Shulou(Shulou.com)06/02 Report--

First, create a certificate:

1. Generate ca private key and certificate

Openssl genrsa-out ca.key 4096

Openssl req-x509-new-nodes-sha512-days 3650\

-subj "/ C=CN/ST=Shanghai/L=Shanghai/O=KuaiQian Payment and Settlement Service Co.,Ltd./OU=Product Operation Assurance Dept./CN=*.99bill.com"\

-key ca.key\

-out ca.crt

2. Generate server-side certificate

Openssl genrsa-out 99bill.com.key 4096

Openssl req-sha512-new\

-subj "/ C=CN/ST=Shanghai/L=Shanghai/O=KuaiQian Payment and Settlement Service Co.,Ltd./OU=Product Operation Assurance Dept./CN=*.99bill.com"\

-key 99bill.com.key\

-out 99bill.com.csr

3. Use CA's private key and certificate to sign the user's certificate

Add alias

Cat > v3.ext New destination

Add remote address, user name, password

After testing the connection, save

B. System Management-> synchronization Management-> New Rule

For example:

Resource filters: resources: all

Purpose registry: the target just filled in

Trigger mode: event driven

Save

2. Configure retention test

Project: new project:

Project name: test

Access level: public

Tag retention:

Retention policy: add rules: apply to warehouse match

Keep the 10 recently pushed images based on conditional tags matching

Regular execution: every day

System Management-> garbage cleanup

Configure garbage cleanup cycle

IV. Use

Docker login-u admin-p Bill9912345 vipharbor.99bill.com

Docker tag goharbor/harbor-core:v1.10.0 vipharbor.99bill.com/goharbor/harbor-core:v1.10.0

Docker push vipharbor.99bill.com/goharbor/harbor-core:v1.10.0

Docker pull harbor2.99bill.com/99bill/app-rmse-ruleexecuter.jar:1.0.0.2

V. the overall structure of Harbor

After Harbor is running

The names are: nginx, harbor-jobservice, harbor-ui, harbor-db, harbor-adminserver, registry and harbor-log

Harbor consists of six large modules:

Proxy: Harbor's registry, UI, token services, and other components are all behind a reverse proxy. The agent forwards requests from the browser and docker clients to the back-end service.

Registry: responsible for storing Docker images and processing Docker push/pull requests. Because Harbor enforces permission control over the access to the image, Registry forces the client to obtain a valid token from token service at each push/pull request.

Core services: the core functions of Harbor, including the following three services:

UI: as a Registry Webhook, it assists users to manage images in the way of image user interface. 1) WebHook is a mechanism configured in registry. When the image in registry changes, you can notify the webhook endpoint of Harbor. Harbor uses webhook to update logs, initialize synchronization job, and so on. 2) Token service assigns the corresponding token to each push/pull request according to the user's role in a project. If the corresponding request does not contain a token, registry redirects the request to token service. 3) Database is used to store engineering metadata, user data, role data, synchronization strategy and mirror metadata.

Job services: mainly used for mirror replication. Local images can be synchronized to remote Harbor instances.

Log collector: responsible for collecting logs from other modules to one place

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.