Harbor高版本(v2.3.1)部署

下载harbor离线包和docker-compose

wget https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
wget https://github.com/goharbor/harbor/releases/download/v2.3.1/harbor-offline-installer-v2.3.1.tgz

 

解压harbor，拷贝docker-compose到/usr/bin目录

tar -zxf harbor-offline-installer-v2.3.1.tgz
cp -r  docker-compose-Linux-x86_64  /usr/bin/docker-compose && chmod +x  /usr/bin/docker-compose

 

创建证书目录，生成ca.key和ca.crt

mkdir -p /opt/dockerhub && cd /opt/dockerhub
openssl genrsa -out ca.key 2048 
openssl req -x509 -new -nodes -key ca.key  -subj "/CN=dockerhub.ca.com" -days 5000 -out ca.crt

 

生成带 SAN 扩展的证书请求文件

openssl req -new -sha256 \
    -key ca.key \
    -subj "/C=CN/ST=Beijing/L=Beijing/O=UnitedStack/OU=Devops/CN=dockerhub.kubesphere.local" \
    -reqexts SAN \
    -config <(cat /etc/pki/tls/openssl.cnf \
        <(printf "[SAN]\nsubjectAltName=DNS:dockerhub.kubesphere.local,DNS:store.kubesphere.local")) \
    -out dockerhub.csr

 

查看证书请求文件的内容

openssl req -text -noout -in  dockerhub.csr

 

生成证书

openssl x509 -req -days 365000 \
    -in dockerhub.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
    -extfile <(printf "subjectAltName=DNS:dockerhub.kubesphere.local,DNS:store.kubesphere.local") \
    -out dockerhub.crt

 

查看证书内容

openssl x509 -text -noout -in dockerhub.crt

 

harbor配置文件配置证书路径

 

执行安装harbor

./install.sh

 

 

部署好的harbor进行证书替换

更新配置文件证书目录的证书文件

 

harbor的nginx映射的cert目录，更新其中的证书

cat docker-compose.yml 

 

重启harbor

docker-compose restart proxy
docker-compose down
./prepare
docker-compose up -d