Harbor
无论是使用Docker-distribution去自建仓库,还是通过官方镜像跑容器的方式去自建仓库,通过前面的演示我们可以发现其是非常的简陋的,还不如直接使用官方的Docker Hub去管理镜像来得方便,至少官方的Docker Hub能够通过web界面来管理镜像,还能在web界面执行搜索,还能基于Dockerfile利用Webhooks和Automated Builds实现自动构建镜像的功能,用户不需要在本地执行docker build,而是把所有build上下文的文件作为一个仓库推送到github上,让Docker Hub可以从github上去pull这些文件来完成自动构建。
但无论官方的Docker Hub有多强大,它毕竟是在国外,所以速度是最大的瓶颈,我们很多时候是不可能去考虑使用官方的仓库的,但是上面说的两种自建仓库方式又十分简陋,不便管理,所以后来就出现了一个被 CNCF 组织青睐的项目,其名为Harbor。
Harbor是由VMWare在Docker Registry的基础之上进行了二次封装,加进去了很多额外程序,而且提供了一个非常漂亮的web界面。
- Harbor是一个开源可信的云原生的仓库项目,用于存储、用户管理和查找镜像。
- Harbor通过添加用户通常需要的功能,如安全、身份和管理,扩展了开源Docker分发版。
- Harbor支持高级特性,如用户管理、访问控制、活动监视和实例之间的复制。
Docker compose
Harbor在物理机上部署是非常难的,而为了简化Harbor的应用,Harbor官方直接把Harbor做成了在容器中运行的应用,而且这个容器在Harbor中依赖类似redis、mysql、pgsql等很多存储系统,所以它需要编排很多容器协同起来工作,因此VMWare Harbor在部署和使用时,需要借助于Docker的单机编排
Compose是一个用于定义和运行多容器Docker应用程序的工具。使用Compose,您可以使用YAML文件来配置应用程序的服务。然后,通过一个命令,您可以创建并启动配置中的所有服务。
harbor镜像仓库部署
#修改主机名
[root@harbor ~]# hostname
harbor.example.com
[root@harbor harbor]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.8.135 harbor.example.com
[root@harbor ~]# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 664 100 664 0 0 805 0 --:--:-- --:--:-- --:--:-- 805
100 12.1M 100 12.1M 0 0 448k 0 0:00:27 0:00:27 --:--:-- 331k
[root@harbor ~]# chmod +x /usr/local/bin/docker-compose
[root@harbor ~]# ls /usr/local/bin/docker-compose
/usr/local/bin/docker-compose
[root@harbor ~]# ll /usr/local/bin/docker-compose
-rwxr-xr-x 1 root root 12737304 12月 16 01:04 /usr/local/bin/docker-compose
[root@harbor ~]# which docker-compose
/usr/local/bin/docker-compose
#下载安装harbor
[root@harbor ~]# wget -c https://github.com/goharbor/harbor/releases/download/v2.3.5/harbor-offline-installer-v2.3.5.tgz
[root@harbor ~]# tar xf harbor-offline-installer-v2.3.5.tgz -C /usr/local/
[root@harbor ~]# cd /usr/local/
[root@harbor local]# ls
bin etc games harbor include lib lib64 libexec sbin share src
[root@harbor local]# cd harbor/
[root@harbor harbor]# ls
common.sh harbor.v2.3.5.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor harbor]# ls
common.sh harbor.v2.3.5.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare
[root@harbor harbor]# vim harbor.yml
hostname: harbor.example.com #修改主机名
#将https段注释掉
# https related config
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
······
harbor_admin_password: Harbor12345 #harbor页面密码
······
data_volume: /data #默认存储位置
[root@harbor harbor]# dnf -y install docker-ce
#执行./install.sh
[root@harbor harbor]# ./install.sh
···
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry ... done
Creating harbor-portal ... done
Creating redis ... done
Creating harbor-db ... done
Creating registryctl ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.3.5 1730c6f650e2 6 days ago 81.9MB
goharbor/chartmuseum-photon v2.3.5 47004f032938 6 days ago 179MB
goharbor/redis-photon v2.3.5 3d0cedc89a0d 6 days ago 156MB
goharbor/trivy-adapter-photon v2.3.5 5c0212e98070 6 days ago 133MB
goharbor/notary-server-photon v2.3.5 f20a76c65359 6 days ago 111MB
goharbor/notary-signer-photon v2.3.5 b9fa38eef4d7 6 days ago 108MB
goharbor/harbor-registryctl v2.3.5 7a52567a76ca 6 days ago 133MB
goharbor/registry-photon v2.3.5 cf22d3e386b8 6 days ago 82.6MB
goharbor/nginx-photon v2.3.5 5e3b6d9ce11a 6 days ago 45.7MB
goharbor/harbor-log v2.3.5 a03e4bc963d6 6 days ago 160MB
goharbor/harbor-jobservice v2.3.5 2ac32df5a2e0 6 days ago 211MB
goharbor/harbor-core v2.3.5 23baee01156f 6 days ago 193MB
goharbor/harbor-portal v2.3.5 bb545cdedf5a 6 days ago 58.9MB
goharbor/harbor-db v2.3.5 9826c57a5749 6 days ago 221MB
goharbor/prepare v2.3.5 a1ceaabe47b2 6 days ago 255MB
[root@harbor harbor]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@harbor harbor]#
[root@harbor harbor]# cat /etc/docker/daemon.json
{
"insecure-registries": ["harbor.example.com"]
}
[root@harbor harbor]# docker login harbor.example.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest ffe9d497c324 8 days ago 1.24MB
[root@harbor harbor]# docker tag busybox:latest harbor.example.com/library/busybox:v1.0
#上传镜像
[root@harbor harbor]# docker push harbor.example.com/library/busybox:v1.0
The push refers to repository [harbor.example.com/library/busybox]
64cac9eaf0da: Pushed
v1.0: digest: sha256:50e44504ea4f19f141118a8a8868e6c5bb9856efa33f2183f5ccea7ac62aacc9 size: 527
使用Harbor的注意事项:
- 在客户端上传镜像时一定要记得执行docker login进行用户认证,否则无法直接push
- 在客户端使用的时候如果不是用的https则必须要在客户端的/etc/docker/daemon.json配置文件中配置insecure-registries参数
- 数据存放路径应在配置文件中配置到一个容量比较充足的共享存储中
- Harbor是使用docker-compose命令来管理的,如果需要停止Harbor也应用docker-compose stop来停止,其他参数请–help
Docker Compose语法
[root@harbor ~]# docker-compose --help
···
Commands:
build Build or rebuild services #构建或重建服务
config Validate and view the Compose file #验证并查看Compose文件
create Create services #创建服务
down Stop and remove resources #停止并删除资源
events Receive real time events from containers #从容器接收实时事件
exec Execute a command in a running container #在运行的容器中执行命令
help Get help on a command #获取命令的帮助信息
images List images #镜像列表
kill Kill containers #杀死容器
logs View output from containers #查看容器的输出
pause Pause services #暂停服务
port Print the public port for a port binding #打印绑定端口的公共端口
ps List containers #列表容器
pull Pull service images #服务镜像
push Push service images #推送服务镜像
restart Restart services #重新启动服务
rm Remove stopped containers #移除停止的容器
run Run a one-off command #执行一次性命令
scale Set number of containers for a service #设置服务的容器数量
start Start services #开始服务
stop Stop services #停止服务
top Display the running processes #显示正在运行的进程
unpause Unpause services # Unpause服务
up Create and start containers #创建并启动容器
version Show version information and quit #显示版本信息,退出