美文网首页
Harbor

Harbor

作者: 钾肥尔德 | 来源:发表于2020-03-03 21:15 被阅读0次

离线安装包

wget https://github.com/goharbor/harbor/releases/download/v1.10.1/harbor-offline-installer-v1.10.1.tgz

SSL证书

  • CA私钥

openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Shanghai/L=Shanghai/O=harbor/OU=Personal/CN=harbor-test.com" \
 -key ca.key \
 -out ca.crt
# 若要通过FQDN连接harbor,就必须指定CN(Common Name)

  • Server证书

    • 私钥
    openssl genrsa -out harbor-test.com.key 4096
    • CSR
    openssl req -sha512 -new \
  -subj "/C=CN/ST=Shanghai/L=Shanghai/O=harbor/OU=Personal/CN=harbor-test.com" \
  -key harbor-test.com.key \
  -out harbor-test.com.csr
    • x509 v3 extension file
    cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
IP.1=192.168.1.78
DNS.1=harbor-test.com
DNS.2=harbor-test
DNS.3=harbor
EOF
    • crt file
    openssl x509 -req -sha512 -days 3650 \
  -extfile v3.ext \
  -CA ca.crt -CAkey ca.key -CAcreateserial \
  -in harbor-test.com.csr \
  -out harbor-test.com.crt
    • 复制证书到harbor的证书目录
    cp harbor-test.com.crt /data/cert/
cp harbor-test.com.key /data/cert/

  • Docker证书

    • 转换证书格式
    openssl x509 -inform PEM -in harbor-test.com.crt -out harbor-test.com.cert
# Docker守护进程(Docker daemon)使用crt文件作为CA证书,使用cert文件作为客户端证书
    • 复制证书到Docker配置目录
    cp harbor-test.com.cert /etc/docker/certs.d/harbor-test.com/
cp harbor-test.com.key /etc/docker/certs.d/harbor-test.com/
cp ca.crt /etc/docker/certs.d/harbor-test.com/
systemctl restart docker
    • 将ca.crt复制到client的/etc/docker/certs.d/harbor-test.com/目录下,然后systemctl restart docker
    • 192.168.1.78 harbor-test.com加入到客户端/etc/hosts

配置harbor

vim harbor.yml
  • 修改以下字段
hostname: harbor-test.com
certificate: /data/cert/harbor-test.com.crt
private_key: /data/cert/harbor-test.com.key
  • 配置&安装Harbor
./prepare
./install.sh
  • 停止Harbor
docker-compose down -v
  • 重启Harbor
docker-compose up -d

远程访问

  • Browser

https://192.168.1.78

  • Docker
docker login harbor-test.com
docker push harbor-test/[project-name]/[image-name]:[tag-name]
docker pull harbor-test/[project-name]/[image-name]:[tag-name]

Installation with Notary

  • To-Do

Installation with Clair

  • To-Do

Installation with Chart Repository Service

  • To-Do

https://github.com/goharbor/harbor/blob/master/docs/1.10/install-config/configure-yml-file.md

相关文章

网友评论

      本文标题:Harbor

      本文链接:https://www.haomeiwen.com/subject/xmcllhtx.html

      延伸阅读

      深度阅读

      • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

      栏目导航

      热点阅读

      关于我们|服务条款|联系我们|Harbor|投稿指南|网站地图|RSS订阅|排版工具|手机版

      提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

      Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

      备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

      本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

      所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!