9、docker載入證書 systemctl restart docker
2.安裝harbor
1、安裝harbor [root@localhost ~]# tar -xf harbor-offline-installer-v2.3.3.tgz -C /usr/local/ 2、修改harbor的配置檔案
cp /usr/local/harbor/harbor.yml.tmpl /usr/local/harbor/harbor.yml
vi
/usr/local/harbor/harbor.yml
hostname: 192.168.15.101
https:
certificate: /data/cert/192.168.15.101.crt
private_key: /data/cert/192.168.15.101.key
3、安裝啟動 ./install.sh
3.其他的docekr免密
mkdir -pv /etc/docker/certs.d/192.168.15.101/ scp 192.168.15.101.cert root@192.168.15.100:/etc/docker/certs.d/192.168.15.101/ scp 192.168.15.101.key root@192.168.15.100:/etc/docker/certs.d/192.168.15.101/ scp ca.crt root@192.168.15.100:/etc/docker/certs.d/192.168.15.101/ # 證書受信 在/etc/docker/daemon.json 中新增如下內容 { "insecure-registries": ["192.168.15.101"] } systemctl restart docker