Harbor私有镜像仓库-

第一步：下载镜像包

https://github.com/goharbor/harbor/releases

上传至服务器，并解压：

tar zxvf harbor-offline-installer-v1.10.0-rc2.tgz

cd harbor && mkdir ssl && cd ssl

生成根证书和认证key：

openssl genrsa -out ca.key 4096

========================================================

openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=CN/ST=Shenzhen/L=Shenzhen/O=ABC/OU=ABC/CN= registry.abc.com " \ -key ca.key \ -out ca.crt

========================================================

openssl genrsa -out registry.abc.com.key 4096

========================================================

openssl req -sha512 -new \ -subj "/C=CN/ST=Shenzhen/L=Shenzhen/O=abc/OU=abc/CN= registry.abc.com " \ -key registry.abc.com.key \ -out registry.abc.com.csr

========================================================

cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names

[alt_names]

DNS.1=registry.abc.com DNS.2=k8s-master EOF

========================================================

openssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in registry.abc.com.csr \ -out registry.abc.com.crt

========================================================

修改配置文件参数：

vi harbor.yml

harbor_admin_password: 123456 (配置门户登录密码)

certificate: /root/harbor/ssl/registry.abc.com.crt （指定自定义签名证书路径）
private_key: /root/harbor/ssl/registry.abc.com.key （指定自定义证书key路径）

执行准备： ./prepare

开始安装：./install.sh

创建网站对应目录，并拷贝证书到 /etc/docker/certs.d/registry.abc.com 目录下

mkdir -p /etc/docker/certs.d/registry.abc.com

cp /root/harbor/ssl/* /etc/docker/certs.d/registry.abc.com/.

测试登录：

docker login registry.abc.com