VMware Harbor实战

准备环境

Harbor 需要依赖docker，compose工具，需要提前安装好
# yum install docker-ce docker-compose wget -y
# systemctl start docker.service 
# systemctl enable docker.service 
# yum install python-pip -y 
# pip install --upgrade pip 

下载部署包上传证书

# wget https://github.com/goharbor/harbor/releases/download/v1.10.1/harbor-offline-installer-v1.10.1.tgz
# tar -zxf harbor-offline-installer-v1.10.1.tgz -C /opt/

# 创建证书目录，并赋予权限
# mkdir -p /data/cert && chmod -R 777 /data/cert && cd /data/cert

# 生成私钥，需要设置密码
# openssl genrsa -des3 -out harbor.key 2048

# 生成CA证书，需要输入密码
# openssl req -sha512 -new \
    -subj "/C=CN/ST=JS/L=WX/O=zwx/OU=ops/CN=hub.ops.com" \
    -key harbor.key \
    -out harbor.csr

# 备份证书
# cp harbor.key harbor.key.org

# 退掉私钥密码，以便docker访问（也可以参考官方进行双向认证）
# openssl rsa -in harbor.key.org -out harbor.key

# 使用证书进行签名
# openssl x509 -req -days 365 -in harbor.csr -signkey harbor.key -out harbor.crt
Signature ok
subject=/C=CN/ST=JS/L=WX/O=zwx/OU=ops/CN=hub.ops.com
Getting Private key

修改配置文件

# vim harbor.yml
hostname: hub.ops.com

# https related config
https:
  port: 443
  certificate: /data/cert/harbor.crt
  private_key: /data/cert/harbor.key

harbor_admin_password: password

# The default data volume
data_volume: /opt/harbor/data


# ldap 配置 没有LDAP可以不配置
auth_mode: ldap_auth
ldap_url: ldap://9.110.187.100
ldap_basedn: ou=users,dc=ops,dc=cluster
ldap_searchdn: cn=ldapadm,dc=ops,dc=cluster
ldap_search_pwd: password
ldap_uid: cn
ldap_scope: 3
ldap_timeout: 50

访问Harbor

https://www.uatops.com

配置docker镜像仓库

# cat /etc/docker/daemon.json
{ 
"insecure-registries": ["9.110.187.202"]
}