首页 > 其他分享 >配置docker和containerd,使用ca证书访问harbor

配置docker和containerd,使用ca证书访问harbor

时间:2024-11-08 15:41:31浏览次数:4  
标签:harbor containerd ca python docker sha256 com

配置docker和containerd,使用ca证书访问harbor

目录

harbor链接汇总
harbor部署
harbor部署 https docker 登录
浏览器不支持https登录harbor
配置docker和containerd,使用ca证书访问harbor

docker配置ca证书访问harbor

  1. 获取ca证书,根据自己签名的harbor服务器上获取,下载拿到
  2. 添加到docker所在实例,放在目录/etc/ssl/certs//usrl/local/share/ca-certificates/
  3. 实例更新证书,执行命令update-ca-certificates(ubuntu)或update-ca-trust(redhat)
  4. 重启docker,systemctl restart docker,登录harbor,docker login python.harbor.com -uad
  5. 验证拉取镜像,docker pull python.harbor.com/k8s-a/ingress-nginx:v1.2.1

containerd配置ca证书访问harbor

  1. 获取ca证书,根据自己签名的harbor服务器上获取,下载拿到
  2. 添加到containerd所在实例,放在目录/etc/ssl/certs//usrl/local/share/ca-certificates/
  3. 实例更新证书,执行命令update-ca-certificates(ubuntu)或update-ca-trust(redhat)
  4. 修改contianerd对应配置文件/etc/containerd/config.toml,添加ca证书配置内容
  5. 重启containerd使用配置生效,systemctl restart cotnainerd
  6. 验证拉取镜像,ctr image pull python.harbor.com/k8s-a/ingress-nginx:v1.2.1 --user admin:12345

验证证书有效性

  1. openssl s_client -connect python.harbor.com:443 -CAfile /etc/ssl/certs/ca.crt

docker配置方法

  1. 略过

  2. #复制
    cp -pdr ca.crt /etc/ssl/certs/
    
  3. #信息证书
    update-ca-trust
    
  4. #重启docker
    systemctl restart docker
    #登录
    docker login python.harbor.com -uadmin -p12345
    WARNING! Using --password via the CLI is insecure. Use --password-stdin.
    WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credentials-store
    
    Login Succeeded
    
    
  5. #拉取镜像
    docker pull python.harbor.com/k8s-a/ingress-nginx:v1.2.1
    v1.2.1: Pulling from k8s-a/ingress-nginx
    8663204ce13b: Pull complete 
    897a18b2d257: Pull complete 
    3cb02f360cf3: Pull complete 
    2b63816a7692: Pull complete 
    d61ce16aa3b6: Pull complete 
    4391833fbf2c: Pull complete 
    bb397308bcd5: Pull complete 
    803395581751: Pull complete 
    153d402a7263: Pull complete 
    c815f058cf7b: Pull complete 
    a872540e4aca: Pull complete 
    4972574251d0: Pull complete 
    30197fe775a6: Pull complete 
    b059831ea274: Pull complete 
    Digest: sha256:0ad5d9fd4e60446dd85b8a4c4cf3440e31241b7c90ab140123a2f4102ee2d7e8
    Status: Downloaded newer image for python.harbor.com/k8s-a/ingress-nginx:v1.2.1
    python.harbor.com/k8s-a/ingress-nginx:v1.2.1
    

containerd配置方法

  1. #复制
    cp -pdr ca.crt /etc/ssl/certs/
    
  2. #信息证书
    update-ca-trust
    
  3. #修改contianerd对应配置文件
        [plugins."io.containerd.grpc.v1.cri".registry]
          #中间内容省略,以下是添加内容
          #指定cri镜像仓库的配置,指定了使用python.harbor.io的域名,替换为实际域名
          [plugins."io.containerd.grpc.v1.cri".registry.configs."python.harbor.com"]
          #指定使用python.harbor.com的域名的tls配置
          [plugins."io.containerd.grpc.v1.cri".registry.configs."python.harbor.com".tls]
          #指定ca证书路径
            ca_file = "/etc/ssl/certs/ca.crt"
          #避免证书验证错误
            insecure = true
    
