安裝harbor

前置作業
1.移除舊版的docker 並且安裝新版的docker-ce
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce
systemctl start docker
systemctl enable docker

2.安裝

curl -L "https://github.com/docker/compose/releases/download/v2.11.1/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose

chmod +x /usr/local/bin/docker-compose

ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

docker-compose --version

1.建立一個CA憑證
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=TW/ST=Taiwan/L=Taipei/O=abow Inc./OU=IT/CN=abowspy.tw" \
 -key ca.key -out ca.crt

2.
openssl genrsa -out harbor.abowspy.tw.key 4096
openssl req -sha512 -new \
 -subj "/C=TW/ST=Taiwan/L=Taipei/O=abow Inc./OU=IT/CN=harbor.abowspy.tw" \
 -key harbor.abowspy.tw.key -out harbor.abowspy.tw.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=harbor.abowspy.tw
DNS.2=192.168.1.205
EOF

openssl x509 -req -sha512 -days 3650 -extfile v3.ext \
 -CA ca.crt -CAkey ca.key -CAcreateserial \
 -in harbor.abowspy.tw.csr -out harbor.abowspy.tw.crt

3.拷貝到某資料夾
mkdir -p /data/cert/
cp harbor.abowspy.tw.crt /data/cert/
cp harbor.abowspy.tw.key /data/cert/

4.轉換.crt變成.cert，因為docker服務預設會把.crt當作是CA憑證，.cert會當作server用憑證
openssl x509 -inform PEM -in harbor.abowspy.tw.crt -out harbor.abowspy.tw.cert
mkdir -p /etc/docker/certs.d/harbor.abowspy.tw/
cp harbor.abowspy.tw.cert /etc/docker/certs.d/harbor.abowspy.tw/
cp harbor.abowspy.tw.key /etc/docker/certs.d/harbor.abowspy.tw/
cp ca.crt /etc/docker/certs.d/harbor.abowspy.tw/

## 如果有Let's Encrypt的憑證

也可以這樣

# cp cert1.pem harbor.abow.online.crt

# cp chain1.pem ca.crt

# cp privkey1.pem harbor.abow.online.key

# openssl x509 -inform PEM -in harbor.abow.online.crt -out harbor.abow.online.cert

# cp harbor.abow.online.cert /etc/docker/certs.d/harbor.abow.online/

# cp harbor.abow.online.key /etc/docker/certs.d/harbor.abow.online/

# cp ca.crt /etc/docker/certs.d/harbor.abow.online/

4.取得安裝包並解壓縮
wget https://github.com/goharbor/harbor/releases/download/v2.6.0/harbor-offline-installer-v2.6.0.tgz
tar xvf harbor-offline-installer-v2.6.0.tgz


5.設定harbor安裝檔
cd harbor
vi harbor.yml
hostname: harbor.abowspy.tw
https:
  port: 443
  certificate: /data/cert/harbor.abowspy.tw.crt
  private_key: /data/cert/harbor.abowspy.tw.key

## 設定檔也能cp harbor.yml.tmpl harbor.yml
再去修改內容。

6.開始安裝

./prepare
./install.sh

補充：./prepare --with-trivy --with-chartmuseum

7.可以用以下指令確認是否安裝完成
docker ps
ss -ntlp

admin

Harbor12345