harbor-helm.md

Harbor Installation with Helm

Repo

• https://github.com/goharbor/harbor-helm

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+
• [If enabled] A persistent storage resource and RW access to it
• [If enabled] Kubernetes StorageClass for dynamic provisioning

helm update

helm repo add harbor https://helm.goharbor.io
helm repo update

install

instance_public_ip="$(curl ifconfig.me --silent)"

helm install harbor harbor/harbor \
  --create-namespace \
  --namespace=harbor \
  --set expose.type=nodePort \
  --set expose.nodePort.ports.http.nodePort=32080 \
  --set expose.nodePort.ports.https.nodePort=32443 \
  --set expose.nodePort.ports.notary.nodePort=32081 \
  --set externalURL=https://${instance_public_ip}:32443 \
  --set expose.tls.enabled=false \
  --set ipFamily.ipv6.enabled=false \
  --set harborAdminPassword=Password

---

Examples

Basic usage

Docker Push Command

Docker Login

# docker login YOUR_IP:32443

Tag an image for this project:

# docker tag SOURCE_IMAGE[:TAG] YOUR_IP:32443/library/REPOSITORY[:TAG]

Push an image to this project:

# docker push YOUR_IP:32443/library/REPOSITORY[:TAG]

Helm Push Command

Package a chart for this project:

# helm package CHART_PATH

Push a chart to this project:

# helm push CHART_PACKAGE oci://YOUR_IP:32443/library

---

docker insecure set

/etc/docker/daemon.json

{
        "insecure-registries":["YOUR_IP:32443"]
}

systemctl restart docker

(Option) externalURL Change

kubectl patch configmap/harbor-core \
  -n harbor \
  --type merge \
  -p '{"data":{"EXT_ENDPOINT":"https://repo.taking.kr"}}'
  
kubectl rollout restart deployment harbor-core -n harbor

(Option) Containerd Only - Nerdctl (Not Yet)

Nerdctl download

#!/bin/bash

get_latest_release() {
  curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub api
    grep '"tag_name":' |                                            # Get tag line
    sed -E 's/.*"([^"]+)".*/\1/' |                                    # Pluck JSON value
    cut -c 2-
}

latest_ver=$(get_latest_release containerd/nerdctl)


if [ -f /usr/local/bin/nerdctl ]; then
    echo "${RED}--nerdctl exist.. PASS--${NC}"
else
    echo "${RED}--nerdctl Binary downloading...--${NC}"
    cd ~/
    wget https://github.com/containerd/nerdctl/releases/download/v${latest_ver}/nerdctl-${latest_ver}-linux-amd64.tar.gz
    mkdir ./nerdctl-${latest_ver}
    tar -xvzf nerdctl-${latest_ver}-linux-amd64.tar.gz -C ./nerdctl-${latest_ver}
    cp -r ./nerdctl-${latest_ver}/nerdctl /usr/local/bin/
    rm -rf nerdctl-${latest_ver}*
    nerdctl version
fi

containerd insecure setting

• /etc/containerd/config.toml

    [plugins."io.containerd.grpc.v1.cri".registry]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://registry-1.docker.io", "https://YOUR_IP:32443"]
    [plugins."io.containerd.grpc.v1.cri".registry.configs]
      [plugins."io.containerd.grpc.v1.cri".registry.configs."YOUR_IP:32443".auth]
        username = "admin"
        password = "Password"

service restart

systemctl restart containerd

private registry login

# nerdctl login -u <USERNAME> YOUR_IP:32443

Pushing an image

# nerdctl tag nginx:latest YOUR_IP:32443/library/nginx:latest
# nerdctl push YOUR_IP:32443/library/nginx:latest