使用 VMware Harbor 创建 Docker 镜像仓库
下载安装包
- 安装 Docker-Compose
# wget https://github.com/docker/compose/releases/download/1.12.0/docker-compose-Linux-x86_64 # mv docker-compose-Linux-x86_64 /usr/bin/docker-compose # chmod a+x /usr/bin/docker-compose
- 下载并解压 Harbor
# wget --continue https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-offline-installer-v1.1.2.tgz # tar -xzvf harbor-offline-installer-v1.1.2.tgz
- 导入离线安装包中的相关镜像
# cd harbor # docker load -i harbor.v1.1.2.tar.gz
创建证书
- 修改证书的默认配置
# vim /etc/pki/tls/openssl.cnf countryName_default = CN stateOrProvinceName_default = Fujian localityName_default = Fuzhou 0.organizationName_default = k8s organizationalUnitName_default = System
- 创建根证书
# cd /etc/pki/CA # openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
- 创建 harbor 证书签名请求
# openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor.key -out harbor.csr # touch index.txt # echo '01' > serial
- 信任镜像服务器 IP
# echo subjectAltName = IP:192.168.0.0 > extfile.cnf
- 颁发证书
# openssl ca -in harbor.csr -out harbor.crt -cert ca.crt -keyfile ca.key -extfile extfile.cnf -outdir . # mkdir /etc/harbor/ssl -p # cp harbor.crt harbor.key /etc/harbor/ssl
配置及启动
- 配置
# vim harbor.cfg hostname = 192.168.0.0 ui_url_protocol = https ssl_cert = /etc/harbor/ssl/harbor.crt ssl_cert_key = /etc/harbor/ssl/harbor.key verify_remote_cert = off (注:若使用第三方证书时,这里只需将 ssl_cert 和 ssl_cert_key 替换为第三方证书所在的路径即可)
- 启动
./install.sh
添加 Docker 信任
- 修改配置参数
# vim /usr/lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd --insecure-registry=192.168.0.0
- 重启 Docker
# systemctl daemon-reload # systemctl restart docker
登录镜像仓库
- 登录
# docker login -u admin 192.168.0.0
- 添加镜像
docker tag [original_image] [registry_address]/[repo_address]/[target_image]
- 推送镜像
docker push [image_name]
评论
发表评论