harbor私有仓库部署

0.下载
https://docs.rancher.cn/rancher2x/install-prepare/download/compose.html#v1-25-4
下载docker-compose harbor-online
cp v1.25.4-docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
chmod +x docker-compose
docker-compose --version
tar -xzvf harbor*
mkdir /data/harbor/cert
mkdir /data/harbor/data
1.创建 harbor nginx 服务器使用的 x509 证书
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64
mv cfssl_linux-amd64 /usr/local/bin/cfssl
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo
cd /data/harbor/cert/

cat > harbor-ca-config.json <<EOF
{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "harbor": {
        "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ],
        "expiry": "87600h"
      }
    }
  }
}
EOF

cat > harbor-ca-csr.json <<EOF
{
  "CN": "harbor-ca",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "NanJing",
      "L": "NanJing",
      "O": "k8s",
      "OU": "system"
    }
  ],
  "ca": {
    "expiry": "87600h"
 }
}
EOF

cfssl gencert -initca harbor-ca-csr.json | cfssljson -bare harbor-ca
ls harbor-ca*pem

cat > harbor-server-csr.json <<EOF
{
  "CN": "harbor",
  "hosts": [
    "127.0.0.1",
    "172.28.11.200"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "NanJing",
      "L": "NanJing",
      "O": "k8s",
      "OU": "system"
    }
  ]
}
EOF

cfssl gencert -ca=/data/harbor/cert/harbor-ca.pem \
 -ca-key=/data/harbor/cert/harbor-ca-key.pem \
 -config=/data/harbor/cert/harbor-ca-config.json \
 -profile=harbor harbor-server-csr.json | cfssljson -bare harbor-server
ls harbor-server*pem

2.vim harbor.yml
hostname: 172.28.11.200
#http
#80
certificate: /data/harbor/cert/harbor-server.pem
private_key: /data/harbor/cert/harbor-server-key.pem
data_volume: /data/harbor/data
./prepare
cd /data/harbor
chmod -R 777 common
chmod 777 /var/run/docker.sock /data/harbor/data
./install.sh
docker-compose ps

3.docker命令拉取和上传镜像
docker login -u admin -p Harbor12345 172.28.11.200
mkdir -p /etc/docker/certs.d/172.28.11.200
cp harbor-ca.pem /etc/docker/certs.d/172.28.11.200/ca.crt
logout

docker tag busybox:latest 172.28.11.200/k8s/busybox:latest
dokcer push 172.28.11.200/k8s/busybox:latest
posted @ 2020-03-10 00:55  kylingx  阅读(267)  评论(0编辑  收藏  举报