Harbor Install¶

• OS: Ubuntu 22.04
• Harbor: v2.10.0

1. Install docker-ce¶

• 1.1 Auto install docker

Docker cannot be accessed in Chinese Mainland, so need proxy required. Overseas site, please skip this step and proceed to step 1.2

Make sure your server has Internet access Change server download url

• reference linking: reference linking：Docker CE 软件仓库镜像使用帮助 - MirrorZ Help (nju.edu.cn)

export DOWNLOAD_URL="https://mirror.nju.edu.cn/docker-ce"
wget -O- https://raw.githubusercontent.com/docker/docker-install/master/install.sh | sh

• 1.2 Auto install docker

This step is used in non Chinese Mainland regions

sudo apt-get update
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

• 1.3 Check docker-ce version and start docker

docker --version
systemctl enable --now docker

2. Install docker-compose¶

• 2.1 Download docker-compose

curl -L "https://github.com/docker/compose/releases/download/v2.33.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose

• 2.2 Check docker compose version

docker-compose --version

3. Install harbor¶

• 3.1 Download and unzip harbor package

wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz
tar -zxvf harbor-offline-installer-v2.10.0.tgz

• 3.2 Create CRS file

Create private key, and CSR (Certificate Signing Request) file

Please change domain name (wzs-sat-poc-harbor.wistron.com) to your site harbor domain name

mkdir -p /root/ssl_key && cd /root/ssl_key
openssl genrsa -out wzs-sat-poc-harbor.wistron.com.key 2048
openssl req -new -key ./wzs-sat-poc-harbor.wistron.com.key -out wzs-sat-poc-harbor.wistron.com.csr

Common Name: wzs-sat-poc-harbor.wistron.com

• 3.3 Create SSL certificate

Login wistron ADCA server, and click Request a certificate

Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

View and copy harbor CSR file content

cat wzs-sat-poc-harbor.wistron.com.csr

Paste harbor csr file to Save Request, select Certificate Template to Wistron Client and Server Authentication, and entry Additional Attributes: san:dns=wzs-sat-poc-harbor.wistron.com, then click Submit

Download certificate, and rename to wzs-sat-poc-harbor.wistron.com.crt

Upload harbor domain certificate to harbor server

• 3.4 Prepare harbor configuration file

cd /root/harbor/
cp harbor.yml.tmpl harbor.yml
mkdir /data
vim harbor.yml

hostname: wzs-sat-poc-harbor.wistron.com

certificate: /root/ssl_key/wzs-sat-poc-harbor.wistron.com.crt

private_key: /root/ssl_key/wzs-sat-poc-harbor.wistron.com.key

harbor_admin_password: Harbor12345

• 3.5 Execute install script

./install.sh

• you can see Harbor has been installed and started successfully

4. Config harbor¶

• 4.1 Change admin password

Login harbor with web, Use the admin account password from harbor.yml for the first login

Click admin -> Change Password

Setup new password for admin

• 4.2 Create registries

Click Registries -> + NEW ENDPOINT

• Input harbor proxy info

Name: whq-harbor-rke2

Endpoint URL: https://harbor.wistron.com

Access ID/Secret: (If it only a mirror public projec, there is no need an access ID/Secret)

• 4.3 Create projects

Click Projects -> + NEW PROJECT

• Input project info

Project Name: wzs-rke2

• 4.4 LDAPs config

Click Configuration -> Authentication, and select Auth Mode to LDAP

Enter ldaps info, and click TEST LDAP SERVER -> SAVE

LDAP URL: ldaps://10.41.20.10:3269

LDAP Search DN: wzsse@wzs.wistron (ID with permission to traverse AD domain accounts)

LDAP Search Password: password

LDAP Base DN: dc=wistron

LDAP UID: sAMAccountName

LDAP Group Base DN: dc-wistron

and un-check LDAP Verify Certificate