添加仓库
helm repo add harbor https://helm.goharbor.io
helm repo update
创建命名空间
kubectl create namespace harbor-system
拉取 helm 包
helm pull harbor/harbor --version 1.7.2 --untar
创建证书
kubectl create secret tls harbor.jansora.app --cert=harbor.jansora.app.crt --key=harbor.jansora.app.key -n harbor-system
调整 helm 下载的的 values.yaml
附录
自签名证书生成 (harbor.jansora.app)
# 创建自签名根证书
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.jansora.app" -key ca.key -out ca.crt
# 产生证书签名请求
openssl genrsa -out harbor.jansora.app.key 4096
openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.jansora.app" -key harbor.jansora.app.key -out harbor.jansora.app.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.jansora.app
DNS.2=harbor
DNS.3=harbor.jansora.app
EOF
openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.jansora.app.csr -out harbor.jansora.app.crt
openssl x509 -inform PEM -in harbor.jansora.app.crt -out harbor.jansora.app.cert
证书生成可能遇到的问题
# 如有以下报错:
Can't load /root/.rnd into RNG
140496635077056:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
# 解决方法
cd /root
openssl rand -writerand .rnd
-----------------------------------
©著作权归作者所有:来自51CTO博客作者品鉴初心的原创作品,请联系作者获取转载授权,否则将追究法律责任
使用docker-compose部署最新版Harbor v2.3.2
https://blog.51cto.com/wutengfei/3741676