harbor私有仓库
下载安装harbor安装包
安装docker compose
curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
[root@lb01 ~]# chmod +x /usr/local/bin/docker-compose
[root@lb01 ~]# ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
[root@lb01 ~]# docker-compose --version
docker-compose version 1.24.0, build 0aa59064
harbor安装
https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
自签tls证书
https://github.com/goharbor/harbor
https://github.com/goharbor/harbor/blob/master/docs/configure_https.md#configuration-and-installation
[root@lb01 ~/harbor]# mkdir ssl
[root@lb01 ~/harbor]# cd ssl
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
生成这2个
-rw-r--r-- 1 root root 1952 Apr 11 10:57 ca.crt
-rw-r--r-- 1 root root 3272 Apr 11 10:57 ca.key
openssl req -newkey rsa:4096 -nodes -sha256 -keyout john.john.com.key -out john.john.com.csr
Country Name (2 letter code) [XX]:CN
Common Name (eg, your name or your server's hostname) []:john.john.com
生成这个2个
-rw-r--r-- 1 root root 1679 Apr 11 11:02 john.john.com.csr
-rw-r--r-- 1 root root 3272 Apr 11 11:02 john.john.com.key
向ca颁发
openssl x509 -req -days 365 -in john.john.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out john.john.com.crt
-rw-r--r-- 1 root root 1846 Apr 11 11:09 john.john.com.crt
-rw-r--r-- 1 root root 1846 Apr 11 11:09 john.john.com.crt
-rw-r--r-- 1 root root 3272 Apr 11 11:02 john.john.com.key
Docker守护程序将.crt文件解释为CA证书,将.cert文件解释为客户端证书。
将服务器转换john.john.com.crt为john.john.com.cert:
openssl x509 -inform PEM -in john.john.com.crt -out john.john.com.cert -rw-r--r-- 1 root root 1846 Apr 11 14:57 john.john.com.cert
复制key.crt.cert到服务端
[root@db01 ~]# mkdir -p /etc/docker/certs.d/john.john.com
scp john.john.com.cert john.john.com.crt john.john.com.key 10.0.0.51:/docker/certs.d/john.john.com
为Harbor生成配置文件:
[root@lb01 ~/harbor]#./prepare
启动
[root@lb01 ~/harbor]# ./install.sh
客户端登陆
[root@db01 ~]# docker login john.john.com
打标
docker tag tomcat-redis:v1 john.john.com/test/tomcat-redis:v1
推镜像
docker push john.john.com/test/tomcat-redis:v1
拉镜像
[root@db01 ~]# docker pull john.john.com/test/tomcat-redis:v1