Harbor部署-非高可用

版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/lindao99/article/details/79977805

1、部署简介

官网介绍的Harbor部署方式共三种

  • Online installer:在线安装,由于网速等原因,本文不做介绍
  • Offline installer: 离线安装
  • OVA installer: 使用VMware自家的虚拟机技术部署,本文不做介绍

部署硬件要求和软件要求

Resource Capacity Description
CPU minimal 2 CPU 4 CPU is prefered
Mem minimal 4GB 8GB is prefered
Disk minimal 40GB 160GB is prefered
Software Version Description
Python version 2.7 or higher Note that you may have to install Python on Linux distributions (Gentoo, Arch) that do not come with a Python interpreter installed by default
Docker engine version 1.10 or higher For installation instructions, please refer to: https://docs.docker.com/engine/installation/
Docker Compose version 1.6.0 or higher For installation instructions, please refer to: https://docs.docker.com/compose/install/
Openssl latest is prefered Generate certificate and keys for Harbor

2、安装步骤

安装分以下三步
1. 下载软件包;
1. 配置harbor.cfg;
1. 运行 install.sh安装harbor

安装文件下载地址:
https://github.com/vmware/harbor/releases

下载后解压文件包

$ tar xvf harbor-offline-installer-<version>.tgz

然后配置./harbor/harbor.cfg 配置文件

配置项分为必配和选配:

必选:

  • hostname: 主机名,用来访问UI和registry服务,建议用IP地址;
  • ui_url_protocol: (http 或 https. 默认 http)http协议;
  • db_password:MySQL的密码;
  • max_job_workers: (默认3) job service中worker的最大数量;
  • customize_crt:(on or off. 默认 on)是否创建私钥;
  • ssl_cert_key:是否创建公钥;
  • secretkey_path:秘钥路径;
  • log_rotate_count:日志存储版本
  • log_rotate_size:日志存储容量

选配本文不做介绍;

官方的安装非常简单,配置完成后,执行安装命令,即可自动完成安装

$ sudo ./install.sh

安装完成后,可以使用访问部署IP的80端口进入UI界面,默认管理员:admin/Harbor12345

使用docker登陆后,即可push镜像到Harbor中

$ docker login reg.yourdomain.com
$ docker push reg.yourdomain.com/myproject/myrepo:mytag

注意:
1、在docker中,必须修改配置文件 /etc/sysconfig/docker 讲OPTION中加入选项“–selinux-enabled=false”和“–insecure-registry 172.16.7.48 ”才能登陆成功
2、在push镜像时,仓库后第一个分隔符后的内容必须在Harbor中创建项目才能push成功,否则会报“denied: requested access to the resource is denied”错误,例如“ docker push 172.16.7.48/google_containers/pause-amd64:3.0”之前,一定要创建名为google_containers的project

3、安装过程代码解析

首先分析install.sh的代码

install.sh的代码非常简单,首先会判断安装环境是否完备

h2 "[Step $item]: checking installation environment ..."; let item+=1
check_docker
check_dockercompose

然后检查用户可选的安装选项,之后调用同目录名为prepare的Python脚本进行环境准备工作,该脚本主要对数据库、依赖等做校验和自动准备工作,具体代码不做分析

h2 "[Step $item]: preparing environment ...";  let item+=1
if [ -n "$host" ]
then
    sed "s/^hostname = .*/hostname = $host/g" -i ./harbor.cfg
fi
prepare_para=
if [ $with_notary ] && [ ! $harbor_ha ]
then
    prepare_para="${prepare_para} --with-notary"
fi
if [ $with_clair ]
then
    prepare_para="${prepare_para} --with-clair"
fi
if [ $harbor_ha ]
then
    prepare_para="${prepare_para} --ha"
fi
./prepare $prepare_para
echo ""

最后使用docker-compose完成安装,并检验安装的正确性

h2 "[Step $item]: starting Harbor ..."
if [ $harbor_ha ]
then
    mv docker-compose.yml docker-compose.yml.bak 
    cp ha/docker-compose.yml docker-compose.yml
    mv docker-compose.clair.yml docker-compose.clair.yml.bak
    cp ha/docker-compose.clair.yml docker-compose.clair.yml
fi
docker-compose $docker_compose_list up -d

protocol=http
hostname=reg.mydomain.com

if [[ $(cat ./harbor.cfg) =~ ui_url_protocol[[:blank:]]*=[[:blank:]]*(https?) ]]
then
protocol=${BASH_REMATCH[1]}
fi

if [[ $(grep 'hostname[[:blank:]]*=' ./harbor.cfg) =~ hostname[[:blank:]]*=[[:blank:]]*(.*) ]]
then
hostname=${BASH_REMATCH[1]}
fi
echo ""

success $"----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at ${protocol}://${hostname}. 
For more details, please visit https://github.com/vmware/harbor .
"

接着分析docker-compose的yaml文件

首先,启动log容器,接管所有log的收集工作,因此,在使用docker log命令查看容器的日志时,会出现报错

"logs" command is supported only for "json-file" and "journald" logging drivers (got: syslog)

该报错为正常现象,要查看Harbor日志,可以直接查看部署机器的/var/log/harbor/*.log文件

启动日志容器配置如下:

log:
    image: vmware/harbor-log:v1.4.0
    container_name: harbor-log 
    restart: always
    volumes:
      - /var/log/harbor/:/var/log/docker/:z
      - ./common/config/log/:/etc/logrotate.d/:z
    ports:
      - 127.0.0.1:1514:10514
    networks:
      - harbor

启动日志文件后,依次启动其他容器,并将之前初始化的各种配置文件通过挂载的方式放进容器中,容器较多,只举例一个:

 adminserver:
    image: vmware/harbor-adminserver:v1.4.0
    container_name: harbor-adminserver
    env_file:
      - ./common/config/adminserver/env
    restart: always
    volumes:
      - /data/config/:/etc/adminserver/config/:z
      - /data/secretkey:/etc/adminserver/key:z
      - /data/:/data/:z
    networks:
      - harbor
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "adminserver"

上述配置中可以看出,网络是用名为Harbor的docker网络,日志驱动使用syslog的方式。

值得注意的是,若网络未创建,则docker会自动创建网络

Pull image from Harbor in Kubernetes

  Kubernetes users can easily deploy pods with images stored in Harbor. The settings are similar to that of another private registry. There are two major issues:

阅读更多
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页