Harbor Intro

发表于 阅读次数: 本文字数: 2.7k 阅读时长 ≈ 2 分钟

Harbor

Kubernetes 值得信赖的云原生镜像存储库(Image Registry)

Prerequisties

  • Domain mapped to A record to get letsencrypt certificate
  • Internet connection to the server.
  • Latest version of docker and docker-compose installed.

Configuration

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# update package repository
$ sudo apt update

# install the certificate
$ sudo apt install certbot -y

# generate a sertificate (Using domain name and email)
❯ sudo certbot certonly --standalone -d "harbor.chyidl.com" --preferred-challenges http --agree-tos -n -m "xxx@gmail.com" --keep-until-expiring
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for harbor.xx.com
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
 -    /etc/letsencrypt/live/harbor.xx.com/fullchain.pem
 -    Your key file has been saved at:
 -    /etc/letsencrypt/live/harbor.xx.com/privkey.pem
 -    Your cert will expire on 2022-01-15. To obtain a new or tweaked
 -    version of this certificate in the future, simply run certbot
 -    again. To non-interactively renew *all* of your certificates, run
 -    "certbot renew"
 -    - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
      Donating to EFF:                    https://eff.org/donate-le

# certificate are generated in /etc/letsencrypt/live/harbor.xxx.com/
root in unreal-pod-1 in ~/Downloads took 8s
❯ cd /etc/letsencrypt/live/harbor.xx.com/

root in unreal-pod-1 in letsencrypt/live/harbor.xx.com
❯ ll
total 4.0K
lrwxrwxrwx 1 root root  41 Oct 18 00:31 cert.pem -> ../../archive/harbor.xx.com/cert1.pem
lrwxrwxrwx 1 root root  42 Oct 18 00:31 chain.pem -> ../../archive/harbor.xx.com/chain1.pem
lrwxrwxrwx 1 root root  46 Oct 18 00:31 fullchain.pem -> ../../archive/harbor.xx.com/fullchain1.pem
lrwxrwxrwx 1 root root  44 Oct 18 00:31 privkey.pem -> ../../archive/harbor.xx.com/privkey1.pem
-rw-r--r-- 1 root root 692 Oct 18 00:31 README

# download the harbor package
$ curl -s https://api.github.com/repos/goharbor/harbor/releases/latest | grep browser_download_url | cut -d '"' -f 4 | grep '\.tgz$' | wget -i -

# Extract the harbor
$ tar xvf harbor-offline-installer-v2.3.3.tgz
$ cd harbor

# copy example of configuration
$ cp harbor.yml.tmpl harbor.yml

# open harbor.yaml
$ vim harbor.yaml
  hostname:
  http.port:
  https.port
    certificate:
    private_key:
  harbor_admin_password:
  database.password:
  database.max_idle_conns:
  database.max_open_conns:
  data_volume:

# notary helps to digitally sign images using keys that verify content and publish them securely
$ sudo ./install.sh --with-notary --with-chartmuseum

# Harbor web access
> https://harbor.xxx.com (modify /etc/hosts add records)

> login  harbor.xxx.com
$ docker login -u admin_zcm -p abc@123A harbor.xxx.com