  4. systemctl restart containerd.service
    
  5. ctr image pull python.harbor.com/k8s-a/ingress-nginx:v1.2.1 --user admin:12345
    python.harbor.com/k8s-a/ingress-nginx:v1.2.1:                                     resolved       |++++++++++++++++++++++++++++++++++++++| 
    manifest-sha256:0ad5d9fd4e60446dd85b8a4c4cf3440e31241b7c90ab140123a2f4102ee2d7e8: done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:b059831ea2745f6578cdc2ac758b8d21b8d65609042ff2670a18f69fd7a3a348:    done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:8663204ce13b2961da55026a2034abb9e5afaaccf6a9cfb44ad71406dcd07c7b:    done           |++++++++++++++++++++++++++++++++++++++| 
    config-sha256:f3afbfa1117b9eef6f2c9e2db06025c0c2a46a7fd10ff6f6173583850a55a7d5:   done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:897a18b2d2576d82166f3c65a64987eb88304a7a70fa2da6d28c4cd1fbdd6813:    done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:8033955817515da4a66d743cb568f64474ae8cc410c362668713dcebe8a080aa:    done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:a872540e4aca4d86fdfab737ffd20e2d973a9d8bc49256ee66cc883687f6c448:    done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:4972574251d0bc39f77f63a772c3657e5ba8708e96a3e16750cec7b4cf5be177:    done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:3cb02f360cf34064c6d8ba5c89b4b1ceca1c10f40d58c56e8d9e375da252e3c0:    done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:153d402a7263107d2d244ebdd7ef11cd0dc747f91d1465e070a033a6fcc90741:    done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:30197fe775a6846f2f9cb8aa7a602a1c7a486a412c4c3566ea97c937a8eafac8:    done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:2b63816a7692990821767908dad8a176224461a736582c64284d2c9d6f49e2bb:    done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:c815f058cf7bd2ff2f47ed9d7526bb2f8070354952a9e32b1b4289af3517df1b:    done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:d61ce16aa3b66511cc4cb2bad26b9a150ab080c4d42a49865ffc1c30e2304e76:    done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:4391833fbf2c065a232ebfed436c3daf79f70512222488aec415e682f053df21:    done           |++++++++++++++++++++++++++++++++++++++| 
    layer-sha256:bb397308bcd5d5b0c04aa763f3b3acb1a4a67250bc4d77ef6132db18385c06fa:    done           |++++++++++++++++++++++++++++++++++++++| 
    elapsed: 1.6 s                                                                    total:  102.2  (63.9 MiB/s)                                      
    unpacking linux/amd64 sha256:0ad5d9fd4e60446dd85b8a4c4cf3440e31241b7c90ab140123a2f4102ee2d7e8...
    done: 4.744578537s	
    

