簡介:
實現harbor的https,用於數據加密傳輸,官方文檔:https://github.com/vmware/harbor/blob/master/docs/configure_https.md
部署架構:
用兩臺服務器,一臺harbor服務器,一臺業務服務器作爲harbor的測試機
部署過程
在服務器自制證書
製作CA私鑰和自簽名CA證書
[root@node1 ~]#mkdir mkdir -pv /usr/local/src/harbor/certs/
[root@node1 ~]#cd mkdir -pv /usr/local/src/harbor/certs/
[root@node1 certs]#openssl genrsa -out /usr/local/src/harbor/certs/harbor-ca.key
[root@node1 cetrs]# openssl req -x509 -new -nodes -key /usr/local/src/harbor/certs/harbor-ca.key -subj "/CN=harbor.linux.com" -days 7120 -out /usr/local/src/harbor/certs/harbor-ca.crt
查看證書文件
[root@node1 certs]#ll
總用量 8
-rw-r--r-- 1 root root 1107 7月 11 08:43 harbor-ca.crt
-rw-r--r-- 1 root root 1679 7月 11 08:42 harbor-ca.key
編輯harbor配置文件,添加證書
[root@node1 ~]#vim /usr/local/src/harbor/harbor.cfg
21:customize_crt = on
24:ssl_cert = /usr/local/src/harbor/certs/harbor-ca.crt
25:ssl_cert_key = /usr/local/src/harbor/certs/harbor-ca.key
28:secretkey_path = /usr/local/src/harbor/certs/
創建目錄
[root@node1 ~]#mkdir -pv /etc/docker/certs.d/harbor.linux.com/
[root@node1 ~]#cp /usr/local/src/harbor/certs/harbor-ca.crt /etc/docker/certs.d/harbor.linux.com/
啓動harbor
[root@node1 harbor]#pwd
/usr/local/src/harbor
[root@node1 harbor]#docker-compose start
Starting log ... done
Starting registry ... done
Starting registryctl ... done
Starting postgresql ... done
Starting adminserver ... done
Starting core ... done
Starting portal ... done
Starting redis ... done
Starting jobservice ... done
Starting proxy ... done
配置harbor測試機
[root@node2 ~]#mkdir -pv /etc/docker/certs.d/harbor.linux.com/
[root@node2 ~]#scp 192.168.8.134:/usr/local/src/harbor/certs/harbor-ca.crt /etc/docker/certs.d/harbor.linux.com/
上傳測試
[root@node2 ~]#docker tag alpine:latest harbor.linux.com/kubernetes/alpine
[root@node2 ~]#docker push harbor.linux.com/kubernetes/alpine