harbor - deptno/deptno.github.io GitHub Wiki

harbor

container registry

private λ ˆν¬μ§€ν„°λ¦¬ μ‚¬μš©

docker build -t harbor.example.com/test/hello:latest
docker login harbor.example.com
docker push harbor.example.com/test/hello:latest

kubernetes μ—μ„œ private 이미지 pull ν•˜κΈ°

  1. harbor web 에 μ ‘μ†ν•΄μ„œ robot 계정을 생성, project μ•ˆμ—μ„œ 섀정해도 상관없고, κ΄€λ ¨λœ κΆŒν•œμ„ 적절히 λΆ€μ—¬
  2. μƒμ„±λœ token 을 password 둜 μ‚¬μš©ν•˜μ—¬ docker-registry secret 의 password 둜 μ‚¬μš©ν•˜μ—¬ 계정 생성
  3. pod.spec.imagePullSecrets 에 λͺ…μ‹œ
kubectl create secret docker-registry harbor -bot \
  --docker-server=https://harbor.example.com
  --docker-username=[bot name]
  --docker-password=[bot token]

containers:
- name: hello
  image: harbor.example.com/test/hello:latest
imagePullSecrets:
- name: harbor-bot

error

image push, pull error

Error: trying to reuse blob sha256:8e012198eea15b2554b07014081c85fec4967a1b9cc4b65bd9a4bce3ae1c0c88 at destination: failed to read from destination repository test/image_name: 500 (Internal Server Error)

The push refers to repository [harbor.deptno.dev/test/image_name]
ef3fca5020c3: Retrying in 1 second
c1f5993c08fb: Retrying in 1 second
0c8fc885a0f0: Retrying in 1 second
c2debf87e43a: Retrying in 1 second
c890fdde5b6c: Retrying in 1 second
a44f831aabcc: Waiting
5f70bf18a086: Waiting
58c6b0bd90b7: Waiting
53ca831d1016: Waiting
b89b9c6e1861: Waiting
b7e3600bfeb3: Waiting
c7e43350508a: Waiting
9b279096649b: Waiting
c2a86085bb2a: Waiting
6649379ee3b2: Waiting
2277bc8d4e09: Waiting
ed6682c37f64: Waiting
395626b7a3b8: Waiting
8e012198eea1: Waiting
received unexpected HTTP status: 200 OK

$ podman pull harbor.deptno.dev/test/hello-world:test                                                                                                                                                                                                                                                         INT  16.15.0 node  10:26:30
Trying to pull harbor.deptno.dev/test/hello-world:test...
Error: initializing image from source docker://harbor.deptno.dev/test/hello-world:test: invalid character '<' looking for beginning of value

traefik 을 톡해 ingress routing 을 ν•˜κ³  μžˆμ—ˆλŠ”λ°, 쀑간에 middleware λ₯Ό 톡해 forward-auth 인증을 κ»΄λ„£μœΌλ©΄μ„œ λ¬Έμ œκ°€ λ°œμƒν–ˆλ‹€.

  • image: thomseddon/traefik-forward-auth:latest
  • 자체 인증이 있기 λ•Œλ¬Έμ— forward-auth λ₯Ό μ œκ±°ν–ˆλ‹€.

traefik tls

tarefik μ—μ„œ tls λ°œκΈ‰μ— μ‹€νŒ¨ν•˜λŠ” 경우 harbor 에 μ ‘κ·Όν•˜μ§€ λͺ»ν•΄μ„œ 이미지 pull 이 μ‹€νŒ¨ν•˜λ©΄μ„œ λͺ¨λ“  νŒŒλ“œκ°€ λͺ»λœ¨λŠ” λ¬Έμ œκ°€ μžˆλ‹€.

$ sudo vi /etc/containerd/config.toml

[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.example.com"]
    endpoint = ["http://harbor.example.com"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.example.com".tls]
  insecure_skip_verify = true

sudo systemctl restart containerd

link