author | Li Dabai

Harbor brief introduction

Harbor It is an open source cloud native product （artifact） Warehouse , It is the first original in China 、 And become CNCF The first 11 Graduate level open source projects . Users can protect artifacts through policies and role-based access control （ Such as container image 、Helm Chart etc. ）, Scan the image and avoid being compromised by security vulnerabilities .
Harbor Extended open source projects Docker Distribution, Added functions required by users （ For example, security , identity , Vulnerability scanning and management ）.
Deploy in environment Harbor It can improve the efficiency of image transmission , It is convenient to build and run container applications nearby .
Harbor It supports copying images between WIP warehouses 、Chart Other products , And provide advanced security functions , For example, user management 、 Access control and operation audit .
\

Harbor Several installation methods

Harbor The following installation methods are provided , To adapt to different installation environments .

• Online installation ： Suitable for beginners to quickly build a Harbor Warehouse , Simple and fast , The installation process needs to pull the image from the official , Resource envelope online.

• Offline installation ： Suitable for the company's Intranet environment , The offline installation package contains the images required for the installation process （ Automatic import ）, Resource envelope offline.

• Source code installation ： Suitable for developers Harbor Develop and test , Compile the source code to install locally , The installation conditions are harsh , Need to know Harbor Of the underlying principles and implementation methods , You can choose how to install the source code

• Heml Chart： adopt Heml install Harbor To kubernetes colony ;

• Operater install ： Harbor Operator It provides the ability of deep customization , The user configures the top-level configuration CRD HarborCluster, Define and configure your own... According to your actual needs Harbor Components .

Each installation method can realize Habor High availability （ The high availability scheme is officially recommended to use kubernetes Installation method of , In other ways, the government does not maintain ）, Prevent a single point of failure .
The high availability scheme based on offline installation is shown in official account 《Harbor Advanced reality 》 Another article on ！

Deployment environment

• operating system ：CentOS 7.5
• VMWare Workstation 16
• Harbor edition ： v2.3.5
• host IP：192.168.2.190
• Host configuration ：2CPU、4G Memory

Harbor Host initialization

Harbor Deployment requires a certain environment for the host , There are mainly the following points to initialize the host .

4.1 install docker-ce

Harbor No matter which way you install , Each component runs as a container , So you need to install docker-ce To start the container . What is installed here is Harbor v2.3.5, Corresponding docker The version is 17.06.0-ce+ Fine , Installed here

""\

4.2 install docker-compose

docker-compose The version of is in 1.18.0+

$ mv docker-compose-linux-x86_64   /usr/local/bin/docker-compose
$ chmod +x   /usr/local/bin/docker-compose
$ docker-compose -v
docker-compose version 1.29.2, build 5becea4c

4.3 Configure kernel parameters

$ modprobe br_netfilter     // Loading kernel modules （ temporary ）
$ cat > /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF 
$ sysctl -p

net.ipv4.ip_forward=1 ： Turn on route forwarding
Do not configure this parameter , When the host restarts , The service status is normal , But can't access the server .

5、 ... and 、Harbor Deploy

5.1 Download and unzip the installation package

From the official Github Download the offline installation package at the project address \

$ wget https://github.com/goharbor/harbor/releases/download/v2.3.5/harbor-online-installer-v2.3.5.tgz
$ tar zxvf harbor-online-installer-v2.3.5.tgz
$ cd harbor

5.2 Create and modify configuration files

Copy as profile according to profile template \

$ cp harbor.yml.tmpl  harbor.yml

Modify the configuration file

$ vim harbor.yml
hostname: 192.168.2.190   # Host name or IP Address 
#https:   # Don't use https Secure encryption port 
#  port: 443
#  certificate: /your/certificate/path
#  private_key: /your/private/key/path

5.3 Generate the configuration of each component

$ ./prepare

This process will download the basic image , Then in the present common/config/ Generate the configuration file of each component under .

5.4 install Harbor

 $ ./install.sh --with-trivy  --with-chartmuseum

--with-trivy： Enable Trivy Mirror vulnerability scanning plug-in ;
--with-chartmuseum： Enable Helm Chart Components ;
--with-notary : If the secure encryption port is enabled https This parameter can be added （ Do not add ）;

The installation process will pull the image , It will take a while ！
After the installation is completed, the following information indicates that the installation is successful ：

? ----Harbor has been installed and started successfully.----

5.5 see Harbor Service status

$ docker-compose   ps

ps: STATUS Column status is Running It means that the corresponding component service is normal ！

Sign in Harbor UI Interface

Enter the address in the browser ：http://192.168.2.190:80
user name ：admin
password ：Harbor12345

Recommended reading

• Design and deployment of high availability scheme based on offline installation
• Prometheus monitor Harbor
• Loki Realization Harbor Batch log management