把Harbor配置为Mirror服务器后,在客户端使用docker pull 不存在于harbor仓库中的image时,mirror服务器先从remote registry 中pull image,并缓存于mirror服务器中,下次直接在mirror中拉取image,不再需要从remote registry 拉取。
Harbor作为Mirror服务器时:
1. 只能pull不能push,解决方法是:把用户私服和mirror分开架设。
参考:https://github.com/vmware/harbor/issues/220
2. 在ui上不能删除仓库中的镜像。
3. 官方的image放在library项目中,例如:
docker pull mongo:latest
改为:docker pull harbor.test.com/library/mongo:latest
4. 私有的image,你需要先在ui上创建一个项目(myxxx),然后再拉取:
docker pull myxxx/my-test:latest 改为:docker pull harbor-01.test.com/myxxx/my-test:latest
一、首先安装Harbor
参考:https://blog.csdn.net/kozazyh/article/details/79809460
二、配置为Mirror Registry :
1. 编辑 common/config/registry/config.yml ,并增加以下配置:
proxy:
remoteurl: https://registry-1.docker.io
如果需要代理docker Hub的私有仓库,配置如下:
proxy:
remoteurl: https://registry-1.docker.io
username: my-username #docker hub 的账号
password: my-password #docker hub 的密码
然后,使配置生效:
[root@harbor-01 harbor]# docker-compose down
[root@harbor-01 harbor]# docker-compose up -d
检查状态,确保所有容器的状态为Up (healthy):
[root@harbor-01 harbor]# docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up (healthy)
harbor-db /usr/local/bin/docker-entr ... Up (healthy) 3306/tcp
harbor-jobservice /harbor/start.sh Up (healthy)
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-ui /harbor/start.sh Up (healthy)
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up (healthy) 5000/tcp
2. 客户端访问Mirror Registry
登陆Registry :
[root@client ~]# docker login harbor-01.test.com
Username (admin):
Password:
Login Succeeded
测试下载私有仓库的images
例如,在docker hub 有下面的image:
先要在harbor UI中创建一个一样的项目(koza)
然后再pull 私有image:
[root@client ~]# docker pull harbor-01.test.com/koza/docker-test:v0.0.2
v0.0.2: Pulling from koza/docker-test
385e281300cc: Pull complete
a3ed95caeb02: Pull complete
b00bda0d8d25: Pull complete
67fe4f6d2a81: Pull complete
15c3422237e6: Pull complete
b45b695d0b23: Pull complete
Digest: sha256:a019c7ecc83984a58b34487593918287f14635dcaf4603f69077f4bcb648b275
Status: Downloaded newer image for harbor-01.test.com/koza/docker-test:v0.0.2
检查harbor的日志,证明已经从Harbor Mirror Registry 中下载 :
[root@harbor-01 harbor]# tail /var/log/harbor/registry.log
Apr 5 08:34:01 172.18.0.1 registry[953]: 172.18.0.6 - - [05/Apr/2018:12:33:53 +0000] "GET /v2/koza/docker-test/blobs/sha256:385e281300cc6d88bdd155e0931fbdfbb1801c2b0265340a40481ee2b733ae66 HTTP/1.1" 200 675992 "" "docker/17.04.0-ce go/go1.7.5 git-commit/4845c56 kernel/3.10.0-514.26.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/17.04.0-ce \\(linux\\))"
Apr 5 08:34:03 172.18.0.1 registry[953]: time="2018-04-05T12:34:03.075644715Z" level=info msg="response completed" go.version=go1.7.3 http.request.host=harbor-01.test.com http.request.id=586dfe13-5877-4576-8c4c-0e525ba329e3 http.request.method=GET http.request.remoteaddr=192.168.5.107 http.request.uri="/v2/koza/docker-test/blobs/sha256:b00bda0d8d2536bca0d1d9ae01b705c58695e5af80b4260d517e4c82ced2331a" http.request.useragent="docker/17.04.0-ce go/go1.7.5 git-commit/4845c56 kernel/3.10.0-514.26.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/17.04.0-ce \\(linux\\))" http.response.contenttype="application/octet-stream" http.response.duration=10.014735728s http.response.status=200 http.response.written=88 instance.id=644a0d2f-70bc-4edf-9786-5fa8d90b15c0 service=registry version=v2.6.2
Apr 5 08:34:03 172.18.0.1 registry[953]: 172.18.0.6 - - [05/Apr/2018:12:33:53 +0000] "GET /v2/koza/docker-test/blobs/sha256:b00bda0d8d2536bca0d1d9ae01b705c58695e5af80b4260d517e4c82ced2331a HTTP/1.1" 200 88 "" "docker/17.04.0-ce go/go1.7.5 git-commit/4845c56 kernel/3.10.0-514.26.2.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/17.04.0-ce \\(linux\\))"
Apr 5 08:34:03 172.18.0.1 registry[953]: time="2018-04-05T12:34:03.084844203Z" level=info msg="Adding new scheduler entry for koza/docker-test@sha256:b00bda0d8d2536bca0d1d9ae01b705c58695e5af80b4260d517e4c82ced2331a with ttl=167h59m59.999996645s" go.version=go1.7.3 instance.id=644a0d2f-70bc-4edf-9786-5fa8d90b15c0 service=registry version=v2.6.2
再查看UI日志:
再查看存储位置
[root@harbor-01 harbor]# ls /data/registry/docker/registry/v2/repositories/koza/docker-test/ -l
总用量 0
drwxr-xr-x. 3 10000 10000 20 4月 5 08:33 _layers
drwxr-xr-x. 4 10000 10000 35 4月 5 08:33 _manifests
drwxr-xr-x. 2 10000 10000 6 4月 5 08:34 _uploads
3. 我们这里不像官网那样在docker客户端配上 --registry-mirror
docker --registry-mirror=https://test-01.test.com daemon
我们想所有公开的image,使用阿里云加速,私有仓库的image通过Mirror Registry 缓存。
[root@client ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://koxxesdep.mirror.aliyuncs.com"],
"max-concurrent-downloads": 10
}
下载私有仓库的image:
[root@client ~]# docker pull harbor-01.test.com/koza/docker-test:v0.0.2
下载公开的image
[root@client ~]# docker pull busybox:latest
[root@client ~]# docker pull prima/filebeat:latest
4. 其他,你也可以拿来当作其他私有仓库的Mirror Registry:
阿里云私有仓库:
proxy:
remoteurl: https://registry.cn-shenzhen.aliyuncs.com
username: my-username
password: my-password
gitlab私有仓库:
proxy:
remoteurl: https://registry.gitlab.com
username: my-username
password: my-password
5:
删除 Harbor 容器,并保留数据:
$ sudo docker-compose down -v
删除所有数据:
$ rm -r /data/database
$ rm -r /data/registry
如果由于其他原因执行 ./prepare 脚本,回删除导致删除配置文件(common/config/) 你可以加上。
例如这配置Mirror Registry 就需要配置 common/config/registry/config.yml ,如果有执行./prepare 脚本,就需要重新加上proxy。
6.其他
6.1 配置为Mirror registry 后,就不能往这个registry push image:
[root@master ~]# docker push harbor-01.test.com/zyh/busybox:latest
The push refers to repository [harbor-01.test.com/zyh/busybox]
8a788232037e: Retrying in 9 seconds
6.2 配置为Mirror registry 后,也不能使用复制功能。
参考:https://github.com/vmware/harbor/blob/v1.4.0/contrib/Configure_mirror.md