Инсталляция Harbor

https://goharbor.io/


Делаю:
2026.01.30


$ sudo vi /etc/docker/daemon.json



{ "insecure-registries":["harbor.192.168.49.2.nip.io"] }



$ sudo service docker restart


Инсталляция MiniKube

Испольновалась версия KUBERNETES_VERSION=v1.32


https://gist.github.com/vfarcic/0a322f969368bec74b75677da217291c


Setup


$ export PROFILE=${USER}-minikube
$ export INGRESS_HOST=$(minikube --profile ${PROFILE} ip)



$ echo ${INGRESS_HOST}
192.168.49.2



$ helm repo add harbor https://helm.goharbor.io
$ helm repo update



$ mkdir -p ~/tmp
$ cd ~/tmp



$ cat > harbor-values.yaml << 'EOF'
expose:
  tls:
    enabled: false
  ingress:
    annotations:
      ingress.kubernetes.io/proxy-body-size: '0'
      ingress.kubernetes.io/ssl-redirect: 'false'
      nginx.ingress.kubernetes.io/proxy-body-size: '0'
      nginx.ingress.kubernetes.io/ssl-redirect: 'false'
harborAdminPassword: Harbor12345
EOF


proxy-body-size возможно нужно поправить!


$ helm upgrade --install harbor harbor/harbor \
    --namespace harbor \
    --create-namespace \
    --set expose.ingress.hosts.core=harbor.$INGRESS_HOST.nip.io \
    --set expose.ingress.hosts.notary=notary.$INGRESS_HOST.nip.io \
    --set externalURL=http://harbor.$INGRESS_HOST.nip.io \
    --values harbor-values.yaml \
    --wait

$ echo "http://harbor.$INGRESS_HOST.nip.io"



// OK!
// User: admin
// Password: Harbor12345
http://harbor.192.168.49.2.nip.io



# `Administration` > `Registries` > `+ NEW ENDPOINT` > Add Docker Hub registry
# `Projects` > `NEW PROJECT`
# - Project Name: dot
# - Endpoint URL - http://harbor.192.168.49.2.nip.io
# - Press the `OK` button

# `Projects` > `dot` > `Configuration`
# - Check `Cosign` in `Deployment Security`
# - Check `Prevent vulnerable images from running` in `Deployment Security` and set the severity to `High`.
# - Set `Automatically scan images on push` in `Vulnerability scanning`


Build And Push Container (Docker) Images


$ export PROFILE=${USER}-minikube
$ export INGRESS_HOST=$(minikube --profile ${PROFILE} ip)
$ echo harbor.$INGRESS_HOST.nip.io



// admin / Harbor12345
$ docker login --username admin harbor.$INGRESS_HOST.nip.io


push image

$ git clone https://github.com/vfarcic/harbor-demo
$ cd harbor-demo/



$ cp go.mod.orig go.mod



$ yq --inplace \
    ".image.repository = \"harbor.$INGRESS_HOST.nip.io/dot/silly-demo\"" \
    helm/values.yaml

$ yq --inplace \
    ".ingress.host = \"silly-demo.$INGRESS_HOST.nip.io\"" \
    helm/values.yaml



$ docker image build \
    --tag harbor.$INGRESS_HOST.nip.io/dot/silly-demo:v0.0.1 .



// OK!
$ docker image push \
    harbor.$INGRESS_HOST.nip.io/dot/silly-demo:v0.0.1


Store Helm Charts And Other Artifacts In Harbor

$ cat helm/values.yaml

$ yq --inplace ".image.tag = \"v0.0.2\"" helm/values.yaml

$ yq --inplace ".version = \"0.0.2\"" helm/Chart.yaml


// admin / Harbor12345
$ helm registry login harbor.$INGRESS_HOST.nip.io --insecure

$ helm package helm

$ helm push silly-demo-0.0.2.tgz \
    oci://harbor.$INGRESS_HOST.nip.io/dot \
    --insecure-skip-tls-verify

Error: failed to perform "Tag" on destination: GET "https://harbor.192.168.49.2.nip.io/v2/dot/silly-demo/manifests/sha256:8f3804f1a4b1994e4cd7388a9ad24a9855b5a76cf59cc10757a12ac2f9ecd4fd": response status code 412: projectpolicyviolation: The image is not signed by cosign


Configure HTTPS Access to Harbor
https://goharbor.io/docs/2.5.0/install-config/configure-https/


Kubernetes : How to install Harbor Private docker registry (Part 5)
https://www.youtube.com/watch?v=F46IxGLibVY