2. harbor仓库部署及证书签发机器部署
1.安装docker
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
yum install docker-compose -y
#vim /etc/docker/daemon.json
{
"graph": "/data/docker",
"storage-driver": "overlay2",
"insecure-registries": ["registry.access.redhat.com","quay.io","harbor.od.com"],
"registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
"bip": "172.7.21.1/24",
"exec-opts": ["native.cgroupdriver=systemd"],
"live-restore": true
}
2.下载harbor压缩文件
cd /opt/src
wget http://file.zhidianjh.com/k8s/day1/10.4.7.200/harbor-offline-installer-v1.8.3.tgz
tar xf harbor-offline-installer-v1.8.3.tgz -C /opt/ && cd /opt
mv harbor harbor-v1.8.3
ln -s /opt/harbor-v1.8.3/ /opt/harbor
3.编辑harbor.yaml
vim /opt/harbor/harbor.yml
hostname: harbor.od.com
port: 180
harbor_admin_password:
data_volume: /data/harbor
location: /data/harbor/logs
4.安装
cd /opt/harbor/
./install.sh
5.配置nginx
yum install nginx -y
vim /etc/nginx/conf.d/harbor.od.com.conf
server {
listen 80;
server_name harbor.od.com;
client_max_body_size 1000m;
location / {
proxy_pass http://127.0.0.1:180;
}
}
6.配置hosts主机劫持,进行访问
配置签发证书
- 下载证书程序
wget http://file.zhidianjh.com/k8s/day1/10.4.7.200/cfssl /usr/bin/cfssl
wget http://file.zhidianjh.com/k8s/day1/10.4.7.200/cfssl -O /usr/bin/cfssl
wget http://file.zhidianjh.com/k8s/day1/10.4.7.200/cfssl-certinfo -O /usr/bin/cfssl-certinfo
wget http://file.zhidianjh.com/k8s/day1/10.4.7.200/cfssl-json -O /usr/bin/cfssl-json
2.授权
chmod +x /usr/bin/cfssl
/opt/certs/ca-csr.json
{
"CN": "OldboyEdu",
"hosts": [
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "beijing",
"L": "beijing",
"O": "od",
"OU": "ops"
}
],
"ca": {
"expiry": "175200h"
}
}
- 签发ca证书
certs]# cfssl gencert -initca ca-csr.json | cfssl-json -bare ca