Harbor Installation & Configuration

Preparation

# mkdir /workspace
# cd /workspace
# wget https://github.com/goharbor/harbor/releases/download/v1.10.1/harbor-offline-installer-v1.10.1.tgz
# tar -xvf harbor-offline-installer-v1.10.1.tgz
# cd harbor

# vi harbor.yml

hostname: 192.168.65.141 <- Ubah sesuai dengan IP Harbor.
  http:
    port: 80
  https:
    port: 443
    certificate: /data/cert/example.com.crt
    private_key: /data/cert/example.com.key

Crete SSL self-sign certificates

# openssl genrsa -out ca.key 4096

# openssl req -x509 -new -nodes -sha512 -days 3650 \
   -subj "/C=CN/ST=Jakarta/L=Jakarta/O=example/OU=Personal/CN=example.com" \
   -key ca.key \
   -out ca.crt

# openssl genrsa -out example.com.key 4096

# openssl req -sha512 -new \
   -subj "/C=CN/ST=Jakarta/L=Jakarta/O=example/OU=Personal/CN=example.com" \
   -key example.com.key \
   -out example.com.csr

# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=example.com
DNS.2=example
DNS.3=harbor
IP.1=192.168.65.141
EOF

# openssl x509 -req -sha512 -days 3650 \
   -extfile v3.ext \
   -CA ca.crt -CAkey ca.key -CAcreateserial \
   -in example.com.csr \
   -out example.com.crt

# mkdir /data/cert/
# cp example.com.crt /data/cert/
# cp example.com.key /data/cert/
# openssl x509 -inform PEM -in example.com.crt -out example.com.cert
# mkdir /etc/docker/certs.d/example.com/
# cp example.com.cert /etc/docker/certs.d/example.com/
# cp example.com.key /etc/docker/certs.d/example.com/
# cp ca.crt /etc/docker/certs.d/example.com/
# cp ca.crt /usr/local/share/ca-certificates/
# update-ca-certificates
# systemctl restart docker

Deploy Harbor

# ./prepare
# docker-compose down -v
# docker-compose up -d

Push Docker images

# docker login example.com
# docker tag mysql:latest example.com/nama_project/mysql:latest
# docker push example.com/nama_project/mysql:latest

Done

Leave a Reply

Your email address will not be published. Required fields are marked *