1.harbor简介
- Harbor是一个开源的云本地注册表,用于存储、标识和扫描容器映像以寻找漏洞。
- Harbor通过交付信任、遵从性、性能和互操作性来解决共同的挑战。它填补了组织和应用程序无法使用公共或基于云的注册表,或希望跨云获得一致体验的空白。
Harbor可以安装在任何支持Docker的系统上
环境部署:
Harbor被部署为几个Docker容器,因此可以部署在任何支持Docker的Linux发行版上。目标主机需要安装Docker和Docker Compose。
1.安装docker
[root@server2 ~]# yum install -y docker-ce
[root@server2 ~]# systemctl start docker
[root@server2 ~]# systemctl enable docker
2.下载解压harbor的二进制文件包
[root@server2 ~]# tar vxf harbor-offline-installer-v1.8.0.tgz
[root@server2 ~]# cd harbor/
[root@server2 harbor]# docker load -i harbor.v1.8.0.tar.gz
3安装docker-compose
[root@server2 ~]# cd /usr/local/bin
[root@server2 bin]# ls
docker-compose-Linux-x86_64-1.24.1
[root@server2 bin]# mv docker-compose-Linux-x86_64-1.24.1 docker-compose
[root@server2 bin]# chmod +x /usr/local/bin/docker-compose
[root@server2 harbor]# docker-compose version
docker-compose version 1.24.1, build 4667896b
docker-py version: 3.7.3
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.1.0j 20 Nov 2018
不加密编辑文件harbor.yml(不加密):
[root@server2 harbor]# vim harbor.yml
5 hostname: 172.25.3.1
27 harbor_admin_password: 12345
[root@server2 harbor]# ./install.sh
访问的时候要求加密认证:
1.Getting Certificate Authority
root@server3 harbor]# openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
...........++
.......................++
e is 65537 (0x10001)
[root@server3 harbor]# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=westos.com" -key ca.key -out ca.crt
[root@server3 harbor]# openssl genrsa -out westos.com.key 4096
Generating RSA private key, 4096 bit long modulus
........++
........++
e is 65537 (0x10001)
[root@server3 harbor]# openssl req -sha512 -new -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=westos.com" -key westos.com.key -out westos.com.csr
[root@server3 harbor]# cat > v3.ext <<-EOF #编辑v3.ext文件
> authorityKeyIdentifier=keyid,issuer
> basicConstraints=CA:FALSE
> keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
> extendedKeyUsage = serverAuth
> subjectAltName = @alt_names
>
> [alt_names]
> DNS.1=westos.com
> DNS.2=yourdomain
> DNS.3=hostname
> EOF
[root@server3 harbor]# openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in westos.com.csr -out westos.com.crt
Signature ok
subject=/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=westos.com
Getting CA Private Key
[root@server3 harbor]# cp westos.com.crt /data/cert/
[root@server3 harbor]# cp westos.com.key /data/cert/
[root@server3 harbor]# openssl x509 -inform PEM -in westos.com.crt -out westos.com.cert
[root@server3 harbor]# mkdir -p /etc/docker/certs.d/westos.com[root@server3 harbor]
[root@server3 harbor]# cp westos.com.key /etc/docker/certs.d/westos.com/
[root@server3 harbor]# cp ca.crt /etc/docker/certs.d/westos.com/
编辑文件harbor.yml(加密):
[root@server3 harbor]# vim harbor.yml
#set hostname
hostname: westos.
http:
port: 80
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /data/cert/westos.com.crt
private_key: /data/cert/westos.com.key
[root@server3 harbor]# ./prepare ##重新加载文件
[root@server3 harbor]# docker-compose down -v ##重开启服务
[root@server3 harbor]# docker-compose up -d
[root@server3 harbor]# docker login westos.com
Username: admin
Password:
Login Succeeded
[root@server3 ~]# docker tag busybox:latest westos.com/images/busybox:v1 ##修改镜像
[root@server3 ~]# docker push westos.com/images/busybox #上传镜像
The push refers to repository [westos.com/images/busybox]
8a788232037e: Pushed
v1: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527