0.下载
https://docs.rancher.cn/rancher2x/install-prepare/download/compose.html#v1-25-4
下载docker-compose harbor-online
cp v1.25.4-docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
chmod +x docker-compose
docker-compose --version
tar -xzvf harbor*
mkdir /data/harbor/cert
mkdir /data/harbor/data
1.创建 harbor nginx 服务器使用的 x509 证书
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64
mv cfssl_linux-amd64 /usr/local/bin/cfssl
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo
cd /data/harbor/cert/
cat > harbor-ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"harbor": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "87600h"
}
}
}
}
EOF
cat > harbor-ca-csr.json <<EOF
{
"CN": "harbor-ca",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "NanJing",
"L": "NanJing",
"O": "k8s",
"OU": "system"
}
],
"ca": {
"expiry": "87600h"
}
}
EOF
cfssl gencert -initca harbor-ca-csr.json | cfssljson -bare harbor-ca
ls harbor-ca*pem
cat > harbor-server-csr.json <<EOF
{
"CN": "harbor",
"hosts": [
"127.0.0.1",
"172.28.11.200"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "NanJing",
"L": "NanJing",
"O": "k8s",
"OU": "system"
}
]
}
EOF
cfssl gencert -ca=/data/harbor/cert/harbor-ca.pem \
-ca-key=/data/harbor/cert/harbor-ca-key.pem \
-config=/data/harbor/cert/harbor-ca-config.json \
-profile=harbor harbor-server-csr.json | cfssljson -bare harbor-server
ls harbor-server*pem
2.vim harbor.yml
hostname: 172.28.11.200
#http
#80
certificate: /data/harbor/cert/harbor-server.pem
private_key: /data/harbor/cert/harbor-server-key.pem
data_volume: /data/harbor/data
./prepare
cd /data/harbor
chmod -R 777 common
chmod 777 /var/run/docker.sock /data/harbor/data
./install.sh
docker-compose ps
3.docker命令拉取和上传镜像
docker login -u admin -p Harbor12345 172.28.11.200
mkdir -p /etc/docker/certs.d/172.28.11.200
cp harbor-ca.pem /etc/docker/certs.d/172.28.11.200/ca.crt
logout
docker tag busybox:latest 172.28.11.200/k8s/busybox:latest
dokcer push 172.28.11.200/k8s/busybox:latest