    验证证书有效性描述

    Verification: OK 表示验证了ca.crt的证书链

    verify return:1 表示证书验证成功

    openssl s_client -connect python.harbor.com:443 -CAfile /etc/ssl/certs/ca.crt
    
    CONNECTED(00000003)
    depth=1 C = CN, ST = Shanghai, L = Shanghai, O = SmartX, OU = Lab, CN = python.harbor.com
    verify return:1
    depth=0 C = CN, ST = Shanghai, L = Shanghai, O = SmartX, OU = Lab, CN = python.harbor.com
    verify return:1
    ---
    Certificate chain
     0 s:C = CN, ST = Shanghai, L = Shanghai, O = SmartX, OU = Lab, CN = python.harbor.com
       i:C = CN, ST = Shanghai, L = Shanghai, O = SmartX, OU = Lab, CN = python.harbor.com
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIF4DCCA8igAwIBAgIUCVuq5ExYqOi61Q2+C/l+vqJ+jgkwDQYJKoZIhvcNAQEN
    BQAwbjELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMREwDwYDVQQHDAhT
    aGFuZ2hhaTEPMA0GA1UECgwGU21hcnRYMQwwCgYDVQQLDANMYWIxGjAYBgNVBAMM
    EXB5dGhvbi5oYXJib3IuY29tMB4XDTI0MTEwNDA2MzQ0OVoXDTM0MTEwMjA2MzQ0
    OVowbjELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMREwDwYDVQQHDAhT
    aGFuZ2hhaTEPMA0GA1UECgwGU21hcnRYMQwwCgYDVQQLDANMYWIxGjAYBgNVBAMM
    EXB5dGhvbi5oYXJib3IuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
    AgEApxYGwb1rixCmRXm+cKQrRESzTq+/f5r6B71H23VPRzcEqQz8eDpuhQVRGZj3
    TLdNh6u110QkF87RSP9r9mrpZxmt23EbtnvFEO22Kw13ZzTLbCEJzuAMzxRr9uJs
    3i1FeEKryq3S7q/Eo71a0wFexgucDqJRHotlCa3OJULDEjWg6xzQC+dvCTNWexQU
    OqFj7UTiVyHQ6tU3bv31X1G5Ba2y97U1wjHjk6+gtnzoaDdAfQ31sIQMq1Cgcjg/
    dE5g8zoulzB5Wl2jmsdA0dwpsY2RF0E4glSDab2uAmNifhK+U1qSxbOyK4Zjm29l
    6o7fTXStHs6R/mL3jGgGUWJoIgQQajHSEVumC49vGiJbMGKmh7lXvlPryqxPy/OS
    kof+KSyqGZ8ptoDq/oZsI3/7oF24zbqhXczSALpxVjODBXGdDEJrfBkPbekZRJF/
    Qw4qOSvniwpydYEXFjADj9e+ytHfGAh/wQlPF6gYZ1xbHGONH24kmbXcp+GeqJlA
    M5YUEa5is3ltD6L4oKma5p+J254g/xS1q7nlbx29hlUk6pfB2WuFB/4PmKHNLVOF
    WlZEEuUAWmPp6OaqcSLSsXARrkmrQ2CNlI4nVhFJUGqv48gPUuo3KLAa8w6WyDeV
    HtnuQ8W13/0JmalkeE+PzsccXNgconEZzCYB2N6IeN7DGPECAwEAAaN2MHQwHwYD
    VR0jBBgwFoAUzrJR+LKQdl9311H5gzfZvyQSRhcwCQYDVR0TBAIwADALBgNVHQ8E
    BAMCBPAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwJAYDVR0RBB0wG4IRcHl0aG9uLmhh
    cmJvci5jb22CBmhhcmJvcjANBgkqhkiG9w0BAQ0FAAOCAgEARznmfU7SxHty91zE
    rdlea45yn2mBcNC8JENFDYuRKlJ6MR+A+rWy7qvgrIix4uVYA4YSy2HguebG3Sij
    0V7QjmufJ6rikFqqQ4Hxkn+x28h2jTlHvIRqwuChSYyeNqxVQMontW61v5mjr7oG
    E4JH8JiYBMig2xGziVgYJKlKafJNqoy6hifGIPqoce0aTGitLgT494XouCBGXXuD
    jeyfT/dq/TlZtzrXkUH8tctdtKuwDvFnqmGZMsLQKpTvKy7qDUZxntcNq5eJvlS2
    JQCzK/a3bZh2bm+P/761dfzK2fJTaHe9f02txY6faDUieD+UZat2hmQbHIUiVqpr
    niGjHOgu1YPhlYjXbDX3ytLx5O9QF3PWtpQJ3/TPy0pPedfyzfLePWQ7wbuvCv9F
    jt9SIon3iAWm92pJs0ilrk+frKhK3rg2DOqBYH8yK0ELGGqC9l0KT99YsmmwW7dy
    1ixU7E6DyKlbbLQ3diqbmXTgT6g0chR1fOM3PGdSBXbAII1x6La++QkDRad+/488
    sZhuzJSCdyzxCyukUsfAOEHWXpaOo2znOwG0W2XbGhQ933Wq0CuUrQdoSoZYf8uK
    bC0sBy5UvVaMUgGoVW3yJ3UOov42v363ruORo0S6U7VLT7YMxwKEMJfnOg5mt11S
    WTDUGUH5y4M5vuar5EMHoIGs45Q=
    -----END CERTIFICATE-----
    subject=C = CN, ST = Shanghai, L = Shanghai, O = SmartX, OU = Lab, CN = python.harbor.com
    
