Harbor IDEA 快速指引

網上安裝的教程比較多，理清思路之后，自己的安裝過程總結一下，以備后續參考。

參考Harbor官網教程 （Centos 7.5）

1.安裝前必備 ：On a Linux host: docker 17.06.0-ce+ and docker-compose 1.18.0+ . （自行安裝好即可）

2. Harbor 下載的 harbor-offline-installer-v2.0.1.tgz 離線安裝包，從 https://github.com/goharbor/harbor/releases 下載。

3. 解壓開來，配置文件  harbor.yml.tmpl  復制為 harbor.yml  根據自己的需求修改即可（我只修改了主機名，證書，存放目錄 ）。

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.grape.com

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /opt/cert/harbor.grape.com.crt
  private_key: /opt/cert/harbor.grape.com.key

# The default data volume
data_volume: /home/harbor_data

證書的制作是參考的 https://www.cnblogs.com/sanduzxcvbnm/p/11956347.html 的腳本 ，/opt/cert 目錄沒有的話，需要先創建。

#!/bin/bash

# 配置harbor證書

cd /opt/cert

openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.grape.com" -key ca.key -out ca.crt
openssl genrsa -out harbor.grape.com.key 4096
openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.grape.com" -key harbor.grape.com.key -out harbor.grape.com.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=harbor.grape.com
IP.1 = 192.168.111.9
IP.2 = 10.0.0.40
EOF

openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.grape.com.csr -out harbor.grape.com.crt
    
openssl x509 -inform PEM -in harbor.grape.com.crt -out harbor.grape.com.cert

其中注意兩點，dns 我配置兩個地址（內網和外網地址）用於做NAT或者端口映射，記得看過有個帖子說沒有找到解決辦法（此處是我的解決辦法，自簽證書，dns以及多個IP）

4.證書放到指定的目錄，以及docker compose 啟動等等就不細說了。啟動之后，其他機器 docker login 進行驗證，一般來說，正常的是 x509: certificate signed by unknown authority 錯誤 ？？？

linux 需要增加自建的ca證書到docker的信任，創建 /etc/docker/certs.d/harbor.grape.com 文件夾，復制ca.crt 到此目錄重啟docker 服務；

window 10 相對簡單一些，配置文件中增加 "insecure-registries": ["https://harbor.grape.com"] 即可

還有一點差點忘記了，所有訪問 https://harbor.grape.com 需要增加到 hosts文件之中。

 

IDEA中的使用過程

其實使用插件即可， com.spotify 的 dockerfile-maven-plugin 參見 https://github.com/spotify/dockerfile-maven

隨便建一個spring boot 測試程序，pom文件如下 ：

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.example</groupId>
    <artifactId>demo</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>demo</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <spring-boot.version>2.3.0.RELEASE</spring-boot.version>
        <!--docker私服地址-->
        <docker.repository>harbor.grape.com</docker.repository>
        <docker.image.prefix>blade</docker.image.prefix>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>
                    <artifactId>junit-vintage-engine</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-dependencies</artifactId>
                <version>${spring-boot.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                    <encoding>UTF-8</encoding>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <!--需要注意，要么打包后在容器中啟動不起來-->
                <executions>
                    <execution>
                        <goals>
                            <goal>repackage</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <includeSystemScope>true</includeSystemScope>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-deploy-plugin</artifactId>
                <configuration>
                    <skip>true</skip>
                </configuration>
            </plugin>
            <plugin>
                <groupId>com.spotify</groupId>
                <artifactId>dockerfile-maven-plugin</artifactId>
                <version>1.4.13</version>
                <executions>
                    <execution>
                        <id>default</id>
                        <goals>
                            <goal>build</goal>
                            <goal>push</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <!--<username>***</username>
                    <password>*******</password>-->
                    <repository>${docker.repository}/${docker.image.prefix}/${project.artifactId}</repository>
                    <tag>latest</tag>
                    <buildArgs>
                        <JAR_FILE>target/${project.build.finalName}.jar</JAR_FILE>
                    </buildArgs>
                    <useMavenSettingsForAuth>true</useMavenSettingsForAuth>
                </configuration>
            </plugin>
        </plugins>
    </build>

</project>
            

值得注意的是 blade 是harbor先建立的項目，Dockerfile文件如下：

FROM java:8
ARG JAR_FILE
ADD ${JAR_FILE} app.jar
ENTRYPOINT ["java", "-jar", "/app.jar"]

 

 package -->  dockerfile:build (默認是連接到localhost:2375 ，也就是本地docker)，我的系統是 winserver 2019 ，win10 2004 開啟wsl2 更酷。

 

 

 

 以上已經推動到本地的docker中了，然后執行 dockerfile:push ，推動到harbor私有倉庫。

 

 基本上就可以完成，其中有許多細節和知識點需要自己補充。

k8s 中拉取鏡像文件即可運行

 

 

計划將 idea -> gitlab  -> jenkins -> harbor -> k8s 串聯起來。