Harbor

Делаю:
08.05.2023

$ sudo vi /etc/docker/daemon.json

{ "insecure-registries":["harbor.192.168.49.2.nip.io"] }

$ sudo service docker restart

Инсталляция MiniKube

Испольновалась версия KUBERNETES_VERSION=v1.27.1

https://gist.github.com/vfarcic/0a322f969368bec74b75677da217291c

Setup

$ export PROFILE=${USER}-minikube
$ export INGRESS_HOST=$(minikube --profile ${PROFILE} ip)

$ echo ${INGRESS_HOST}
192.168.49.2

$ helm repo add harbor https://helm.goharbor.io
$ helm repo update

$ mkdir -p ~/tmp/harbor
$ cd ~/tmp/harbor
$ vi values.yaml

proxy-body-size возможно нужно поправить!

expose:
  tls:
    enabled: false
  ingress:
    annotations:
      ingress.kubernetes.io/proxy-body-size: '0'
      ingress.kubernetes.io/ssl-redirect: 'false'
      nginx.ingress.kubernetes.io/proxy-body-size: '0'
      nginx.ingress.kubernetes.io/ssl-redirect: 'false'
harborAdminPassword: Harbor12345

$ helm upgrade --install harbor harbor/harbor \
    --namespace harbor \
    --create-namespace \
    --set expose.ingress.hosts.core=harbor.$INGRESS_HOST.nip.io \
    --set expose.ingress.hosts.notary=notary.$INGRESS_HOST.nip.io \
    --set externalURL=http://harbor.$INGRESS_HOST.nip.io \
    --values values.yaml \
    --wait

$ echo "http://harbor.$INGRESS_HOST.nip.io"

// OK!
// User: admin
// Password: Harbor12345
http://harbor.192.168.49.2.nip.io

# `Administration` > `Registries` > `+ NEW ENDPOINT` > Add Docker Hub registry
# `Projects` > `NEW PROJECT`
# - Project Name: dot
# - Press the `OK` button
# `Projects` > `dot` > `Configuration`
# - Check `Cosign` in `Deployment Security`
# - Check `Prevent vulnerable images from running` in `Deployment Security` and set the severity to `High`.
# - Set `Automatically scan images on push` in `Vulnerability scanning`

Build And Push Container (Docker) Images

$ export PROFILE=${USER}-minikube
$ export INGRESS_HOST=$(minikube --profile ${PROFILE} ip)
$ echo harbor.$INGRESS_HOST.nip.io

// admin / Harbor12345
$ docker login --username admin harbor.$INGRESS_HOST.nip.io

push image

$ git clone https://github.com/vfarcic/harbor-demo
$ cd harbor-demo/

$ cp go.mod.orig go.mod

$ yq --inplace \
    ".image.repository = \"harbor.$INGRESS_HOST.nip.io/dot/silly-demo\"" \
    helm/values.yaml

$ yq --inplace \
    ".ingress.host = \"silly-demo.$INGRESS_HOST.nip.io\"" \
    helm/values.yaml

$ docker image build \
    --tag harbor.$INGRESS_HOST.nip.io/dot/silly-demo:v0.0.1 .

// OK!
$ docker image push \
    harbor.$INGRESS_HOST.nip.io/dot/silly-demo:v0.0.1

Store Helm Charts And Other Artifacts In Harbor

$ cat helm/values.yaml

$ yq --inplace ".image.tag = \"v0.0.2\"" helm/values.yaml

$ yq --inplace ".version = \"0.0.2\"" helm/Chart.yaml


// admin / Harbor12345
$ helm registry login harbor.$INGRESS_HOST.nip.io --insecure

$ helm package helm

$ helm push silly-demo-0.0.2.tgz \
    oci://harbor.$INGRESS_HOST.nip.io/dot \
    --insecure-skip-tls-verify

Configure HTTPS Access to Harbor
https://goharbor.io/docs/2.5.0/install-config/configure-https/