DEV Community

Zheng Zengtao
Zheng Zengtao

Posted on • Edited on

Building an Images Repository - Harbor

Harbor is designed for storing container images and is generally deployed in an intranet environment to provide image services for containers running within the intranet.

Harbor is open source and can be found on GitHub at: https://github.com/goharbor/harbor

Step 1: Testing Environment

For testing purposes, set up a new virtual machine with CentOS 7.9 and make some modifications to the test environment:

  1. Disable the firewall, install iptables, and temporarily disable it:
systemctl stop firewalld
systemctl disable firewalld
yum install iptables-services -y
systemctl stop iptables
systemctl disable iptables
iptables -F
Enter fullscreen mode Exit fullscreen mode
  1. Disable SELinux:
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
Enter fullscreen mode Exit fullscreen mode
  1. Synchronize system time:
ntpdata cn.pool.ntp.org
crontab -e
Enter fullscreen mode Exit fullscreen mode

Insert the following entry to synchronize every hour:

* */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org
Enter fullscreen mode Exit fullscreen mode
  1. Install common components:
yum install -y yum-utils device-mapper-persistent-data lvm2 wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel vim ncurses-devel autoconf automake zlib-devel python-devel epel-release openssh-server socat ipvsadm conntrack
Enter fullscreen mode Exit fullscreen mode
  1. Set up the repository:
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Enter fullscreen mode Exit fullscreen mode
  1. Enable system forwarding:
echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
Enter fullscreen mode Exit fullscreen mode

Step 2: Install Docker and Download Docker Compose

  1. Install the latest version of Docker:
yum install -y docker-ce
Enter fullscreen mode Exit fullscreen mode
  1. Enable Docker:
systemctl enable docker --now
Enter fullscreen mode Exit fullscreen mode
  1. Download Docker Compose:
wget https://github.com/docker/compose/releases/download/v2.23.1/docker-compose-linux-x86_64
mv docker-compose-linux-x86_64 /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose
Enter fullscreen mode Exit fullscreen mode

Step 3: Create Certificates

During the certificate creation process, ensure consistency in country code and city code. The hostname must match the local machine.

mkdir /data/ssl -p
cd /data/ssl/
openssl genrsa -out ca.key 3072
openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
openssl genrsa -out harbor.key 3072
openssl req -new -key harbor.key -out harbor.csr
openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650
Enter fullscreen mode Exit fullscreen mode

Step 4: Download and Install Harbor

  1. Create a directory:
mkdir /data/install
cd /data/install
Enter fullscreen mode Exit fullscreen mode
  1. Download and extract files:
wget https://github.com/goharbor/harbor/releases/download/v2.3.0-rc3/harbor-offline-installer-v2.3.0-rc3.tgz
tar zxvf harbor-offline-installer-v2.3.0-rc3.tgz -C /data/install
Enter fullscreen mode Exit fullscreen mode
  1. Modify the configuration file:
cp /data/install/harbor/harbor.yml.tmpl /data/install/harbor/harbor.yml
vim /data/install/harbor/harbor.yml
Enter fullscreen mode Exit fullscreen mode

Modify the hostname, certificate, and private_key to actual values:

hostname: harbor # Adjust as needed

certificate: /data/ssl/harbor.pem
private_key: /data/ssl/harbor.key
Enter fullscreen mode Exit fullscreen mode
  1. Install Harbor:
/data/install/harbor/install.sh
Enter fullscreen mode Exit fullscreen mode

Step 5: Web User Management on the Client

Access the IP or domain of this host to open the login page. Initial admin account information:
Username: admin
Password: Harbor12345

Step 6: Configure Docker on the Client

  1. Modify /etc/docker/daemon.json:
vim /etc/docker/daemon.json
Enter fullscreen mode Exit fullscreen mode

Add the following field in the client machine's /etc/docker/daemon.json:

"insecure-registries": "192.168.xxx.xxx", "hostname"
Enter fullscreen mode Exit fullscreen mode
  1. Restart the Docker service:
systemctl daemon-reload
systemctl restart docker
Enter fullscreen mode Exit fullscreen mode

Step 7: Testing

  1. Upload Test: Tag the image on the local machine in the format: ip/project_name/image_name
docker tag tomcat:latest 192.168.xxx.xxx/test/tomcat:v1
docker push 192.168.xxx.xxx/test/tomcat:v1
Enter fullscreen mode Exit fullscreen mode
  1. Download Test:
docker pull 192.168.xxx.xxx/test/tomcat:v1
Enter fullscreen mode Exit fullscreen mode

Top comments (0)