pony Jun 5, 2023, 5:58 AM

Harbor Minimalist Build Guide

Harbor Minimalist Build Guide

 

   Docker: 20.10.12

   Docker-compose: 1.29.2

   Harbor: 2.4.1

 

1.1 Install Docker and Docker Compose

 

Please refer directly to the official website. Here is an example on CentOS only:

sudo yum install -y yum-utils

sudo yum-config-manager \

    --add-repo \

    https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io

sudo systemctl start docker

sudo systemctl enable docker

 

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose

 

1.2 Install OpenSSL

 

Here is an example for CentOS only:

yum install -y openssl

 

2. Install Harbor

 

The official website provides two installation modes, online installation package or offline installation package. The difference is that the offline installation package contains images, while the online version goes to Docker Hub to pull the images during installation. We use the offline installation package here.

wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-offline-installer-v2.4.1.tgz

tar zxvf harbor-offline-installer-v2.4.1.tgz

cd harbor

In the harbor folder, you can see a file harbor.yml.tmpl, which is the configuration information of Harbor. Let’s copy a copy and modify it (only the modified part is shown below):

cp harbor.yml.tmpl harbor.yml

harbor.yml

# Configuration file of Harbor

 

# The IP address or hostname to access admin UI and registry service.

# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.

- hostname: reg.mydomain.com

+ hostname: your.domain.com (self-designated)

 

# http related config

http:

  # port for http, default is 80. If https enabled, this port will redirect to https port

  port: 80

 

# https related config

# Disable HTTPS directly

- https:

+ # https:

  # https port for harbor, default is 443

- port: 443

+ # port: 443

  # The path of cert and key files for nginx

- certificate: /your/certificate/path

- private_key: /your/private/key/path

+ # certificate: /your/certificate/path

+ # private_key: /your/private/key/path

 

# # Uncomment following will enable tls communication between all harbor components

# internal_tls:

#   # set enabled to true means internal tls is enabled

#   enabled: true

#   # put your cert and key files on dir

#   dir: /etc/harbor/tls/internal

 

# Uncomment external_url if you want to enable external proxy

# And when it enabled the hostname will no longer used

# external_url: https://reg.mydomain.com:8433

 

# The initial password of Harbor admin

# It only works in first time to install harbor

# Remember Change the admin password from UI after launching Harbor.

- harbor_admin_password: Harbor12345

+ harbor_admin_password: yourPassword (self-designated)

 

After modification, run ./install.sh directly, and wait for Docker Compose to complete. After the deployment is complete, you can use port 80 of this machine to see the Harbor interface. To enable Helm Chart's management functionality, use ./install.sh --with-chartmuseum.

 

3. Login and usage method

 

On the local machine where Harbor is installed, you can directly configure it in /etc/hosts, add the hostname you defined in the configuration file after 127.0.0.1, and then use the following command to log in directly:

docker login -u admin -p yourPassword http://your.domain.com

The above password and hostname need to be replaced by yourself.

 

If you log in from another machine, you still need to configure /etc/hosts first, and point hostname to the IP of the machine where Harbor is installed. When logging in, you may encounter the following situations:

$ docker login -u admin -p yourPassword http://your.domain.com

Error response from daemon: Get https://your.domain.com/v2/: dial tcp xxx.xxx.xxx.xxx:443: connect: connection refused

The reason is that access to HTTPS is denied (we only configure HTTP), and security verification needs to be turned off. Modify /etc/docker/daemon.json and add the following content:

/etc/docker/daemon.json

+ "insecure-registries": ["your.domain.com:port", "0.0.0.0"]

If it is port 80, the port part can be ignored. After modification, restart Docker:

sudo systemctl restart docker

If necessary, Harbor can be restarted on the machine where Harbor is installed:

cd harbor

docker-compose down -v

docker-compose up -d

Log in again to use normally. It should be noted that when using Harbor, the image needs to follow the following format:

# Docker

docker tag SOURCE_IMAGE[:TAG] your.domain.com/PROJECT_NAME/REPOSITORY[:TAG]

docker push your.domain.com/PROJECT_NAME/REPOSITORY[:TAG]

docker pull your.domain.com/PROJECT_NAME/REPOSITORY[:TAG]

 

# Helm

helm repo add --username admin --password ADMIN_PASSWORD harbor http://your.domain.com/chartrepo/

helm plugin install https://github.com/chartmuseum/helm-push

helm cm-push CHART_PATH --version="CHART_VERSION" harbor

helm repo update

helm search repo CHART_PATH

helm install RELEASE_NAME CHART_NAME

Among them, PROJECT_NAME is the name of the project you created in Harbor UI, CHART_PATH is the path to store the Helm Chart, CHART_NAME is the name of the Chart searched after using helm search, and RELEASE_NAME is the custom name after Helm deployment.

 

 
Explore more about
Comments

You must be logged in to post a comment.

About Author
pony
pony

This guy is lazy and left nothing behind.