动机
由于现在DockerHub
以及国内的大部分Docker镜像仓库都访问不了,所以就想囤镜像了,当然不是囤了卖,而是自己用。
阿里云的容器镜像服务ACR只能储存300个镜像
所以,是时候搭建自己的私有容器仓库了。
搭建的前提条件
Linux系统的电脑,要安装Docker和Docker Compose
我这里使用的是阿里云ECS服务器
Harbor官网文档
https://goharbor.io/docs/2.11.0/
截止到我写这个文章的时候,是2.11.0
版本
Harbor下载
到Harbor的github release页面下载离线安装包:https://github.com/goharbor/harbor/releases/download/v2.11.0/harbor-offline-installer-v2.11.0.tgz
Harbor安装
将下载好的安装包拷贝的Linux文件目录,我这里是拷贝到/usr/lsq/harbor
目录,cd到这个目录
解压
[root@iZ7xvdva5kuiv9nulznfa7Z harbor]# tar zxvf harbor-offline-installer-v2.11.0.tgz
harbor/harbor.v2.11.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
重命名 harbor.yml.tmpl
->harbor.yml
[root@iZ7xvdva5kuiv9nulznfa7Z harbor]# cd harbor/
[root@iZ7xvdva5kuiv9nulznfa7Z harbor]# cp harbor.yml.tmpl harbor.yml
编辑harbor.yml
其他配置可以用默认,有两个地方需要注意下:
1.hostname
:没有域名,就填服务器(本电脑)的IP地址
2.http/port
:由于我没有打算使用证书,不使用https
(使用https比较麻烦,后续也许会研究如何配置https),这里就配置成5000(官方文档也莫名其妙的说使用http用5000端口)
3.https
配置块全部注释掉,其余的就按照默认配置
运行install.sh
[root@iZ7xvdva5kuiv9nulznfa7Z harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 24.0.7
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.21.0
[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-core:v2.11.0
Loaded image: goharbor/harbor-db:v2.11.0
Loaded image: goharbor/nginx-photon:v2.11.0
Loaded image: goharbor/trivy-adapter-photon:v2.11.0
Loaded image: goharbor/redis-photon:v2.11.0
Loaded image: goharbor/registry-photon:v2.11.0
Loaded image: goharbor/prepare:v2.11.0
Loaded image: goharbor/harbor-portal:v2.11.0
Loaded image: goharbor/harbor-log:v2.11.0
Loaded image: goharbor/harbor-jobservice:v2.11.0
Loaded image: goharbor/harbor-registryctl:v2.11.0
Loaded image: goharbor/harbor-exporter:v2.11.0
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/lsq/harbor/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
[Step 5]: starting Harbor ...
[+] Running 10/10
✔ Network harbor_harbor Created 0.1s
✔ Container harbor-log Started 0.4s
✔ Container harbor-db Started 0.2s
✔ Container registryctl Started 0.3s
✔ Container harbor-portal Started 0.3s
✔ Container registry Started 0.2s
✔ Container redis Started 0.2s
✔ Container harbor-core Started 0.1s
✔ Container nginx Started 0.1s
✔ Container harbor-jobservice Started 0.1s
✔ ----Harbor has been installed and started successfully.----
访问
由于上面我填的地址是8.134.114.124,端口是5000,所以就使用这个地址访问:http://8.134.114.124:5000,可以看到能正常访问
登录Harbor创建项目
我这里创建一个名字为tony
的项目:
使用其他电脑的docker登录到harbor
我这里使用的是windows电脑,电脑上安装了docker desktop
注意:在登录之前需要配置8.134.114.124:5000为docker的http访问
随后打开命令窗口,输入wsl
进入到linux系统,使用如下登录命令(docker login 8.134.114.124:5000
)进行登录测试:
C:\Users\29438>wsl
root@LAPTOP-4JP0VTLU:/mnt/c/Users/29438# docker login 8.134.114.124:5000
Username: admin
Password:
Login Succeeded
root@LAPTOP-4JP0VTLU:/mnt/c/Users/29438#
出现Login Succeeded
就表示登录成功
推送镜像到harbor的tony
项目
这里以elasticsearch:7.3.2
为例子:
- tag本地镜像
docker tag elasticsearch:7.3.2 8.134.114.124:5000/tony/elasticsearch:7.3.2
- push刚刚tag过的镜像
root@LAPTOP-4JP0VTLU:/mnt/c/Users/29438# docker push 8.134.114.124:5000/tony/elasticsearch:7.3.2
The push refers to repository [8.134.114.124:5000/tony/elasticsearch]
622cb8572c19: Pushed
94d2d8780315: Pushed
8184bb83c500: Pushed
398581fba250: Pushing [==================================================>] 480.7MB
398581fba250: Pushed
258bc761db52: Pushed
877b494a9f30: Pushed
7.3.2: digest: sha256:a4ee0befe1cc41487ecbbdc82e32e296d75366c507be981ec83353c9d97f9425 size: 1784
此时可以去网页界面看看:
确实推上去了。
从Harbor上拉取镜像
root@LAPTOP-4JP0VTLU:/mnt/c/Users/29438# docker pull 8.134.114.124:5000/tony/elasticsearch:7.3.2
7.3.2: Pulling from tony/elasticsearch
Digest: sha256:a4ee0befe1cc41487ecbbdc82e32e296d75366c507be981ec83353c9d97f9425
Status: Downloaded newer image for 8.134.114.124:5000/tony/elasticsearch:7.3.2
8.134.114.124:5000/tony/elasticsearch:7.3.2
What's Next?
View a summary of image vulnerabilities and recommendations → docker scout quickview 8.134.114.124:5000/tony/elasticsearch:7.3.2