{"id":765,"date":"2020-04-12T19:30:04","date_gmt":"2020-04-12T17:30:04","guid":{"rendered":"https:\/\/loeilduse.fr\/?p=765"},"modified":"2020-05-01T19:21:16","modified_gmt":"2020-05-01T17:21:16","slug":"deployer-harbor-avec-type-loadbalancer","status":"publish","type":"post","link":"https:\/\/loeilduse.fr\/?p=765&lang=fr","title":{"rendered":"D\u00e9ployer Harbor avec type loadBalancer"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"font-family: trebuchet ms, geneva, sans-serif;\">Pour r\u00e9diger mes articles de vulgarisation, je suis amen\u00e9 \u00e0 tester certains produits. C&#8217;est tr\u00e8s chronophage surtout quand \u00e7a ne fonctionne pas du premier coup. Je fais pas mal de recherche sur Internet pour voir si des posts donnent des astuces mais des fois, il faut tenter d&#8217;autres pistes. C&#8217;est pour cela que j&#8217;ai cr\u00e9\u00e9 une rubrique Astuces Techniques, j&#8217;y posterai un r\u00e9sum\u00e9 des r\u00e9sultats de mes recherches qui pourrait aider d&#8217;autres personnes.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: trebuchet ms, geneva, sans-serif;\">Je consacre ce premier article au d\u00e9ploiement de la registry Harbor d\u00e9velopp\u00e9e initialement par VMware puis donn\u00e9 \u00e0 la CNCF. J&#8217;ai beaucoup gal\u00e9r\u00e9 pour la d\u00e9ployer afin qu&#8217;elle soit accessible derri\u00e8re un loadbalancer, j&#8217;avais le message suivant lorsque que docker tentait de s&#8217;y connecter :<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\">#docker login harbor.cpod-tkg.az-lab.shwrfr.com<\/span><br \/>\n<span style=\"font-family: courier new, courier, monospace;\">Authenticating with existing credentials&#8230;<\/span><br \/>\n<span style=\"font-family: courier new, courier, monospace;\">Login did not succeed, error: <strong>Error response from daemon<\/strong>: Get https:\/\/harbor.cpod-tkg.az-lab.shwrfr.com\/v2\/: <strong>Get https:\/\/core.harbor.domain<\/strong>\/service\/token?account=admin&amp;client_id=docker&amp;offline_token=true&amp;service=harbor-registry: dial tcp: <strong>lookup core.harbor.domain<\/strong>: no such host<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: trebuchet ms, geneva, sans-serif;\">J&#8217;utilise un environnement vSphere 7 pour h\u00e9berger un cluster Kubernetes V1.17.3 d\u00e9ploy\u00e9 via TKG V1. Le loadbalancer est un Metallb V0.82, Habor V1.10.1 et HELM 3<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: trebuchet ms, geneva, sans-serif;\"><u>T\u00e9l\u00e9charger Harbor via Helm 3 :<\/u><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>#helm repo add harbor https:\/\/helm.goharbor.io<\/em><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>#helm fetch harbor\/harbor \u2013untar<\/em><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: trebuchet ms, geneva, sans-serif;\"><u>Cr\u00e9er une storage class n\u00e9cessaire aux volumes persistent, cette storage class utilise une storage policy que j\u2019ai d\u00e9j\u00e0 cr\u00e9\u00e9 dans vSpehre\u00a0:<\/u><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>kind: StorageClass<\/em><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>apiVersion: storage.k8s.io\/v1<\/em><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>metadata:<\/em><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>\u00a0 name: silver-storage-class<\/em><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>\u00a0 annotations:<\/em><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>\u00a0\u00a0\u00a0 storageclass.kubernetes.io\/is-default-class: &#8220;true&#8221;<\/em><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>provisioner: csi.vsphere.vmware.com<\/em><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>parameters:<\/em><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>\u00a0 <\/em><em><strong>storagepolicyname: &#8220;silver-storage-class&#8221;<\/strong><\/em><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: trebuchet ms, geneva, sans-serif;\"><u>Installer