• Harbor—镜像仓库

    1、Harbor介绍
            Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常必要的。Harbor是由VMware公司开源的企业级的Docker Registry管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能。
            官网地址:https://github.com/goharbor/harbor

    2、Harbor镜像仓库部署
    2.1、环境准备
    harbor:192.168.4.5 2CPU、内存4G

    关闭防火墙、selinux

    2.2、自签发证书
    1)创建存放证书目录

    [root@harbor ~]# openssl version     # 检查是否安装了openssl
    [root@harbor ~]# mkdir /opt/harbor-ca-key
    [root@harbor ~]# cd /opt/harbor-ca-key/
    2)创建ca证书

    [root@harbor harbor-ca-key]# openssl genrsa -out ca.key 3072  # 生成3072位的ca.key的私钥
    [root@harbor harbor-ca-key]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem  # 生成一个数字证书 ca.pem,3650 表示证书的有效时间是 10 年,按箭头提示填写即可,没有箭头 标注的为空:
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [XX]:CN
    State or Province Name (full name) []:guangdong
    Locality Name (eg, city) [Default City]:guangzhou
    Organization Name (eg, company) [Default Company Ltd]:harbor
    Organizational Unit Name (eg, section) []:CA
    Common Name (eg, your name or your server's hostname) []:harbor64.cn
    Email Address []:jy@163.com
    3)生成域名的证书 

     
    [root@harbor harbor-ca-key]# openssl genrsa -out harbor.key 3072   # 生成一个 3072 位的 key,也就是私钥
     
    [root@harbor harbor-ca-key]# openssl req -new -key harbor.key -out harbor.csr  #生成一个证书请求,一会签发证书时需要的,标箭头的按提示填写,没有箭头标注的为空:
     
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [XX]:CN
    State or Province Name (full name) []:guangdong
    Locality Name (eg, city) [Default City]:guangzhou
    Organization Name (eg, company) [Default Company Ltd]:harbor
    Organizational Unit Name (eg, section) []:CA
    Common Name (eg, your name or your server's hostname) []:harbor64.cn
    Email Address []:jy@163.com
     
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:1234
    An optional company name []:harbor
    4)签发证书

    [root@harbor harbor-ca-key]# openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650
    Signature ok
    subject=/C=CN/ST=guangdong/L=guangzhou/O=harbor/OU=CA/CN=harbor64.cn/emailAddress=jy@163.com
    Getting CA Private Key
     
    [root@harbor harbor-ca-key]# openssl x509 -noout -text -in harbor.pem   # 查看证书是否有效
     
    Certificate:
        Data:
            Version: 1 (0x0)
            Serial Number:
                ed:66:8a:c0:ca:d3:2b:9e
        Signature Algorithm: sha256WithRSAEncryption
            Issuer: C=CN, ST=guangdong, L=guangzhou, O=harbor, OU=CA, CN=harbor64.cn/emailAddress=jy@163.com
            Validity
                Not Before: Jun  5 10:33:54 2022 GMT
                Not After : Jun  2 10:33:54 2032 GMT
            Subject: C=CN, ST=guangdong, L=guangzhou, O=harbor, OU=CA, CN=harbor64.cn/emailAddress=jy@163.com
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (3072 bit)
                    Modulus:
    …………………………………………………… # 显示以上内容证明有效
     
    [root@harbor harbor-ca-key]# ls
    ca.key  ca.pem  ca.srl  harbor.csr  harbor.key  harbor.pem

    2.3、安装 Harbor
    1)安装docker、docker-compose 

    [root@harbor ~]# yum -y install wget
     
    # 安装epel源,并将repo 配置中的地址替换为阿里云镜像站地址
    [root@harbor ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
    [root@harbor ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
    [root@harbor ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
     
    # 下载阿里云的yum源文件
    [root@harbor ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo
     
     
    # 配置docker源
    [root@harbor ~]# wget https://download.docker.com/linux/centos/docker-ce.repo -P /etc/yum.repos.d/
     
    [root@harbor ~]# yum clean all && yum makecache 
    [root@harbor ~]# yum install -y docker-ce docker-compose
    [root@harbor ~]# systemctl enable docker
    [root@harbor ~]# systemctl restart docker
    2)安装harbor

  • 相关阅读:
    Linux命令(94)之tail
    正则表达式基本使用
    C++ if 语句
    每个表空间数据文件数的限制
    Gartner 2023API管理市场指南重磅发布,得帆云iPaaS标杆入榜
    dvadmin-打包发布-nginx-静态服务器配置-防火墙设置
    上采样--学习笔记
    ElasticSearch全文搜索引擎
    (60)矩阵中的局部最大值
    Java项目:商品进销存管理系统(java+SpringBoot+VUE+Maven+Mybatis+Mysql)
  • 原文地址:https://blog.csdn.net/yz18931904/article/details/125882895