Skip to content

Latest commit

 

History

History
82 lines (64 loc) · 3.03 KB

README-harbor.md

File metadata and controls

82 lines (64 loc) · 3.03 KB

How to deploy a secure container registry and store the certificates to Azure key vault

  1. Create the variables you are going to need:

    RG=mygoodoldresourcegroup
LOC=eastus
VM_NAME=harbor-vm
DNS_NAME=${USER}-${RANDOM:0:5}

  2. Create Resource Group

    az group create -n $RG -l $LOC

  3. Create an Ubuntu 16.04 VM in your resource group:

    az vm create \
--resource-group $RG \
--name  $VM_NAME \
--image UbuntuLTS \
--admin-username $USER \
--generate-ssh-keys \
--public-ip-address-dns-name $DNS_NAME\
--size "Standard_D2_v3"

  4. Install the custom vm extension to get the VM ready for harbor:

    az vm extension set \
--resource-group $RG \
--vm-name $VM_NAME \
--name customScript \
--publisher Microsoft.Azure.Extensions \
  --protected-settings '{"fileUris": ["https://raw.githubusercontent.com/brusMX/AKS-hybrid/master/deploy-env/harbor-docker-registry/harbor-setup.sh"],"commandToExecute": "./harbor-setup.sh"}'

  5. Install Harbor Container Registry on it, to ssh into the machine you can run the following command:

    HARBOR_VM_IP=$(az vm list-ip-addresses  -g $RG -n harbor-vm -o tsv --query "[0].virtualMachine.network.publicIpAddresses[0].ipAddress")
ssh $HARBOR_VM_IP

  6. Make sure to create the certificates and configure SSL

  7. Open the needed ports:

    az vm open-port --port 80 --resource-group $RG --name $VM_NAME

  8. Go into the admin of Harbor and create a project

  9. Create a dockerfile in your computer and upload it to harbor registry

  10. Download the certificates from your VM into your machine, you can use SCP.

  11. Copy the certificate to your machine /etc/docker/certs.d/<domain-name> or in Windows double click the certificate and restart docker.

  12. Create an Azure Keyvault and upload the ca.crt as a secret (Check Noel's)

     az keyvault create -n k8s-keyvault-01 -g AKS-experiments --enabled-for-deployment --enabled-for-disk-encryption --enabled-for-template-deployment
 az keyvault secret set -n harbor-website-cert --vault-name k8s-keyvault-01 -f ca.crt

  13. Connect to your client VM and download the Azure KeyVault secret with a valid SP

    az keyvault secret download -n harbor-website-cert --vault-name k8s-jeyvault-01 -f ca.crt

  14. Trust the certificate by uploading it into the trusted valid ca-certificates.

    cp ca.crt /etc/docker/certs.d/<domain-name>

  15. Try it out by downloading an image in your client server.

    docker login harbor-registry.eastus.cloudapp.azure.com -u brusmx
docker pull harbor-registry.eastus.cloudapp.azure.com/test-a1/brusbox:1.0