1、安装私有仓库
参照:
https://blog.csdn.net/qq_35959573/article/details/80664353;
https://www.jianshu.com/p/32f077a3960e;
https://blog.csdn.net/weixin_41465338/article/details/80146218?utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7EBlogCommendFromMachineLearnPai2%7Edefault-1.control&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7EBlogCommendFromMachineLearnPai2%7Edefault-1.control;
https支持未试验https://github.com/goharbor/harbor/blob/v1.4.0/docs/configure_https.md
2、harbor的相关操作
注意harbor的某些版本不可用,如v1.10.2版本不可用,使用v1.10.3(在k8s上启动不了db模块),单独一台VM上安装的是v1.5.2
如果docker重新安装了需要重新启动(systemctl daemon-reload systemctl start docker)
启动harbor:cd 到 harbor目录下执行./install.sh
停止harbor:cd 到 harbor目录下执行docker-compose stop
查看harbor模块状态:docker-compose ps
如果有非up状态的,需要再次启动所有:docker-compose up -d
3、应用本地仓库
配置docker镜像的的本地仓库
vim /etc/docker/daemon.json
{
...省略其它配置...,
"registry-mirrors": ["http://harbor:1180"]
}
本地仓库若不支持https,还需要添加以下配置(注意端口也要加上)
"insecure-registries": [http://harbor:1180,”http://192.168.126.131:80”]
修改后重启docker:
systemctl daemon-reload
systemctl restart docker
4、知识点整理
1)在 master 节点上安装 JDK1.8
以root身份在 master 节点上执行:
yum install java-1.8.0-openjdk\* -y
2)wget无法建立ssl连接
加上参数 --no-check-certificate
wget --no-check-certificate https://storage.googleapis.com/harbor-releases/harbor-online-installer-v1.5.2.tgz
3)查看harbor相关日志
日志存放在目录/var/log/harbor
4)删除数据
rm -rf /data/database
rm -rf /data/registry
5)查看所有docker容器
docker ps –a
删除多余容器docker rm **,多条命令使用 & 连接
6)查看所有docker镜像
docker ps -a
删除多余镜像docker rmi repository:label/id,多条命令使用 & 连接
7)从阿里云拉取镜像到本地
①去阿里云找到对应的镜像地址
登录阿里云,控制台->产品与服务->产品与服务列表->弹性计算->容器镜像服务->镜像工具->镜像加速器,选择CentOS,复制加速器地址
在/etc/docker/daemon.json配置中添加阿里云的镜像仓库
[root@harbor harbor]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://v3yu20l6.mirror.aliyuncs.com","http://harbor:80"],
"insecure-registries": ["harbor:80","192.168.126.131:80"]
}
重启docker:
systemctl daemon-reload
systemctl restart docker
③查看nginx镜像
docker search nginx
④拉取指定的镜像
docker pull nginx:latest
8)将本地镜像推送到私有harbor仓库
①登录harbor仓库
docker login http://192.168.126.131:80 –u admin –p Harbor12345
会自动生成认证信息可查看文件/root/.docker/config.json
如果想使用hostname打tag并进行推送,则需要使用域名登录docker login http://harbor:80 –u admin –p Harbor12345
认证信息如下
[root@harbor harbor]# cat /root/.docker/config.json
{
"auths": {
"192.168.126.131:80": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
},
"harbor:80": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
}
}
如果不登录推送时会报harbor denied requested access to the resource is denied的问题
②将需要推送的镜像打上tag并推送到harbor仓库
格式:
docker tag SOURCE_IMAGE[:TAG] 192.168.126.131:80/library/IMAGE[:TAG]
docker push 192.168.126.131:80/library/IMAGE[:TAG]
③从其他服务器拉取harbor仓库中的镜像
登录harbor仓库
docker login http://harbor:80 -u admin -p Harbor12345
或者docker login http://192.168.126.131:80 -u admin -p Harbor12345
拉取镜像docker pull 192.168.126.131:80/library/nginx:test
或者docker pull harbor:80/library/nginx:latest
④查看harbor镜像
获取token:
curl -k -i -u admin:Harbor12345 http://192.168.126.131:80/service/token\?account\=admin\&service\=harbor-registry\&scope\=registry:catalog:\*
使用获取的token访问:
curl -k -H "authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlhaUFo6RjdQSjo3SDRROlRRTks6QkdMSjozRkRVOlVLUjU6V1ZQSDpaN1A0Ok1BMkw6M0lJRzpOTDZDIn0.eyJpc3MiOiJoYXJib3ItdG9rZW4taXNzdWVyIiwic3ViIjoiYWRtW4iLCJhdWQiOiJoYXJib3ItcmVnaXN0cnkiLCJleHAiOjE2MjA4NjkxMDAsIm5iZiI6MTYyMDg2NzMwMCwiaWF0IjoxNjIwODY3MzAwLCJqdGkiOiJTQWdYam9pMFJwNGM1OVRJIiwiYWNjZXNzIjpbeyJ0eXBlIjoicmVnaXN0cnkiLCJuYW1lIjoiY2F0YWxvZyIsImFjdGlvbnMiOlsiKiJdfV19.enMlY3BZ4IT5rsarDTi9fXEYmjSEFtMn9Kt9Aei-2uk2-_yaX0ZPECJ2_vwYW4LuRkl5UyuPgwYSZC9rK3Ru7KTRg7OYHVfImj0VSTl9RJDwj-e9haR3-sBpbeypM0tnwBN4DOnAsqyosn6IVqteE8Fs8NzVC71WeOjYCX_nyDhzTGUAOAKJrDVAVskWmdOFqjsFK37Ukzu8FE9NzDMLMF5oF5gDDGq1zq8nDenEvfOGM0x1yy0mtSf_EKvTqR3KdGN9TMWNLLH5tS8bou-UfA_hwY83lU75hfdZqtHBJTzjxn886PGJcLnRoKBqhXqZsdtbtYmJn3PfEpuctiHYfc81Gzsl3cgHUry0QgcEfMDIZJGFixOG82tLZEYQAKtIc8vuaMfBvQsmzdBGo1bIv83tr5zr3p66BKa3TIuHa2g-88xrDTjaHeXkfPF3D34LmJoQ_-r0zp1nEMw-vhn6wniElViZDCtSk-n4y-6HCh0URa0JMezx71p0aG5DU52Y0EbPmw3Ulk7Wm5eTs3UdFCvxKsEXlt9H7925KaY4YcQs7FviwDwltajf1-DlRg52crzc7BhJlIAlgHXHu4Whxuef42rp12Q9jXPeXEUmuRv1odaGSdeFeQtb5g3zh8m7zigIF2SDq8pf2L4ymmhB24mer_oJFCYyhUw7PQjvMRs" http://192.168.126.131:80/v2/_catalog
返回的结果:{"repositories":null},此时还没有上传镜像,如果获取token报500错误,多试几次。