Harbor 配置https
停掉Harbor···docker-compose down -v···创建私人秘钥openssl genrsa -out ca.key 4096openssl req -x509 -new -nodes -sha512 -days 36500-subj "/CN=k8stest.mmcc.com"-key ca.key-out ca.crtopen...
·
停掉Harbor
···
docker-compose down -v
···
创建私人秘钥
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 36500 -subj "/CN=k8stest.mmcc.com" -key ca.key -out ca.crt
openssl genrsa -out k8stest.mmcc.com.key 4096
openssl req -sha512 -new -subj "/CN=k8stest.mmcc.com" -key k8stest.mmcc.com.key -out k8stest.mmcc.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=k8stest.mmcc.com
EOF
openssl x509 -req -sha512 -days 36500 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in k8stest.mmcc.com.csr -out k8stest.mmcc.com.crt
mkdir -p /data/cert/
scp k8stest.mmcc.com.crt /data/cert/
scp k8stest.mmcc.com.key /data/cert/
openssl x509 -inform PEM -in k8stest.mmcc.com.crt -out k8stest.mmcc.com.cert
mkdir -p /etc/docker/certs.d/k8stest.mmcc.com/
scp k8stest.mmcc.com.cert /etc/docker/certs.d/k8stest.mmcc.com/
scp k8stest.mmcc.com.key /etc/docker/certs.d/k8stest.mmcc.com/
scp ca.crt /etc/docker/certs.d/k8stest.mmcc.com/
修改/etc/docker/daemon.json文件添加"insecure-registries" : [“https://k8stest.mmcc.com”]
将秘钥 k8stest.mmcc.com.crt 拷贝到客户端
重启Docker
systemctl daemon-reload
systemctl restart docker
启动Harbor
./prepare
docker-compose up -d
更多推荐
已为社区贡献3条内容
所有评论(0)