Harbor实现Https(4)

---

highlight: an-old-hope

theme: smartblue

Harbor实现Https

https://github.com/easzlab/kubeasz

部署Harbor

103harbor1

安装依赖包

apt update && apt install docker-compose lrzsz -y

脚本

vim docker-install.sh

#!/bin/bash
# step 1: 安装必要的一些系统工具
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
# step 2: 安装GPG证书
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# Step 4: 更新并安装Docker-CE
sudo apt-get -y update

# 安装指定版本的Docker-CE:
# Step 1: 查找Docker-CE的版本:
# apt-cache madison docker-ce

#安装docker
apt install docker-ce-cli=5:19.03.9~3-0~ubuntu-bionic docker-ce=5:19.03.9~3-0~ubuntu-bionic -y

执行脚本

bash docker-install.sh

上传软件包：harbor-offline-installer

cd /usr/local/src/
#解压
tar xvf harbor-offline-installer-v1.7.5.tgz
#软链接
ln -sv /usr/local/src/harbor /usr/local/

创建证书目录

mkdir /usr/local/src/harbor/certs

生成证书

openssl genrsa -out /usr/local/src/harbor/certs/harbor-ca.key 2048

签发自签名证书

#CN=harbor.123.com要和harbor.cfg中的hostname一致
openssl req -x509 -new -nodes -key /usr/local/src/harbor/certs/harbor-ca.key -subj "/CN=harbor.123.com" -days 7120 -out /usr/local/src/harbor/certs/harbor-ca.crt

查看私钥

ll /usr/local/src/harbor/certs/
total 16
drwxr-xr-x 2 root root 4096 Mar  5 13:40 ./
drwxr-xr-x 4 root root 4096 Mar  5 13:33 ../
-rw-r--r-- 1 root root 1090 Mar  5 13:40 harbor-ca.crt
-rw------- 1 root root 1675 Mar  5 13:34 harbor-ca.key

修改配置文件

cd /usr/local/src/harbor/
#修改配置文件
vim harbor.cfg
...
#域名(名字随便起)
hostname = harbor.123.com
#访问协议
ui_url_protocol = https
#证书位置公钥
ssl_cert = /usr/local/src/harbor/certs/harbor-ca.crt
#证书位置私钥
ssl_cert_key = /usr/local/src/harbor/certs/harbor-ca.key
#登录密码
harbor_admin_password = 123456

安装

./install.sh

浏览器测试

部署Master

101Mster1

脚本

cat docker-install.sh
#!/bin/bash
# step 1: 安装必要的一些系统工具
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
# step 2: 安装GPG证书
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# Step 4: 更新并安装Docker-CE
sudo apt-get -y update
apt install docker-ce-cli=5:19.03.9~3-0~ubuntu-bionic docker-ce=5:19.03.9~3-0~ubuntu-bionic -y

执行脚本

bash docker-install.sh

添加中科大的镜像源

cat /etc/docker/daemon.json
{
  "registry-mirrors": ["https://ustc-edu-cn.mirror.aliyuncs.com"]
}

重启docker

systemctl daemon-reload && systemctl restart docker

下载镜像、进行测试

docker pull alpine

修改TAG号

# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
alpine              latest              b2aa39c304c2        3 weeks ago         7.05MB

# docker tag b2aa39c304c2 harbor.123.com/linux01/alpine:v1

添加本地解析

vim /etc/hosts
...
192.168.37.103 harbor.123.com

创建证书目录

mkdir /etc/docker/certs.d/harbor.123.com -p

103harbor1

拷贝公钥

cd /usr/local/src/harbor/certs/
scp harbor-ca.crt 192.168.37.101:/etc/docker/certs.d/harbor.123.com/

101Master1

重启Docker服务

systemctl restart docker
systemctl enable docker

做认证[如遇到问题点此、搜关键字]

#账号：admin 密码：123456
docker login harbor.123.com

创建仓库

上传

docker push harbor.123.com/linux01/alpine:v1

查看是否上传成功

成功