Harbor avec les bons param\u00e8tres notamment <strong>externalURL<\/strong> :<\/u><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em># helm install -n harbor-system registry harbor\/harbor &#8211;set<\/em><em><strong> expose.type=loadBalancer,expose.tls.commonName=harbor.cpod-tkg.az-lab.shwrfr.com,externalURL=https:\/\/harbor.cpod-tkg.az-lab.shwrfr.com<\/strong><\/em><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: trebuchet ms, geneva, sans-serif;\"><u>Si vous n&#8217;utilisez pas de certificats sign\u00e9s, il faut que docker soit autoris\u00e9 \u00e0 utiliser une registry &#8220;Insecure&#8221; :<\/u><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>#cat \/etc\/docker\/daemon.json<\/em><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>{<\/em><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 &#8220;insecure-registries&#8221; : [&#8220;172.20.4.71&#8221;, \u2019\u2019harbor.cpod-tkg.az-lab.shwrfr.com\u2019\u2019]<\/em><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>}<\/em><\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em># systemctl restart docker<\/em><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: trebuchet ms, geneva, sans-serif;\"><u>T\u00e9l\u00e9charger le certificat depuis l\u2019UI d\u2019Harbor\u00a0=&gt; projets =&gt; &lt;votre nom de projet&gt; =&gt; Reprositories =&gt; REGISTRY CERTIFICATE et le copier dans le r\u00e9pertoire docker pr\u00e9vu \u00e0 cet effet\u00a0:<\/u><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: courier new, courier, monospace;\"><em>#mkdir -p \/etc\/docker\/certs.d\/172.20.4.71 <\/em><em>et\/ou<\/em><em> mkdir -p \/etc\/docker\/certs.d\/\u2019harbor.cpod-tkg.az-lab.shwrfr.com\u2019<\/em><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: trebuchet ms, geneva, sans-serif;\">Normalement vous devriez pouvoir vous connecter \u00e0 Harbor via Docker :<\/span><\/p>\n<p style=\"text-align: left;\"><span style=\"font-family: courier new, courier, monospace;\"><em>#docker login harbor.cpod-tkg.az-lab.shwrfr.com<br \/>\nAuthenticating with existing credentials&#8230;<br \/>\nWARNING! Your password will be stored unencrypted in \/root\/.docker\/config.json.<br \/>\nConfigure a credential helper to remove this warning. See<br \/>\nhttps:\/\/docs.docker.com\/engine\/reference\/commandline\/login\/#credentials-store<\/em><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-family: trebuchet ms, geneva, sans-serif;\"><em>Login Succeeded<\/em><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pour r\u00e9diger mes articles de vulgarisation, je suis amen\u00e9 \u00e0 tester certains produits. C&#8217;est tr\u00e8s chronophage surtout quand \u00e7a ne fonctionne pas du premier coup. Je fais pas mal de recherche sur Internet pour voir si des posts donnent des astuces mais des fois, il faut tenter d&#8217;autres pistes. C&#8217;est pour cela que j&#8217;ai cr\u00e9\u00e9<\/p><\/div>\n<div class=\"blog-btn\"><a href=\"https:\/\/loeilduse.fr\/?p=765&#038;lang=fr\" class=\"home-blog-btn\">Lire la suite<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[147],"tags":[32,26,169,148,28,167,168,6],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/loeilduse.fr\/index.php?rest_route=\/wp\/v2\/posts\/765"}],"collection":[{"href":"https:\/\/loeilduse.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/loeilduse.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/loeilduse.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/loeilduse.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=765"}],"version-history":[{"count":7,"href":"https:\/\/loeilduse.fr\/index.php?rest_route=\/wp\/v2\/posts\/765\/revisions"}],"predecessor-version":[{"id":773,"href":"https:\/\/loeilduse.fr\/index.php?rest_route=\/wp\/v2\/posts\/765\/revisions\/773"}],"wp:attachment":[{"href":"https:\/\/loeilduse.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/loeilduse.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/loeilduse.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}