🦁
docker-composeでHarborをインストールする
インストール
hawget https://github.com/goharbor/harbor/releases/download/v2.6.1/harbor-online-installer-v2.6.1.tgz
tar xvzf harbor-online-installer-v2.6.1.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml
証明書セットアップ
mkdir cert && cd cert
# 認証局作成
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=JP/ST=Tokyo/L=Tokyo/O=lab/OU=lab/CN=harbor.vamdemic.local" -key ca.key -out ca.crt
# 証明書作成
openssl genrsa -out harbor.vamdemic.local.key 4096
openssl req -sha512 -new -subj "/C=JP/ST=Tokyo/L=Tokyo/O=lab/OU=lab/CN=harbor.vamdemic.local" -key harbor.vamdemic.local.key -out harbor.vamdemic.local.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.vamdemic.local
DNS.2=harbor
IP.1=10.0.0.4
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in harbor.vamdemic.local.csr \
-out harbor.vamdemic.local.crt
# 証明書配置
sudo mkdir -p /etc/docker/certs.d/harbor.vamdemic.local
sudo cp harbor.vamdemic.local.crt /etc/docker/certs.d/harbor.vamdemic.local/
sudo cp harbor.vamdemic.local.key /etc/docker/certs.d/harbor.vamdemic.local/
sudo cp ca.crt /etc/docker/certs.d/harbor.vamdemic.local/
# Docker再起動
systemctl restart docekr
設定ファイルをいじる
変えたところ
hostname: harbor.vamdemic.local
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /etc/docker/certs.d/harbor.vamdemic.local/harbor.vamdemic.local.crt
private_key: /etc/docker/certs.d/harbor.vamdemic.local/harbor.vamdemic.local.key
harbor起動
sudo ./install.sh
sudo docker-compose ps
きれいに起動したとき
docker-compose ps
NAME COMMAND SERVICE STATUS PORTS
harbor-core "/harbor/harbor_core" core running (healthy)
harbor-db "/docker-entrypoint.…" postgresql running (healthy) 5432/tcp
harbor-jobservice "/harbor/harbor_jobs…" jobservice running (healthy)
harbor-log "/bin/sh -c /usr/loc…" log running (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal "nginx -g 'daemon of…" portal running (healthy) 8080/tcp
nginx "nginx -g 'daemon of…" proxy running (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp
redis "redis-server /etc/r…" redis running (healthy) 6379/tcp
registry "/home/harbor/entryp…" registry running (healthy) 5000/tcp
registryctl "/home/harbor/start.…" registryctl running (healthy)
アクセス
この場合、hostsにharbor.vamdemic.localが127.0.0.1の設定を入れてあげて、ブラウザからアクセスする
admin/Harbor12345でログインする
別マシンからアクセスする場合
手元PCにて
認証局の証明書をルート証明書として自身のPCに登録する
登録しないと、docker loginができない。(たぶん、dockerの設定緩めれば大丈夫だとは思う)
sudo cp ca.crt /etc/ssl/certs
sudo update-ca-certificates
Login
docker login https://harbor.vamdemic.local -u admin -p Harbor12345
docker pull hello-world
docker tag hello-world harbor.vamdemic.local/library/hello-world:latest
docker push harbor.vamdemic.local/library/hello-world:latest\
このような感じでアップされる
Discussion