Harbor的架构图(图片来自网洛)
- 在安装ubuntu的时候,可以同时选择安装docker,否则需要单独安装docker。
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get update
sudo apt-get install -y
apt-transport-https
ca-certificates
curl
gnupg-agent
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository
"deb [arch=amd64] https://download.docker.com/linux/ubuntu
$(lsb_release -cs)
stable"
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
sudo apt install -y python3-pip
sudo pip3 install docker-compose
2. 创建https 证书
sudo openssl genrsa -out ca.key 4096
sudo openssl req -x509 -new -nodes -sha512 -days 3650
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=registry.my-example.tech"
-key ca.key
-out ca.crt
sudo openssl genrsa -out registry.my-example.tech.key 4096
sudo openssl req -sha512 -new
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=registry.my-example.tech"
-key registry.my-example.tech.key
-out registry.my-example.tech.csr
sudo vi v3.ext
v3.ext
内容如下
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=registry.my-example.tech
DNS.2=my-example.tech
DNS.3=registry
创建https证书
sudo openssl x509 -req -sha512 -days 3650
-extfile v3.ext
-CA ca.crt -CAkey ca.key -CAcreateserial
-in registry.my-example.tech.csr
-out registry.my-example.tech.crt
sudo openssl x509 -inform PEM
-in registry.my-example.tech.crt
-out registry.my-example.tech.cert
3. 安装
curl -O https://github.com/goharbor/harbor/releases/download/v2.1.0/harbor-offline-installer-v2.1.0.tgz
tar xvf harbor-offline-installer-v2.1.0.tgz
cd ./harbor
sudo ./install.sh
- 基于harbor.yml.templete文件创建配置文件 harbor.yml,并放在harbor的目录下
log
$ sudo ./install.sh
[sudo] password for coder:
[Step 0]: checking if docker is installed ...
Note: docker version: 19.03.11
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.25.5
[Step 2]: loading Harbor images ...
70379f503788: Loading layer 34.5MB/34.5MB
...
...
...
...
...
bde4e186d586: Loading layer 53.87MB/53.87MB
b63404705663: Loading layer 2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.1.0
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /home/coder/harbor
no config file: /home/coder/harbor/harbor.yml
5. 初始化harbor
默认用户/密码是: admin/Harbor12345
创建一个系统用户 coder,创建一个项目 test,并添加项目的成员coder
6. 给客户端的docker添加https证书
以mac为例
- 创建https证书
keytool -printcert -sslserver registry.my-example.tech -rfc > registry.my-example.tech.crt
- 导入证书
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ./registry.my-example.tech.crt.crt
重新启动docker
- 在ubuntu上需要这样
创建或者拷贝ca.crt到 /etc/docker/certs.d/registry.my-example.tech/
目录下去
sudo mkdir -p /etc/docker/certs.d/registry.my-example.tech/
cd /etc/docker/certs.d/registry.my-example.tech/
sudo openssl s_client -showcerts -connect registry.my-example.tech:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > ca.crt
证书导入到系统
sudo cp /etc/docker/certs.d/registry.my-example.tech/ca.crt /usr/local/share/ca-certificates/registry.my-example.tech.crt
sudo update-ca-certificates
然后做一下测试
$ docker login registry.my-example.tech
Username: coder
Password:
Login Succeeded
$ docker pull busybox
...
...
$ docker tag busybox:latest registry.my-example.tech/test/busybox:latest
...
...
$ docker push registry.my-example.tech/test/busybox:latest
The push refers to repository [registry.my-example.tech/test/busybox]
be8b8b42328a: Pushed
latest: digest: sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002 size: 527
参考:
Install Docker Engine on Ubuntudocs.docker.com