Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/felipelaptrin/image-proxy-cache-harbor
A demo for my blog post about how to implementa a proxy-cache to avoid facing rate-limit pulls of Dockehub
https://github.com/felipelaptrin/image-proxy-cache-harbor
blog devbox harbor helm ingress-nginx kubernetes metallb opentofu terraform
Last synced: about 2 months ago
JSON representation
A demo for my blog post about how to implementa a proxy-cache to avoid facing rate-limit pulls of Dockehub
- Host: GitHub
- URL: https://github.com/felipelaptrin/image-proxy-cache-harbor
- Owner: felipelaptrin
- Created: 2024-08-18T17:32:07.000Z (4 months ago)
- Default Branch: main
- Last Pushed: 2024-08-18T17:51:23.000Z (4 months ago)
- Last Synced: 2024-10-12T04:40:57.398Z (2 months ago)
- Topics: blog, devbox, harbor, helm, ingress-nginx, kubernetes, metallb, opentofu, terraform
- Language: HCL
- Homepage: https://felipetrindade.com/proxy-cache-harbor/
- Size: 8.79 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# image-proxy-cache-harbor
This is a demo repository to support my [Image proxy cache using Harbor](https://felipetrindade.com/proxy-cache-harbor/) blog post. The idea is to use Harbor to proxy-cache images and reduce calls to DockerHub.
## Running this demo
Make sure you have [devbox](https://github.com/jetify-com/devbox) and docker installed.
1) Create a Docker network for the Kind cluster
```sh
docker network create --subnet 172.100.0.0/16 custom-kind-network
```2) Install dependencies
```sh
devbox run init
```This will create a Kind cluster, and install Metallb, Ingress NGINX and Harbor. This will take a few minutes because it waits for all these tools to get ready.
3) Configure Harbor project
```sh
devbox run proxy-cache
```4) Create Kubernetes secrets for registry credentials
```sh
kubectl create secret -n default docker-registry regcred-harbor \
--docker-server=harbor.ingress.local \
--docker-username=admin \
--docker-password=admin
```5) Allow insecure registries
SSH into the Kubernetes node
```sh
docker exec -it kind-worker bash
```Then run
```sh
apt-get update
apt install vim -y
vim /etc/containerd/config.toml
```Add the following lines to the file
```toml
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.ingress.local"]
endpoint = ["https://harbor.ingress.local"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.ingress.local".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.ingress.local".auth]
username = "admin"
password = "admin"
```Finally restart containerd
```sh
systemctl restart containerd
exit
```6) Deploy an application that uses Kustomize
```sh
devbox run app-with-kustomize
```7) Deploy an application that uses Helm Chart
```sh
devbox run app-with-helm
```8) Add Harbor URL to /etc/hosts
```sh
INGRESS_LB_IP=$(kubectl get svc ingress-nginx-controller -n ingress-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "$INGRESS_LB_IP harbor.ingress.local" | sudo tee -a /etc/hosts
```9) Access Harbor UI
Access `https://harbor.ingress.local` and use `admin` as username and `admin` as password. Notice that a project called `proxy_cache` was created and have 2 repositories caches.
10) Destroy everything
```sh
devbox run destroy
```