仓库

harbor私有仓库

下载安装harbor安装包

http://harbor.orientsoft.cn/

安装docker compose

curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

[root@lb01 ~]# chmod +x /usr/local/bin/docker-compose

[root@lb01 ~]# ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

[root@lb01 ~]# docker-compose --version

docker-compose version 1.24.0, build 0aa59064

 

harbor安装

https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

自签tls证书

https://github.com/goharbor/harbor

https://github.com/goharbor/harbor/blob/master/docs/configure_https.md#configuration-and-installation

[root@lb01 ~/harbor]# mkdir ssl

[root@lb01 ~/harbor]# cd ssl

openssl req 

    -newkey rsa:4096 -nodes -sha256 -keyout ca.key 

    -x509 -days 365 -out ca.crt

    生成这2个

-rw-r--r-- 1 root root 1952 Apr 11 10:57 ca.crt

-rw-r--r-- 1 root root 3272 Apr 11 10:57 ca.key

    

openssl req -newkey rsa:4096 -nodes -sha256 -keyout john.john.com.key -out john.john.com.csr

　　Country Name (2 letter code) [XX]:CN

　　Common Name (eg, your name or your server's hostname) []:john.john.com

生成这个2个

-rw-r--r-- 1 root root 1679 Apr 11 11:02 john.john.com.csr

-rw-r--r-- 1 root root 3272 Apr 11 11:02 john.john.com.key

向ca颁发

openssl x509 -req -days 365 -in john.john.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out john.john.com.crt

 

-rw-r--r-- 1 root root 1846 Apr 11 11:09 john.john.com.crt

-rw-r--r-- 1 root root 1846 Apr 11 11:09 john.john.com.crt

-rw-r--r-- 1 root root 3272 Apr 11 11:02 john.john.com.key

Docker守护程序将.crt文件解释为CA证书，将.cert文件解释为客户端证书。

将服务器转换john.john.com.crt为john.john.com.cert：

openssl x509 -inform PEM -in john.john.com.crt -out john.john.com.cert

-rw-r--r-- 1 root root 1846 Apr 11 14:57 john.john.com.cert

复制key.crt.cert到服务端

[root@db01 ~]# mkdir -p /etc/docker/certs.d/john.john.com

scp john.john.com.cert john.john.com.crt john.john.com.key 10.0.0.51:/docker/certs.d/john.john.com

为Harbor生成配置文件：

[root@lb01 ~/harbor]#./prepare

启动

[root@lb01 ~/harbor]# ./install.sh

 

 

客户端登陆

[root@db01 ~]# docker login john.john.com

打标

docker tag tomcat-redis:v1 john.john.com/test/tomcat-redis:v1

推镜像

docker push john.john.com/test/tomcat-redis:v1
 

拉镜像

[root@db01 ~]# docker pull john.john.com/test/tomcat-redis:v1