实现Harbor https认证

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了实现Harbor https认证相关的知识,希望对你有一定的参考价值。

简介:

实现harbor的https,用于数据加密传输,官方文档:https://github.com/vmware/harbor/blob/master/docs/configure_https.md

部署架构:

用两台服务器,一台harbor服务器,一台业务服务器作为harbor的测试机

部署过程

在服务器自制证书

制作CA私钥和自签名CA证书

[[email protected] ~]#mkdir mkdir -pv  /usr/local/src/harbor/certs/
[[email protected] ~]#cd mkdir -pv  /usr/local/src/harbor/certs/
[[email protected] certs]#openssl genrsa -out /usr/local/src/harbor/certs/harbor-ca.key
[[email protected] cetrs]# openssl req -x509 -new -nodes -key /usr/local/src/harbor/certs/harbor-ca.key  -subj "/CN=harbor.linux.com" -days 7120 -out /usr/local/src/harbor/certs/harbor-ca.crt

查看证书文件

[[email protected] certs]#ll
总用量 8
-rw-r--r-- 1 root root 1107 7月  11 08:43 harbor-ca.crt
-rw-r--r-- 1 root root 1679 7月  11 08:42 harbor-ca.key

编辑harbor配置文件,添加证书

[[email protected] ~]#vim /usr/local/src/harbor/harbor.cfg 
21:customize_crt = on
24:ssl_cert =  /usr/local/src/harbor/certs/harbor-ca.crt
25:ssl_cert_key = /usr/local/src/harbor/certs/harbor-ca.key 
28:secretkey_path = /usr/local/src/harbor/certs/

创建目录

[[email protected] ~]#mkdir -pv /etc/docker/certs.d/harbor.linux.com/
[[email protected] ~]#cp /usr/local/src/harbor/certs/harbor-ca.crt /etc/docker/certs.d/harbor.linux.com/

启动harbor

[[email protected] harbor]#pwd
/usr/local/src/harbor
[[email protected] harbor]#docker-compose start
Starting log         ... done
Starting registry    ... done
Starting registryctl ... done
Starting postgresql  ... done
Starting adminserver ... done
Starting core        ... done
Starting portal      ... done
Starting redis       ... done
Starting jobservice  ... done
Starting proxy       ... done

配置harbor测试机

[[email protected] ~]#mkdir -pv /etc/docker/certs.d/harbor.linux.com/
[[email protected] ~]#scp 192.168.8.134:/usr/local/src/harbor/certs/harbor-ca.crt /etc/docker/certs.d/harbor.linux.com/

上传测试

[[email protected] ~]#docker tag alpine:latest harbor.linux.com/kubernetes/alpine
[[email protected] ~]#docker push harbor.linux.com/kubernetes/alpine

以上是关于实现Harbor https认证的主要内容,如果未能解决你的问题,请参考以下文章

Docker 私有仓库 Harbor registry 安全认证搭建 [Https]

搭建harbor仓库LDAP认证

SpringFeign客户端发送HTTPS请求绕过认证

Harbor认证:K8S无法正常拉取harbor镜像

自建带有认证功能的Docker Harbor

K8s集群中设置harbor仓库认证