1. Harbor 운영을 위한 docker.io/docker-compose 패키지 설치
# apt install docker.io docker-compose
2. Harbor 설치 패키지 다운로드
# cd /usr/local/
# wget https://github.com/goharbor/harbor/releases/download/v2.11.1/harbor-offline-installer-v2.11.1.tgz
# tar xvzf harbor-offline-installer-v2.11.1.tgz
3. 사용할 도메인(reg.encicle.com) 인증서 복사
# mkdir -p /usr/local/harbor/certs
# cp fullchain.pem /usr/local/harbor/certs
# cp privkey.pem /usr/local/harbor/certs
4. harbor 설정 파일 구성
# cd /usr/local/harbor
# vi harbor.yml
-------------------------------------------------------
hostname: reg.encicle.com
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /usr/local/harbor/certs/fullchain.pem
private_key: /usr/local/harbor/certs/privkey.pem
# enable strong ssl ciphers (default: false)
# strong_ssl_ciphers: false
-------------------------------------------------------사용할 도메인과 인증서 위치만 수정
4. harbor 설치
# cd /usr/local/harbor
# ./install.sh
5. harbor UI 로그인
https://reg.encicle.com
ID / PASS : admin / Harbor12345harbor.yml의 harbor_admin_password를 수정하지 않았다면 패스워드는 Harbor12345이다.
6. Harbor에서 Proxy로 사용할 Registry Endpoint - Docker Hub 구성
7. Harbor에서 library Project를 Proxy로 생성
Proxy Cache를 enable로 생성한 registry endpoint - Docker Hub Proxy를 설정한다.
Access Level을 로그인이 필요 없는 Public로 설정한다.
8. Docker Client에서 registry-mirrors를 Harbor Proxy(reg.encicle)로 설정한다.
# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://reg.encicle.com"]
}
# systemctl restart docker.serviceregistry-mirrors가 올바로 설정되어 있는지 확인
# docker info
Client:
Version: 24.0.7
Context: default
Debug Mode: false
...
...
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://reg.encicle.com/
Live Restore Enabled: false
9. Docker Client에서 Registry Mirrors가 정상동작하는지 확인
Docker에 설정된 Registry Mirrors가 정상 동작하는지 확인하려면 Docker Daemon의 systemd 파일을 수정해서 재시작한다.
# vi /lib/systemd/system/docker.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -D
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# systemctl daemon-reload
# systemctl restart docker.service
아래 명령어를 실행해서 image를 registry mirrors에서 다운 받는지 확인한다.
# docker pull ubuntu:22.04
docker daemon의 로그는 /var/log/syslog에 남는다.
Sep 5 13:34:35 homemachine dockerd[104079]: time="2024-09-05T13:34:35.200868704+09:00" level=debug msg="Calling HEAD /_ping"
Sep 5 13:34:35 homemachine dockerd[104079]: time="2024-09-05T13:34:35.201159868+09:00" level=debug msg="Calling POST /v1.43/images/create?fromImage=ubuntu&tag=22.04"
Sep 5 13:34:35 homemachine dockerd[104079]: time="2024-09-05T13:34:35.540740403+09:00" level=debug msg="hostDir: /etc/docker/certs.d/reg.encicle.com"
Sep 5 13:34:35 homemachine dockerd[104079]: time="2024-09-05T13:34:35.540842328+09:00" level=debug msg="Trying to pull ubuntu from https://reg.encicle.com/"
Sep 5 13:34:37 homemachine dockerd[104079]: time="2024-09-05T13:34:37.815310414+09:00" level=debug msg="Fetching manifest from remote" digest="sha256:adbb90115a21969d2fe6fa7f9af4253e16d45f8d4c1e930182610c4731962658" error="<nil>" remote="docker.io/library/ubuntu:22.04"
Sep 5 13:34:38 homemachine dockerd[104079]: time="2024-09-05T13:34:38.882109700+09:00" level=debug msg="Pulling ref from V2 registry: ubuntu:22.04"
Sep 5 13:34:38 homemachine dockerd[104079]: time="2024-09-05T13:34:38.882155716+09:00" level=debug msg="docker.io/library/ubuntu:22.04 resolved to a manifestList object with 6 entries; looking for a unknown match"
Sep 5 13:34:38 homemachine dockerd[104079]: time="2024-09-05T13:34:38.882169463+09:00" level=debug msg="found match for linux/amd64/v3 with media type application/vnd.oci.image.manifest.v1+json, digest sha256:075680e983398fda61b1ac59ad733ad81d18df4bc46411666bb8a03fb9ea0195"
Sep 5 13:34:38 homemachine dockerd[104079]: time="2024-09-05T13:34:38.901779490+09:00" level=debug msg="Fetching manifest from remote" digest="sha256:adbb90115a21969d2fe6fa7f9af4253e16d45f8d4c1e930182610c4731962658" error="<nil>" remote="docker.io/library/ubuntu:22.04"
Sep 5 13:34:38 homemachine dockerd[104079]: time="2024-09-05T13:34:38.941205495+09:00" level=debug msg="pulling blob \"sha256:857cc8cb19c0f475256df4b7709003b77f101215ebf3693118e61aac6a5ea4ff\""
Sep 5 13:34:39 homemachine dockerd[104079]: time="2024-09-05T13:34:39.235610808+09:00" level=debug msg="Downloaded 857cc8cb19c0 to tempfile /var/lib/docker/tmp/GetImageBlob2204468223"
Sep 5 13:34:39 homemachine dockerd[104079]: time="2024-09-05T13:34:39.235736491+09:00" level=debug msg="Using /usr/bin/unpigz to decompress"
Sep 5 13:34:39 homemachine dockerd[104079]: time="2024-09-05T13:34:39.240748079+09:00" level=debug msg="Applying tar in /var/lib/docker/overlay2/09e1a774ff721fbb78240e16d015e9bcb67edb10076a9a1232aa062556a3f194/diff" storage-driver=overlay2
Sep 5 13:34:39 homemachine dockerd[104079]: time="2024-09-05T13:34:39.796908028+09:00" level=debug msg="Applied tar sha256:1b9b7346fee7abbc7f5538eaa23548bd05a45abe8daf6794024be0c8ad7d60bb to 09e1a774ff721fbb78240e16d015e9bcb67edb10076a9a1232aa062556a3f194, size: 77863449"
Sep 5 13:34:39 homemachine dockerd[104079]: time="2024-09-05T13:34:39.852917872+09:00" level=debug msg="Adding content digest to lease" digest="sha256:adbb90115a21969d2fe6fa7f9af4253e16d45f8d4c1e930182610c4731962658" lease="moby-image-sha256:53a843653cbcd9e10be207e951d907dc2481d9c222de57d24cfcac32e5165188" remote="docker.io/library/ubuntu:22.04"
Sep 5 13:34:39 homemachine dockerd[104079]: time="2024-09-05T13:34:39.864542946+09:00" level=debug msg="Adding content digest to lease" digest="sha256:075680e983398fda61b1ac59ad733ad81d18df4bc46411666bb8a03fb9ea0195" lease="moby-image-sha256:53a843653cbcd9e10be207e951d907dc2481d9c222de57d24cfcac32e5165188" remote="docker.io/library/ubuntu:22.04"
docker pull 동작 방식 이해를 통한 registry-mirrors(harbor) 구성 - 01
ubuntu 22.04 - Harbor를 이용한 registry-mirrors 구성 - 02