    issuer=C = CN, ST = Shanghai, L = Shanghai, O = SmartX, OU = Lab, CN = python.harbor.com
    
    ---
    No client certificate CA names sent
    Peer signing digest: SHA256
    Peer signature type: RSA-PSS
    Server Temp Key: X25519, 253 bits
    ---
    SSL handshake has read 2441 bytes and written 414 bytes
    Verification: OK
    ---
    New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 4096 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES256-GCM-SHA384
        Session-ID: 833C51D93109EDB1B9D8E9A2A8C5367C9AC8C45E872B3053A2805BA671817842
        Session-ID-ctx: 
        Master-Key: 7E11E48D49B3E3B94B0FEDC7CDAF46F2A9FE2B34834B5DB724E2C9AA76C1623525DD7E7C4DDC7B713DF727A5AAFBAEF4
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        TLS session ticket lifetime hint: 300 (seconds)
        TLS session ticket:
        0000 - 5e 9c eb 40 9c 16 3b 67-f8 21 e9 97 d6 02 54 7a   ^..@..;g.!....Tz
        0010 - c7 70 37 d2 e0 c0 70 bb-19 33 ed e9 c8 30 14 5a   .p7...p..3...0.Z
        0020 - 83 9a 13 61 9c d8 a9 09-ae 12 da 68 c3 50 31 e0   ...a.......h.P1.
        0030 - 71 82 b5 2a 92 8e 82 e7-2b 23 c3 35 cf d9 63 14   q..*....+#.5..c.
        0040 - b8 c1 35 5a 27 aa 6f 0c-19 5c ed f1 bf f2 b9 8a   ..5Z'.o..\......
        0050 - a4 3d fb 9d 95 2e f6 83-3e e6 9d 99 3b 51 13 8e   .=......>...;Q..
        0060 - 9b 03 c4 fc 1a d4 6b 6f-a2 b3 c1 e8 f4 e8 1b cf   ......ko........
        0070 - fa 0b 81 a7 96 f9 f2 2d-1b 91 02 ca 4c 34 0a ee   .......-....L4..
        0080 - 4f f5 29 dc 2b 4f 2f 00-3d 0e 71 1d 2e a1 b0 3c   O.).+O/.=.q....<
        0090 - 9e 2f 7f b2 d0 82 de cf-a7 8d f7 ba f6 f8 94 69   ./.............i
        00a0 - 91 d4 91 7e a3 ae 7b 29-bb 3f 1a 9e b6 d4 29 21   ...~..{).?....)!
        00b0 - e5 c9 61 5f 74 e3 7b c2-d0 fb 1d d0 8b 33 52 d7   ..a_t.{......3R.
        00c0 - e0 9b da 02 28 b8 18 ee-74 c6 0c 83 07 a0 81 d7   ....(...t.......
    
