🦁

docker-composeでHarborをインストールする

2022/12/03に公開約3,500字

インストール

hawget https://github.com/goharbor/harbor/releases/download/v2.6.1/harbor-online-installer-v2.6.1.tgz
tar xvzf harbor-online-installer-v2.6.1.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml

証明書セットアップ

mkdir cert && cd cert

# 認証局作成
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=JP/ST=Tokyo/L=Tokyo/O=lab/OU=lab/CN=harbor.vamdemic.local" -key ca.key -out ca.crt

# 証明書作成
openssl genrsa -out harbor.vamdemic.local.key 4096
openssl req -sha512 -new -subj "/C=JP/ST=Tokyo/L=Tokyo/O=lab/OU=lab/CN=harbor.vamdemic.local" -key harbor.vamdemic.local.key -out harbor.vamdemic.local.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=harbor.vamdemic.local
DNS.2=harbor
IP.1=10.0.0.4
EOF

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in harbor.vamdemic.local.csr \
    -out harbor.vamdemic.local.crt

# 証明書配置
sudo mkdir -p /etc/docker/certs.d/harbor.vamdemic.local
sudo cp harbor.vamdemic.local.crt /etc/docker/certs.d/harbor.vamdemic.local/
sudo cp harbor.vamdemic.local.key /etc/docker/certs.d/harbor.vamdemic.local/
sudo cp ca.crt /etc/docker/certs.d/harbor.vamdemic.local/

# Docker再起動
systemctl restart docekr

設定ファイルをいじる

変えたところ

hostname: harbor.vamdemic.local

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /etc/docker/certs.d/harbor.vamdemic.local/harbor.vamdemic.local.crt
  private_key: /etc/docker/certs.d/harbor.vamdemic.local/harbor.vamdemic.local.key

harbor起動

sudo ./install.sh
sudo docker-compose ps

きれいに起動したとき

docker-compose ps
NAME                COMMAND                  SERVICE             STATUS              PORTS
harbor-core         "/harbor/harbor_core"    core                running (healthy)
harbor-db           "/docker-entrypoint.…"   postgresql          running (healthy)   5432/tcp
harbor-jobservice   "/harbor/harbor_jobs…"   jobservice          running (healthy)
harbor-log          "/bin/sh -c /usr/loc…"   log                 running (healthy)   127.0.0.1:1514->10514/tcp
harbor-portal       "nginx -g 'daemon of…"   portal              running (healthy)   8080/tcp
nginx               "nginx -g 'daemon of…"   proxy               running (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp
redis               "redis-server /etc/r…"   redis               running (healthy)   6379/tcp
registry            "/home/harbor/entryp…"   registry            running (healthy)   5000/tcp
registryctl         "/home/harbor/start.…"   registryctl         running (healthy)

アクセス

この場合、hostsにharbor.vamdemic.localが127.0.0.1の設定を入れてあげて、ブラウザからアクセスする
admin/Harbor12345でログインする

別マシンからアクセスする場合

手元PCにて

認証局の証明書をルート証明書として自身のPCに登録する
登録しないと、docker loginができない。(たぶん、dockerの設定緩めれば大丈夫だとは思う)

sudo cp ca.crt /etc/ssl/certs
sudo update-ca-certificates

Login

docker login https://harbor.vamdemic.local -u admin -p Harbor12345
docker pull hello-world
docker tag hello-world harbor.vamdemic.local/library/hello-world:latest
docker push harbor.vamdemic.local/library/hello-world:latest\

このような感じでアップされる

Discussion

ログインするとコメントできます