USED HARBOR

#USED HARBOR 

 

도커 이미지 확인
docker images

docker tag
docker tag goharbor/harbor-exporter:v2.7.1 133.186.251.6/library/goharbor/harbor-exporter:v1
docker tag goharbor/chartmuseum-photon:v2.7.1 133.186.251.6/library/goharbor/chartmuseum-photon:v1

push
 docker push 133.186.251.6/library/goharbor/harbor-exporter:v1
 docker push 133.186.251.6/library/goharbor/chartmuseum-photon:v1

web ui

docker image pull 
ui에서 pull 명령어 복사
 docker pull 133.186.251.6/library/goharbor/harbor-exporter@sha256:6ede8203b5a748f50da7d1d944b5da05fe8170c1c73ec044f79112d70f933ce6

HARBOR API


harbor레지스트리 조회 
curl -u "admin:Harbor12345"  -ki  https://192.168.10.30/v2/_catalog

harbor이미지 다이제스트 조회 
curl -u "admin:Harbor12345"  -ki https://192.168.10.30/v2/library/goharbor/harbor-exporter/manifests/v1

SKOPEO


skopeo --debug copy --remove-signatures --src-tls-verify=true --src-creds 'admin:Harbor12345' --src-cert-dir=/etc/docker/certs.d/192.168.10.30:443 docker://133.186.251.6/library/redis-photon:v1 oci:/home/centos/skopeo-test/
"skopeo --debug copy --remove-signatures --src-tls-verify=true --src-creds 'admin:Harbor12345' --src-cert-dir=/etc/docker/certs.d/192.168.10.30:443 docker://133.186.251.6/library/goharbor/chartmuseum-photon:v1 oci:/home/centos/skopeo-test/
"

서버 인증서, 키 및 CA 파일을 Harbor 호스트의 Docker 인증서 폴더에 복사합니다. 먼저 적절한 폴더를 생성해야 합니다.
/etc/docker/certs.d/192.168.10.30:443





ref. https://goharbor.io/docs/2.7.0/install-config/configure-https/





#remote HARBOR (Troubleshoot HTTPS Connections)

실패  1) Harbor인증서 공유 
Harbor에 login 하려는 각 서버의 /etc/docker/certs.d/도메인명 위치에 crt, key 파일을 위치시킨 후 systemctl restart docker

ref.
https://goharbor.io/docs/2.10.0/install-config/troubleshoot-installation/
https://docs.docker.com/engine/security/certificates/

CA파일 등록
ubuntu cp /등록할 인증서.crt & key /usr/local/share/ca-certificates/
인증서 업데이트
update-ca-trust

mkdir -p /etc/docker/certs.d/192.168.10.30
cp harbor.*  /etc/docker/certs.d/192.168.10.30

도커 재시작 
systemctl restart docker

docker login http://192.168.10.30 -u admin -p Harbor12345

 

성공

2) insecure 모드로 인증


도커 데몬에 insecure-registries 옵션을 설정하여 인증되지 않은 Registry를 사용할 수 있도록 해야 한다.
vi /etc/docker/daemon.json

{
   "insecure-registries":[
      "192.168.10.30", "harbor 접근 공인 IP"
   ]
}
systemctl restart docker
docker login http://192.168.10.30 -u admin -p Harbor12345



Reconfigure Harbor

Stop Harbor
sudo docker-compose stop
Restart Harbor
sudo docker-compose start

Reconfigure Harbor

Stop Harbor.
sudo docker-compose down -v

Update harbor.yml
vim harbor.yml

Run the prepare script
sudo prepare


Re-create and start the Harbor instance.
sudo docker-compose up -d

 

Registries 연결

Administration >  Registries > NEW ENDPOINT

1.docker hub 

 

 

Replications

 

projects > +NEW PROJECT

 

Proxy Cache 사용 체크 

ssh 접속 후 도커 로그인 
docker login 180.210.83.108 -u admin -p Harbor12345

> docker pull <harbor_server_name>/<proxy_project_name>/goharbor/harbor-core:dev
docker pull 180.210.83.108/dockerhub/library/alpine:latest





ref.
https://goharbor.io/docs/2.10.0/administration/configure-proxy-cache/
https://goharbor.io/docs/2.10.0/administration/configure-proxy-cache/#how-harbor-proxy-cache-works

하버 프록시 캐시 작동 방식
풀 요청이 프록시 캐시 프로젝트에 올 때 이미지가 캐시되지 않은 경우 Harbor는 대상 레지스트리에서 이미지를 풀하고 마치 프록시 캐시 프로젝트의 로컬 이미지인 것처럼 풀 명령을 제공합니다. 
그런 다음 프록시 캐시 프로젝트는 향후 요청을 위해 이미지를 캐시합니다.
"
다음에 사용자가 해당 이미지를 요청하면 Harbor는 대상 레지스트리에서 이미지의 최신 매니페스트를 확인하고 다음 시나리오에 따라 이미지를 제공합니다."