Harbor 配置https

停掉Harbor

···

docker-compose down -v

···

建立私人秘鑰

openssl genrsa -out ca.key 4096

openssl req -x509 -new -nodes -sha512 -days 36500     -subj "/CN=k8stest.mmcc.com"     -key ca.key     -out ca.crt

openssl genrsa -out k8stest.mmcc.com.key 4096

openssl req -sha512 -new     -subj "/CN=k8stest.mmcc.com"     -key k8stest.mmcc.com.key     -out k8stest.mmcc.com.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth 
subjectAltName = @alt_names

[alt_names]
DNS.1=k8stest.mmcc.com
EOF

openssl x509 -req -sha512 -days 36500     -extfile v3.ext     -CA ca.crt -CAkey ca.key -CAcreateserial     -in k8stest.mmcc.com.csr     -out k8stest.mmcc.com.crt
mkdir -p /data/cert/
scp k8stest.mmcc.com.crt /data/cert/
scp k8stest.mmcc.com.key /data/cert/
openssl x509 -inform PEM -in k8stest.mmcc.com.crt -out k8stest.mmcc.com.cert

mkdir -p /etc/docker/certs.d/k8stest.mmcc.com/

scp k8stest.mmcc.com.cert /etc/docker/certs.d/k8stest.mmcc.com/
scp k8stest.mmcc.com.key /etc/docker/certs.d/k8stest.mmcc.com/
scp ca.crt /etc/docker/certs.d/k8stest.mmcc.com/

           

修改/etc/docker/daemon.json檔案添加"insecure-registries" : [“https://k8stest.mmcc.com”]

将秘鑰 k8stest.mmcc.com.crt 拷貝到用戶端

重新開機Docker

systemctl daemon-reload

systemctl restart docker
           

啟動Harbor

./prepare

docker-compose up -d