        Start Time: 1731051695
        Timeout   : 7200 (sec)
        Verify return code: 0 (ok)
        Extended master secret: yes
    ---
    
    

标签:harbor,containerd,ca,python,docker,sha256,com
From: https://www.cnblogs.com/anyux/p/18535227

相关文章

  • AbMole | MRTX1133(CAS号2621928-55-8;目录号M10593)
    MRTX1133是一种首创的(first-in-class),高度选择性的突变体KRASG12D的抑制剂,可逆地结合激活和失活的KRASG12D突变体并抑制其活性。MRTX1133对KRASG12D的特异性是野生型KRAS的1000倍以上。生物活性MRTX1133是一种有效的、高选择性的KRASG12D抑制剂。MRTX1133......
  • Cadence(Allegro)的PCB文件转PADS的PCB文件
    概述:Cadence(Allegro)的PCB文件后缀名为brd,PADS的PCB文件后缀名为pcb,将Cadence(Allegro)的PCB文件转PADS的PCB文件需要经过以下步骤:1、将Cadence(Allegro)的PCB文件由brd后缀转换为alg后缀;2、将Cadence(Allegro)的alg后缀PCB文件转为AltiumDesigner的PCB文件(后缀名为pcbdoc);3、将Alt......
  • Camera List Record - 120
    1.bronicaetrsi##特点120单反,645画幅有135后背,可拍宽幅使用感受酷强:配置全,素质高,质量好实拍2.rolleiflex3.5t特点双镜头反光,对比单反来说体积小,重量轻镜间快门震动小使用感受优雅,太优雅了画质未知实拍待冲洗......
  • 实战:看懂并分析执行计划——Index Scan (NonClustered)
    根据该执行计划截图中的信息,我们可以看到SQLServer在执行该查询时使用了IndexScan(NonClustered),这通常表示数据库未能利用索引进行精确查找,因此进行了较大的扫描操作。以下是对每行信息的解释和优化建议。IndexScan(NonClustered)解释PhysicalOperation:In......
  • 万字长文解读空间、通道注意力机制机制和超详细代码逐行分析(SE,CBAM,SGE,CA,ECA,TA)
    目录一、SE(Squeeze-and-excitation)注意力什么是SE注意力?SE注意力的步骤1.压缩(Squeeze)2.激励(Excitation)3.重标定(Scale/Reweight)结构代码二、CBAM(ConvolutionalBlockAttentionModule)什么是CBAM注意力?CBAM的组成部分1.通道注意力(ChannelAttention)2.空间注意力(S......
  • 【机器学习】机器学习中用到的高等数学知识-3.微积分 (Calculus)
    3.微积分(Calculus)导数和梯度:用于优化算法(如梯度下降)中计算损失函数的最小值。偏导数:在多变量函数中优化目标函数。链式法则:在反向传播算法中用于计算神经网络的梯度。导数和梯度:用于优化算法(如梯度下降)中计算损失函数的最小值。导数和梯度是微积分中非常重要的概念,尤其......
  • a-card后面接一个图标怎么写?
    在Vue.js中,你可以使用组件并通过插槽插入一个图标。这里以AntDesignVue框架为例,假设你想在卡片的标题前面添加一个图标:<template><a-card><templateslot="title"><a-icontype="smile"/>卡片标题</template><!--卡片内容--><p&......
  • localeStorage 当前标签页变化监听不到,只能监听不同标签页变化,自己写方法监听
     1.在utils中新建一个文件watchLocalStorage.tsexportdefaultfunctiondispatchEventStroage(){ constsignSetItem=localStorage.setItem localStorage.setItem=function(key,val){ letsetEvent=newEvent('setItemEvent') setEvent.key=key set......
  • 104_api_intro_education_exam-question-similarity
    考题相似度AI分析API数据接口基于AI的相似度评估,专有AI模型,包含评估详情。1.产品功能基于自有专业模型进行AI智能分析;提供详细的相似度评分和结果描述;高效的模型分析性能;全接口支持HTTPS(TLSv1.0/v1.1/v1.2/v1.3);全面兼容AppleATS;全国多节点CDN部......
  • Git推送报错Authentication failed
    问题背景在某一次的Git推送时,配置好commit信息之后,执行push操作的时候出现了这样的一个报错信息:$gitpushfatal:couldnotreadUsernamefor'https://gitee.com':terminalpromptsdisabledfatal:couldnotreadUsernamefor'https://gitee.com':terminalpromptsdi......